iManager 2.7.1 (2.7 Support Pack 1) Readme

July 31, 2008

This readme contains the following sections:

1.0 Issues Resolved in iManager 2.7.1

The following issues are resolved in iManager 2.7.1:

  1. Setting up LDAP interfaces breaks dynamic group functionality.

  2. Adding more than one logic group in Advanced search filter for dynamic members query are not saved.

  3. Cannot add multiple users to multiple groups at the same time.

  4. The user cannot modify the chapter and page ordering while creating a property book, and while modifying the page list of an existing property book. (336071)

  5. Cannot export custom plug-in using Internet Explorer.

  6. Security vulnerability: Any user can delete Plug-in Studio created Property Book Pages. (336168)

  7. Only one value on a multi-valued attribute with path syntax is displayed on Edit Attribute page.

  8. When you export a plug-in, the file doesn't include Min-imanager-version, because of which when you import it back again fails.

  9. Plug-in Studio's Task for Create: When creating users from these custom-created tasks, it is not making a uniqueID matching the CN. (346647)

  10. Cannot truly assign Property Book Pages to the Existing chapter of General. (344410)

  11. ASCII Values field cannot be edited in the Octet String editor.

  12. Excessive DS Operations while modifying objects. (308623)

  13. Simple Selection is broken in the Configure > Views > iManager Views task screen. (336365)

  14. Creation of a Volume object should have a Physical Volume name entry that is populated with all possible values.

  15. Configure > Views > iManager Views task is broken. (343239)

  16. On the Modify Object page of Directory Administration, the user's password cannot be set.

  17. Option to use a proxy server to download plug-ins. (96942)

  18. iManager-Group object could define a Collection Owner.

  19. iManager 2.7 Octet String Editor does not work.

  20. If the user changes passwords in such a way that they don't meet Universal Password Policy, proper messages are not displayed.

  21. System Error occurs when the user tries to edit a stream attribute containing xml data.

  22. Cannot add replica if the server exists as S/R replica in a ring.

  23. The Object View, Tree, and Browse tabs return unsorted results.

  24. Specific files that the user wants to browse for, are not listed under View Objects-Browse view.

  25. The user cannot delete attributes from Auxiliary Classes by using iManager. Customer ldap scripts must be used to delete them.

2.0 Changed Files

The following files are changed in this support Pack:

IMPORTANT:iManager support packs DO NOT back up the files that are replaced and therefore cannot be automatically uninstalled. If you want to roll back these changes, you should manually back up the files replaced by this update. The list of files changed are:

3.0 Downloading and Installing iManager Support Pack

IMPORTANT:iManager support packs do not make a backup of files replaced. The only way to roll back to a previous state is to backup all modified files before applying the support pack and then manually restoring the backed up files.

Also, iManager support packs must be installed on all iManager servers in your environment. Support packs do not automatically replicate other iManager servers in your tree.

NOTE:After you install the iManager support pack, iManager will be non-functional until you restart Tomcat.

To download and install an iManager support pack:


For Windows and Netware servers use a windows decompression utility that supports zip, (that is, WinZip) to extract iMan27SP_x.npm to a temporary directory either on the workstation or on the server.

For Unix servers, use gzip and tar to decompress and extract the tarball to a temporary directory on which the patch will be applied. (i.e. gzip -d -c iman27sp1.tgz | tar xvf -). Linux users can use tar -zxvf iman27sp1.tgz.

NOTE:Support pack files, like plug-ins, are packaged in modules (NPMs). Those modules are capable of containing one or more support packs. This Support Pack is a cumulative patch and includes all fixes from previous Support Packs.

  1. Log in to iManager.

  2. Click Configure.

  3. Click Plug-in Installation > Available Novell Plug-in Modules.

  4. Select

  5. Click Add and browse to the sp_iman27.npm file, then click OK.

  6. Verify that the Module is sp_iman27.npm and the Description reads "Support Pack 1 for iManager 2.7".

  7. Select the checkbox next to the support pack file sp_iman27.npm and click Install.

    This install may take a few minutes.

    NOTE: Internet Explorer may append a .ZIP extension to the .NPM when it is downloaded. IE may actually remove the .npm extension and replaces it with .zip. The extension must be .npm or the install will refuse to upload the file.

  8. Click Close and Restart Tomcat.

    NOTE:Tomcat sometimes requires several minutes to fully initialize. Wait a few minutes before trying to log into iManager after restarting Tomcat.

    Table 1 Enter Table Title Here



    Netware® 6.5

    Type tomcat5 stop. Wait at least a minute, then type tomcat5 to start the service again.


