NetIQ iManager 2.7.7 Patch 4 Readme

March 2015

NetIQ iManager 2.7.7 Patch 4 includes new features and resolves several previous issues. The installation program provides the ability to upgrade from iManager 2.7.7 or later to the latest version or perform a new installation.

For a full list of all issues resolved in NetIQ iManager 2.7, including all patches and service packs, refer to TID 7010166, “History of Issues Resolved in NetIQ iManager 2.7”.

For more information about this release and for the latest release notes, see the iManager Documentation Web site. To download this product, see the NetIQ Downloads Web site.

1.0 What’s New

The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:

1.1 Enhancements

This version of iManager includes the following features and enhancements:

  • Support for the following:

    • IPv6

    • Tomcat 7.0.56

    • Java 1.8.0_25

    • Google Chrome 40

    • Mozilla Firefox 34

    • TLSv1.2 support

  • XDAS auditing

  • Improved upgrade process

1.2 Software Fixes

This version of iManager includes software fixes that resolve several previous issues.

  • Objects created with extended characters are displayed without any issues.

  • In a custom plug-in, the default value of an attribute is not appended to the new value when the default value is modified.

  • The text area height is now resized from 32 rows to 8 rows.

  • You can configure cipher levels.

  • Exporting DER certificates works without any issues.

  • XSS vulnerability is fixed in ICE plug-in.

1.3 Platform Support

This version of iManager supports the following platforms:


iManager Workstation

  • Windows 8.1 Enterprise Edition (64-bit)

  • Windows 7 Service Pack 1 (SP1)


iManager Server

  • Red Hat Enterprise Linux Server 6.5 (64-bit)

  • Red Hat Enterprise Linux Server 5.10 (64-bit)

  • Red Hat Enterprise Linux Server 5.11 (64-bit)

  • Red Hat Enterprise Linux Server 6.6 (64-bit)

  • SUSE Linux Enterprise 12 (64-bit)

    NOTE:Install libXtst6-32bit for SUSE Linux Enterprise 12 (64-bit) as a prerequisite.

iManager Workstation

  • Red Hat Enterprise Linux Server 6.5 (32-bit)

  • Red Hat Enterprise Linux Server 5.10 (32-bit)

  • Red Hat Enterprise Linux Server 6.6 (32-bit)

  • openSUSE 13.2 (32-bit)

  • openSUSE 13.2 (64-bit)

  • SUSE Linux Enterprise Desktop 12 (64-bit)

    NOTE:For iManager workstation to work on openSUSE 13.2 (32-bit), openSUSE 13.2 (64-bit), and SLE 12 Desktop install the following rpms:

    • libstdc++33

    • libstdc++33-32 bit

    • libgtk-2_0-0-32bit

    • libXt6-32bit

    • libgthread-2_0-0-32bit

    • libXtst6-32bit

    • GLIBC 2.3

1.4 Browser Support

This patch release adds support to the following browsers, in addition to the browsers introduced in iManager 2.7.7 Patch 1 or earlier releases:

  • Mozilla Firefox 34, 33, 32, 26, 25

  • Google Chrome 40, 39, 38, 37, 31, 30

  • Microsoft Internet Explorer 11

  • Apple Safari 8 and 7.0.6

1.5 No Support for NAT

iManager managing eDirectory servers is not supported with NAT network address translation.

1.6 NAudit Configuration

To configure NAudit for Linux, do the following:

  1. Install iManager 2.7.7 Patch 4.

  2. Login to iManager and navigate to Configure > iManager Server >Configure iManager and click Add Authorized Users.

  3. Select Enable NetIQ Audit, and select the required iManager events to audit.

  4. From eDirectory 8.8.8 Patch 5 installation package, install Platform Agent.

  5. Modify the logevent file depending on your platform.

    • Linux: Do the following actions:

      1. Edit the following entries in the logevent.conf file from the /etc/ location:

        LogCacheLimitAction=keep logging
      2. Manually create the naudit folder in the /var/opt/novell/ location.

      3. Grant novlwww user permission for the /var/opt/novell/naudit folder by running the following command:

        chown -R novlwww:novlwww naudit/

    • Windows: Edit the following entries in the logevent.cfg from C:\windows location:

      JLogCacheDir=C:\Program Files\Novell\Nsure Audit\jcache
      LogJavaClassPath=C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\lib\NAuditPA.jar
      LogCacheLimitAction=keep loggin
  6. Depending on the platform, uncomment the appender file as follows:

    • Linux: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry in the imanager_logging.xml located in /var/opt/novell/iManager/nps/WEB-INF/ directory.

    • Windows: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry in the imanager_logging.xml file from C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\directory.

  7. Restart Tomcat.

  8. Verify if the events are logged into the logging server.

    Linux: Stop jcache and restart Tomcat. Generate events and check the logging server.

    Windows: Generate events and check the logging server.

2.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, contact Technical Support.