    Stop and start the Tomcat service.


    Enter /etc/init.d/novell-tomcat5 stop, then enter /etc/init.d/novell-tomcat5 start.

    Mobile iManager

    Close Mobile iManager and re-open Mobile iManager.

  9. Verify that the new support pack has been installed.

    • Log in to iManager, then check whether the home page displays the new version (2.7.x).

    • Check the log file located in webapps/nps/WEB-INF/changelog.

    • Click Novell iManager in the upper-left corner of the iManager application window to view the iManager information page.

4.0 What is New

iManager 2.7.1 includes the following product enhancement:

4.1 Unique Zone

iManager can now enforce uniqueness while creating, renaming, or moving a User operation. To use this option, download and install the Unique Zone plug-in. After installing, you can enforce uniqueness for User names, across the entire tree or within the selected containers.

4.2 Simple Selection for Set Password Task

Simple Selection feature is now added in the Set Password Task of Help Desk Role. This helps to easily locate the Object by searching across the entire tree based on the certain parameters of the object.

4.3 Object Selection Method

In Plug-in Studio, you can now define the preferred Object Selection method of the default Target chooser. You can select Simple, Advanced, Single, or Multiple as one of the default mode.

4.4 Modifying OID (ASN1 ID) for Classes and Attributes

The user can now edit the ASN1 ID field in Attribute Information and Class Information pages. This fix works only on OES2 SP1.

4.5 Group Object Can Define a Collection Owner

When RBSCollection is assigned to a group, all the members of that group get RBSCollection ownership. If the selected group is a dynamic group or a nested group, only first level static members of the group get RBSCollection ownership.

If a member is added to a group, then that member gets the collection ownership defined by that group. Similarly, if a member is deleted from a group, then that member loses the collection ownership defined by that group.

4.6 Support for Nested Group

iManager now supports Nested Group feature which is available in eDirectory 8.8 SP2 FTF1 and later.

4.7 “Loading...” Indicator in Tree View While Retrieving Large Amount of Data

iManager now provides a Loading... indicator in Tree View, to make the user wait while retrieving large amount of data.

4.8 Support for Unauthenticated HTTP Proxy Server to Download Plug-Ins

When the user is working behind a firewall server, and has only a firewall proxy to connect to the internet, to download the iManager plug-ins, he or she can select the proxy option, which is available in Configure page of iManager.

4.9 Timeout Mechanism for Plug-In Download from Novell Downloads

iManager 2.7.1 allows the users to download and install NPMs. It has a timeout mechanism that allows the download/installation to continue with the next NPM if a certain time period has elapsed for the NPM that you are currently downloading/installing. This prevents the installation from hanging indefinitely if the download of the plug-ins has problems of any kind.

4.10 i-icon in Available Novell Plug-In Modules Page

When the user clicks this icon, it displays the plug-in information such as supported platforms, recommended versions, change logs, build number, and other miscellaneous information.

4.11 Redirection after Logout

The Redirection after Logout option allows the user to specify the URL to be redirected to, after logging out of iManager. If he or she has not selected this option, and clicks Exit, he or she will be logged out of iManager, and the Login page will be displayed, by default.

5.0 Known Issues

The following issues exist in the iManager 2.7 environment:

5.1 Tree View Issues

The following issues exist in the new Tree tab of the Object View:

5.1.1 Navigation Frame Object List Does Not Update

In the Object View’s Tree tab, the effects of container actions are not immediately reflected in the Navigation frame’s object list. For example, adding a container, or changing an existing container’s name, is not reflected in the Navigation frame until you manually refresh the view by leaving the Tree view and then re-opening it.

5.1.2 Tree View Does Not Save State Information

Tree View does not currently save its state, including current position within the tree, when switching between Tree View and the Browse/Search tabs.

5.2 Invalid RBS Member Association can cause Java Exception

If you inadvertently specify an invalid user name or scope when creating RBS Member Associations, when you try to save the changes iManager displays the following error:

The system encountered an unknown error. Please contact Novell Support.

This error prevents a successful save operation for any valid data that you might have entered. To avoid this problem, use the Object Selector to locate valid objects and scopes when configuring iManager RBS.

5.3 Authentication Error with SLES 9

You might encounter the following error while authenticating iManager on a Server with SLES 9 SP3 or later version:

Unable to create AdminNamespace. java.lang.NoClassDefFoundError when authenticating on SLES 9.

Work around: Install compat-libstdc++-33-3.2.3-61 before installing iManager 2.7.