2.1 Identity Manager Plug-in Returns Java Script Error

After upgrading to iManager 2.7.7, when you use the Identity Manager plug-in to manage your driver sets or drivers, you receive a Javascript warning. If you navigate to another location, such as View Objects, you immediately return to the login screen.

This issue occurs when your browser caches iManager information that does not have the necessary tokens. To resolve this issue, clear your browser cache, and then log back in to iManager. (816973)

2.2 Tomcat Service Does Not Start After Upgrade

After upgrading to iManager 2.7.7 on a Windows Server 2012 computer, the Tomcat service might not restart automatically. You must manually restart the service.

2.3 Cannot Start iManager Workstation on an openSUSE Computer

To run iManager Workstation on a computer running version 12.2 or 12.3 of the OpenSUSE operating system, ensure the following OpenSUSE packages are installed:

  • libgtk-2_0-0-32bit

  • libXt6-32bit

  • libgthread-2_0-0-32bit

  • libXtst6-32bit

2.4 IPv6 Issues

The following IPv6-related issues are present in iManager 2.7.7:

Symantec Network Threat Protection Conflicts with IPv6

Symantec Network Threat Protection conflicts with IPv6 addresses. To use IPv6 addresses in iManager 2.7.7, you must disable Network Threat Protection.

Supported Version of Firefox for IPv6

To use IPv6 addresses in iManager 2.7.7, you can use the Firefox 32 browser.

Import Convert Export Wizard Does Not Work for IPv6 Addresses

If your iManager installation uses IPv4 addresses, and you use the Import Convert Export Wizard to connect to an eDirectory installation that uses IPv6 addresses, the wizard fails to connect and displays the following error:

Unable to connect to the requested server. Verify the name/address and port.

To configure iManager to handle IPv6 addresses, complete the following steps:

  1. Open the file, and comment out the following lines:

    NOTE:The property applies to communication between iManager and eDirectory. The property applies to communication between browsers and iManager.

  2. Restart Tomcat.

  3. In iManager, click Roles and Tasks.

  4. Click LDAP > LDAP Options, and then select the View LDAP Servers tab.

  5. Select the LDAP server you want to configure and click the Connections tab.

  6. Under LDAP Server, add LDAP interfaces for the IPv6-format addresses, including the port numbers, as follows:

  7. Click OK.

  8. Configure the Role-Based Services, then log out from the session and log in again.

2.5 Tree View Issues

The following issues in the Tree tab of the Object View are present in iManager 2.7.7:

Tree View Does Not Save State Information

The Tree view does not save its state, including the current position within the tree, when you switch between the Tree view and the Browse/Search tabs.

Operations under View Objects Do Not Function Properly in Internet Explorer 10 Default Mode

When you click View objects, you cannot perform any pop-up related operations in Tree view, Browse, and Search tabs.

To workaround this issue, launch Internet Explorer 10 in compatibility mode.

2.6 iManager Does Not Support the Metro User Interface View in Internet Explorer 10 on Windows 7 and 8

iManager 2.7.7 does not support metro user interface view for Internet Explorer 10.0 in Windows 7.0 and 8.0 versions.

2.7 File Not Found Error on RHEL 5.8

While installing the latest eDirectory plug-in on RHEL 5.8 (64-bit), iManager returns the following exception message:

File not found exception message

To workaround this issue, restart Tomcat.

2.8 Unsupported Platform Error on RHEL 6.5 and RHEL 5.10

While installing iManager 2.7.7 on RHEL Server release 6.5 and RHEL Server release version 5.10, the installer displays a warning message stating that the platform is unsupported.

To workaround this issue, include Redhat Enterprise Linux Server release 6.5 and Redhat Enterprise Linux Server release 5.10 in the platforms.xml file. For more information about installing iManager on unsupported platforms, see Installing iManager on Unsupported Platforms in the NetIQ iManager Installation Guide.

2.9 iManager Dependency on Novell Client with NMAS Support - iManager

iManager requires NMAS support to be installed on the Windows system on which iManager is installed. It does not require the Novell Client. If you are going to use the Novell Client, iManager requires a version with NMAS support.

2.10 Newly Added Members to a Dynamic Group Are Not Displayed in the Corresponding Fields

When you access iManager by using an IPv6 address and then add new members to a dynamic group, the members are not displayed in the Included Members and All Members fields.

To work around this issue, you can configure LDAP by using iManager or the eDirectory command prompt.

Configuring LDAP by Using iManager

To configure LDAP by using iManager, complete the following steps:

  1. Install eDirectory 8.8 SP8.

  2. In iManager, go to Roles and Tasks list, and then click LDAP > LDAP options.

  3. Click the View LDAP Servers tab, then select the appropriate server.

  4. On the LDAP Server page, click the Connections tab, add a new LDAP server (for example, ldaps: [ipv6_address]:LDAP_SSL_PORT) in the LDAP Interfaces field, then click OK.