5.4 Plug-in Compatibility

Because of changes to class structure and organization, iManager plug-ins must be recompiled to work with iManager 2.7. The iManager 2.7 Web site contains all currently available plug-ins, and will be regularly updated with additional plug-ins when they are available. If you add an older plug-in using Add Plug-in link, it does not display an error even though the plug-in is not added. You can view specific error information in the debug log.

Similarly, the OES 2 download includes the currently available iManager 2.7 plug-ins.

NOTE:iManager 2.7 does not allow the user to install old plug-ins that iManager 2.6 supported.

5.5 iManager Login Page Issues

You should be aware of the following login-related issues with iManager 2.7:

5.5.1 iChain Single Sign-On (SSO)

The iChain® Single Sign-On functionality (including Forward authentication, OLAC, and Form Fill) does not work in a multi-tree environment. iManager 2.7 requires a username, password, and tree name for login, whereas iChain requires only a username and password.

Form Fill from iChain also fails because the Exit button in the iManager toolbar directs you back to the initial login form. When Form Fill is active, you are simply logged back in to iManager.

In a single server environment, it is possible to use the iManager default settings and iChain will work correctly.

5.5.2 NetIdentity Login

For the same reasons as iChain SSO, NetIdentity can cause problems with iManager login.

When using iManager 2.7 on a NetWare 6.5 SP3 server that was previously running iManager 2.x and Virtual Office, NetIdentity clients see a NetIdentity login dialog box that only requires a username and password, instead of the iManager login dialog box that requires a username, password, and tree name.

5.6 International Characters Might Not Display Correctly During Install

If, during the installation, there are problems with the display of the characters, you might need to change the system's character encoding to UTF-8.

Installing remotely through an ssh client might also require UTF-8 character encoding on the client to display characters properly.

For example, set the system variable LC_ALL=de_DE.utf8, then try running the install again.

5.7 (Windows Servers Only) Installing eDirectory and iManager on the Same Machine

If you want to install eDirectory and iManager on the same physical machine, you must install eDirectory before you install iManager. This allows eDirectory to perform the initial system configuration as required.

5.8 (Windows Servers Only) iManager Doesn't Work after Installing Groupwise 7.0 WebAccess

On Windows 2000 and 2003 Server with IIS 5 or 6, installing Groupwise® 7.0 WebAccess to IIS automatically installs Tomcat 5.5.

As the iManager installation begins, the iManager installer program detects that IIS and Tomcat are available for use. The installer reports the inability to stop the iisadmin service. Near the end of the install, the installer reports the inability to start Tomcat.

After the install is completed, GroupWise WebAccess still works, but iManager does not (HTTP 404: Page not found).

Work around: Do not install iManager and GroupWise on the same Windows server.

5.9 Blank Screen or Missing Roles and Tasks

This most commonly occurs when accessing different versions of iManager with the same browser. Resolve this problem by clearing the browser's stored cookies and cache and restarting the browser.

5.10 Timeout Setting for Dynamic Groups Returns an Error Message When the Timeout Is Set to a Value That Can Be Exceeded

When this occurs, the following message appears: Unknown meaning for error number - 6016; Please call a Novell provider, but the value is saved. When you access Dynamic Groups, another error message appears: The system encountered an unknown error. Please contact Novell support.

Work around: Give the Timeout setting an adequate and reasonable value.

5.11 Special Characters

iManager does not escape special characters automatically. Using a special character in an object name will cause an error unless you manually escape the character. More information is available in the iManager documentation.

5.11.1 Plug-in Studio Can't Find the RBS Collection When Trying to Install an Edited Plug-In.

Plug-In Studio can't find RBS Collections that have special characters in their names, so attempting to edit a plug-in that has been previously installed into an RBS Collection with special characters in its name causes the install to fail.

5.11.2 Using Special Characters When Creating a Property Book

Creating a Property Book, and naming it using special characters might cause a DNS Error 603 message. For more information about naming a Property Book, see “Creating a New Property Book” in the iManager documentation.

5.11.3 iManager Framework Does Not Support Special Characters in Plug-In IDs.

To create a plug-in ID that includes extended characters, create the plug-in using standard characters, then use Advanced Properties to change the plug-in display name after it has been created.

5.12 Two Instances Do Not Maintain Connections to Two Different Trees

Two instances in Firefox and Internet Explorer 7 tabbed views do not maintain connections to two different trees. Internet Explorer 6 maintains one session per instance, while Firefox uses the same session for all instances that use the same profile.

This difference in Web browser behavior gives the appearance that Firefox cannot support two different sessions and that connection information is crossing over. iManager can maintain a connection to two different trees at the same time in the Firefox browser, but only if each instance is using a different profile.

To work different sessions simultaneously, modify your profile using Firefox's Profile Manager. In Firefox 2.0 you can use the -no-remote option when launching Firefox to run multiple profiles simultaneously.

5.13 Javaw.exe Application Error when closing iManager Workstation or SDK

When closing iManager Workstation or SDK, you might encounter a javaw.exe Application Error. The error is benign and does not indicate any system problems or instabilities. You can safely close the error message box and continue working normally.

5.14 Control Characters in Login Script

Using ASCII control characters in a login script might cause an Unhandled Exception Error in iManager. For this reason, Novell recommends using only the standard ASCII character set when creating login scripts.

5.15 Translation Errors in InstallAnywhere Installer

iManager leverages Macrovision* InstallAnywhere* for its installation routine. Because of this, some of the language translation for the installation routine is provided by Macrovision. Novell has encountered a few errors in these Macrovision translations that it cannot access to correct. For example, when you are prompted to select a language for the installation, the language selection “Slovak” is translated to “Anglictina”, which means English rather than Slovak.

Novell is working with Macrovision to get these translation errors corrected.

5.16 eDirectory Error Messages Language Settings

The iManager Language Preferences setting does not change the language of eDirectory error messages, even though the language of iManager Web interface is changed.

To work around this issues, change the operating system default language on the eDirectory server that iManager is using.

5.17 Link Disappears or Unable to View the all the Options

Novell iManager might not display the links or third row of options in the Property Book, if the window size is minimized.

To work around this issue, expand the window or consider using a resolution greater than 1024 x 768.

5.18 Null Pointer Exception trying to load iManager Login page

When you try to access iManager from a browser, sometimes the Login page fails to load, and displays the following error message:

exception java.lang.NullPointerException 
com.novell.emframe.fw.servlet.AuthenticatorServlet.service( javax.servlet.http.HttpServlet.service( 

The browser cookies might be corrupted.

Work around: Clear the browser cookies, then try to access iManager.

5.19 (NetWare only) Plug-in Install Does Not Proceed without Mouse

During iManager 2.7 installation, you may not be able to change focus to the dialog that asks if you want to install iManager 2.7 plug-ins without using a mouse. This may prevent you to proceed with the install.

5.20 (NetWare only) On a non-English server install, iManager 2.6 is displayed instead of iManager 2.7

If you perform a non-English install of NetWare 6.5 SP 7, iManager 2.6 is displayed as the product in multiple places during the install. Also, the list of installed products will display a product of iManager 2.6 with a version of 2.7.0. Even though iManager 2.6 is displayed as the product, iManager 2.7 is the version that is installed.

5.21 After post installation of iManager 2.7 on NetWare 6.5 sp7 the login page might not appear

This is the result of the iManager 2.0.2 uninstall not removing the line "Include sys:/tomcat/4/conf/nps-Apache.conf" from SYS:\Apache2\conf\httpd.conf. You will also see a Apache2 startup error in SYS:\Apache2\logs\startup.err.

Work around: You must:

  1. Edit SYS:\Apache2\conf\httpd.conf.

  2. Remove the line "Include sys:/tomcat/4/conf/nps-Apache.conf" from the bottomof the file.

  3. Save the changes.

  4. Start Apache2, ap2webup.

5.22 Unable to create

You might encounter the above error when authenticating to eDirectory with iManager 2.7 Workstation or SDK on SLED 10. This indicates the problem while updating NICI. You might notice a message that prime NICI was unsuccessful when you updated NICI.

NICI 2.7.0 is installed with SLED 10 and the Open Desktop Edition add-on (ODE). iManager 2.7 requires NICI 2.7.3 and prompts you to install when you run iManager 2.7 Workstation or SDK for the first time. The issue is because NICI 2.7.0 is not successfully upgraded to NICI 2.7.3. During the update, you get a message that prime NICI was not successful.

Work around: Remove both versions of NICI on the system, ignoring any dependencies. For example, the ODE add-on itself has a dependency on NICI. So, remove NICI by telling the Software Management to ignore the dependency. Re-install NICI 2.7.3 that you got with iManager 2.7 Workstation. Before you install NICI 2.7.3, make sure that you delete the /var/novell/nici directory.

5.23 Issue with Internet Explorer while opening Data Table Elements in a new window or a new tab

While doing RBS Configuration in Internet Explorer, if you try to open a Data Table Element in a new window or a new tab, you cannot get the desired result. Instead, you should directly click the links.