  5. Click Apply, then click OK.

Configuring LDAP Using the eDirectory Command Prompt

To determine whether LDAP is configured for IPv6, enter the ldapconfig get command in the eDirectory command prompt. The following values are listed in the result if LDAP is configured:

ldapInterfaces: ldaps://[ipv6_address]:LDAP_SSL_PORT
Require TLS for Simple Binds with Password: yes

If LDAP is not configured, enter the following command to configure it:

ldapconfig set "ldapInterfaces= ldaps://[ipv6_address]:LDAP_SSL_PORT"

2.11 Groups Plug-in Does Not Handle Unspecified Addresses in ldapInterfaces

The Groups plug-in reports an error if there are unspecified addresses in the ldapInterfaces attribute of the LDAP server.

During installation or configuration, eDirectory automatically configures the LDAP server to listen on all available interfaces by adding ldap://:389 and ldaps://:636 to the ldapInterfaces attribute. The plug-in interprets these values incorrectly and tries to connect to the LDAPS port on the iManager server computer. The connection fails, and the Groups plug-in displays the following error messages:

Unable to obtain a valid LDAP context.
Creating secure SSL LDAP context failed:

To work around this issue, remove unspecified addresses and add specific IP addresses to ldapInterfaces.

2.12 Novell Logo Appears in the iManager Login Page After Upgrading to NetIQ iManager 2.7.7

Novell logo appears in the iManager Login page after upgrading it from previous versions to iManager 2.7.7.

To workaround this issue, clear the browser cache and relaunch iManager.

2.13 Base Content is Displayed After Upgrading to iManager 2.7.7 on Windows Platform

When iManager 2.7.6 is upgraded to iManager 2.7.7, iManager Base Content is displayed in the Available NetIQ Plug-in Modules list. Though it appears in the list of available plug-ins, the Base Content is installed during the upgrade process.

It is safe to ignore it and continue working on iManager because it does not affect the iManager functionality in any way. However, if you do not want the Base Content to display in the list, select iManager Base Content, click Install, and then restart Tomcat.

2.14 iManager Login Fails if NICI 2.7.6 is Installed On Windows Workstation

iManager 2.7.7 fails to login and displays the following error message, if you have installed NICI 2.7.6:

Unable to create Could not initialize class novell.jclient.JClient

To workaround this issue, remove NICI 2.7.6 using the Add or Remove Programs option in Control Panel and then install NICI 2.7.7, which is available in the iManager 2.7.7 build.

2.15 Plug-ins Selected from Local Disk are Not Listed in the Installation Summary

While installing iManager 2.7.7 plug-ins, the ones selected from the local disk are not listed in the Installation Summary page, whereas the plug-ins selected from the NetIQ download page are listed.

However, the plug-ins selected from the local disk are installed even though they are not listed in the Installation Summary page.

2.16 Identity Manager Plug-in Does Not Work in iManager 2.7.7

The Identity Manager plug-in does not work in iManager 2.7.7 if you have selected both Identity Manager plug-in and SecretStore plug-in options during iManager installation.

To workaround this issue, select only Identity Manager plug-in during iManager installation. Alternatively, use the iManager UI to install the Identity Manager plug-in and then separately install the SecretStore plug-in.

2.17 Some Plug-ins Are Not Listed in the Available NetIQ Plug-in Modules Page

In the standalone iManager 2.7.7 Patch 1 release, the following plug-ins are not listed in the Available NetIQ Plug-in Modules page:

  • DNS Management


  • FTP

  • Novell iFolder 3

  • iPrint Linux Management Plug-in

  • iPrint Management Plugin for Netware

  • LinuxUserManagement Module

  • DHCP Management for NetWare

  • NetStorage Management

  • DHCP OES Linux

  • QuickFinder Server Management

  • SMS Module

This is because the fix provided for preventing Cross-Site Request Forgery (CSRF) attack breaks these plug-ins.

2.18 Applying Patch 2 on iManager 2.7.7 Setup Overwrites iManager_logging.xml File and Resets the appender-ref Configuration

To workaround this issue, uncomment the appender that you want to enable. For example, To enable naudit appender uncomment the following line:

<appender-ref ref="NAUDIT_APPENDER"/>

After this, restart Tomcat.

2.19 iManager Does Not Send Audit Events

After installing iManager 2.7.7 patch 4 the configuration file changes and this stops iManager from sending the audit events.

To workaround this issue do the following steps:

  1. Install iManager 2.7.7 patch 4.

  2. From /var/opt/novell/iManager/nps/WEB-INF/imanager_logging.xml file uncomment the following line:<appender-ref ref="NAUDIT_APPENDER"/>

  3. Restart Tomcat.

3.0 Legal Notice

NetIQ Corporation, and its affiliates, have intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents and one or more additional patents or pending patent applications in the U.S. and in other countries.


For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

© 2015 NetIQ Corporation. All Rights Reserved.

For information about NetIQ trademarks, see