5.24 Tomcat restart after installing a plug-in

After installing a plug-in such as, service pack, if you immediately (without waiting at least for 3 Seconds) click Close, a blank page appears. Now you should restart Tomcat:

  • For Windows: Restart tomcat services from Control Panel->Administrative Tools->Services.

  • For Linux: /etc/init.d/novell-tomcat5 restart

  • For Netware:

    1. tomcat5 stop

    2. tomcat5 start

5.25 iManager mvStringEditor tag exhibits strange behavior

Internet Explorer 6.0 does not display tooltips for the items in a list. So, the iManager mvStringEditor tag does not show tooltips for the values it contains. This is fixed in Internet Explorer 7.0 and it shows tooltips for the values in the iManager mvStringEditor tag.

5.26 Admin allows only “AllUsers” as the Authorized User of eDirectory to access iManager

If the Admin wants to allow all the eDirectory users to access iManager, he should add AllUsers (case sensitive) to the Authorized User list in the Configure page.

If the Admin adds an invalid user, for example, Allusers to the list, then he cannot modify the Configure page next time when he visits the page. A message, Current logged in user is not authorized to configure iManager is displayed.

Work around: In file, modify the corresponding line as AllUser=true.

5.27 Security alert warning message is displayed many times on iManager workstation

After authentication on iManager 2.7 workstation, the following Security Warning message is displayed:

The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?

The message is also displayed many times when you go to the tree view, and the other parts of iManager.

Work around:

  1. Open the security-prefs.js file from <imanager workstation folder>/bin/windows/mozilla/greprefs.(for Windows)

    Open the security-prefs.js file from <imanager workstation folder>/bin/linux/mozilla/greprefs.(for Linux)

  2. Modify the following settings from true to false as:

    • pref("security.warn_entering_secure", false);
    • pref("security.warn_leaving_secure", false);
    • pref("security.warn_submit_insecure", false);

New downloads of Linux workstation have these flags set to false, by default.

5.28 iManager workstation (Windows) sometimes does not display information

iManager workstation might not display error messages, pop-ups, and load pages like Tree View, Object Browse, and Create Objects. This happens when the XULRunner browser cache contains old data of the previous build of iManager 2.7 workstation.

Work around: You must manually clear the data from browser cache.

  1. Exit iManager.

  2. Go to C:\Users\<username>\AppData\<Profile>\Mozilla\eclipse\Cache (the path varies depending on the configuration and OS).

  3. Delete the data in the Cache directory.

  4. Restart iManager.

5.29 Objects are not available in history, in Group Member and Group Membership property book pages.

The Object Selector icons in the Group Member and Group Membership property book pages allow you to select the objects that have auxiliary class nestedGroupAux in their Object Class attributes. However, the design for adding such objects to the history requires nestedGroupAux to be an object type. Therefore, these objects are not added to the history.

5.30 When you make a group as nested and dynamic, it might not properly function.

You can make a Nested Group also a Dynamic Group and vice versa by using the Object Extension task under Schema role. However, as long as eDirectory allows the auxiliary classes to be added to the objects by using the Object Extension task, iManager does not check them. Therefore, if you make a group as nested and dynamic, it might not properly function.

5.31 Plugin Uninstallation before or after iManager 2.7.1 installation

If you try to uninstall a plug-in from iManager 2.7 without support pack 1, and fail, you cannot uninstall the same plug-in even after installing the support pack 1. Work around: You must manually uninstall.

5.32 Precedence of the methods for changing the page order of a Property Book

Changes done to the page order of a Property Book through Preferences have higher precedence than reordering the Page List for the same Property Book while modifying the Role Based Collection through Role Based Services. This is because the latter modifies the Property Book object in the eDirectory, whereas the former is specific to a particular Property Book on particular iManager server.

5.33 Uninstalling iManager support pack does not remove all the relevant files from the machine

When you uninstall iManager support pack on any platform, only the base version (iManager 2.7) specific folders and files are removed from the machine.

Work around: Do the following:

  • On Windows, manually delete the folders Novell\tomcat and Novell\jre from the Program Files directory.
  • On Linux, manually delete the folders /var/opt/novell/iManager and /etc/opt/novell/iManager.

5.34 iManager 2.7.1 installation randomly hangs

After installing iManager 2.7, when you uninstall and re-install iManager 2.7 several times, then try to install 2.7.1, the installation appears hung.

Work around: Wait a few minutes, then restart tomcat. iManager 2.7.1 would have been installed.

6.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2008 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell Trademarks

For a list of Novell trademarks, see Trademarks.

Third-Party Materials