This readme contains the following sections:
iManager 2.7.3 includes the following product enhancements:
In addition to the existing platforms and Web browsers, iManager 2.7.3 FTF 4 supports Windows 7 (32-bit and 64-bit), Windows 2008 R2 platforms, and Internet Explorer 8 (IE 8).
For more information on the supported platforms, refer to the iManager 2.7.3 Installation Guide.
The following two buttons are newly available in the Available Novell Plug-in Modules page:
Hide: Clicking this button hides the selected Novell plug-in modules. You can also hide all the plug-in modules so that the Home page doesn't display the New iManager NPMs are available to install notice.
Show Hidden: Clicking this button displays the list of the hidden Novell plug-in modules. You can unhide the hidden plug-in modules.
In the Property Book page, the user can now define/modify a preferred object selection method for an existing task. For this, a new feature, Target Chooser Mode has been added to the Actions list.
In the Security page of the Configure iManager window, the user can now add an Organizational Role to thelist so that all the members (users and groups) of the organization become authorized users.
iManager now caches the first-time-login information with the tree name and uses that information in the subsequent logins. This process makes the logins fast.
The user can now configure a proxy also by using DNS names. The proxy host field now accepts DNS names also.
IMPORTANT:iManager support packs do not make a backup of files replaced. The only way to roll back to a previous state is to backup all modified files before applying the support pack and then manually restoring the backed up files.
Also, iManager support packs must be installed on all iManager servers in your environment. Support packs do not automatically replicate other iManager servers in your tree.
NOTE:After you install the iManager support pack, iManager will be non-functional until you restart Tomcat.
To download and install an iManager support pack:
Download iman273_FTF4.npm file from the Novell download site to your local machine.
Log in to iManager.
Click iman273_FTF4.npm file, then click .and browse to the
Verify that the module is iman273_FTF4.npm and the description reads Field Patch 4 for iManager 2.7.3.
Select the check box next to the field patch file iman273_FTF4.npm and click .
The installation takes a few minutes.
NOTE: Internet Explorer might append a .zip extension to the .npm when it is downloaded. The browser might actually remove the .npm extension, and replace it with .zip. The extension must be .npm. Otherwise, the installation does not upload the file.
Clickand Restart Tomcat.
NOTE:Tomcat sometimes requires several minutes to fully initialize. Wait a few minutes before trying to log into iManager after restarting Tomcat.
Table 1 Restart Tomcat
Enter TC5STOP. Wait at least a minute, then enter TOMCAT5 to start the service again.
Stop and start the Tomcat service.
Enter /etc/init.d/novell-tomcat5 stop, then enter /etc/init.d/novell-tomcat5 start.
Close Mobile iManager and re-open Mobile iManager.
Verify that the new support pack has been installed.
Log in to iManager, then check whether the home page displays the new version (2.7.3 FTF 4).
Check the log file located in webapps/nps/WEB-INF/changelog.
Clickin the upper-left corner of the iManager application window to view the iManager information page.
NOTE:When you install iManager plug-ins, sometimes either the installation hangs or the plug-ins are not properly installed. To troubleshoot the issue, see iManager Plug-in Installation Hangs or Plug-ins Are Not Properly Installed in the iManager 2.7.x Administration Guide.
The following issues are resolved in the iManager 2.7.3 FTF 4 release:
iManager 2.7.3 FTF 3 installation hangs if earlier FTF installation files have not been uninstalled.
Security Vulnerability - iManager stack buffer overflow - Creating a class name with more than 32 characters by using other scripts (perl / python).
Security Vulnerability - iManager off-by-one DoS - If login request is sent with a Tree field length of 256 characters.
Security Vulnerability - CVE-2009-3555 - OpenSSL Handshake renegotiation of the existing connections.
Privileged User can instigate a DoS under the context of the service. (No Trace) - Providing Auditing and logs while authorized users upload the npm files.
The following are the issues resolved in the iManager 2.7.3 FTF 3 release:
Delay in the next login attempt after a login failure.
The Case Ignore List adding multiple attribute values to a single attribute.
Unauthenticated files that get uploaded onto Access Manager.
The following are the issues resolved in the iManager 2.7.3 FTF 2 release:
The security vulnerability issue faced during installation of external plug-ins.
The following are the issues resolved in the iManager 2.7.3 FTF 1 release:
The Others tab while modifying user is empty with iManager 2.7.3.
Cannot browse/select objects from IE 8 browser.
In IE 8, the iManager Tree view option was not listing.
iManager plugin fails to uninstall cleanly.
Objects created with alternate naming attribute in some cases.
The following issues are resolved in iManager 2.7.3:
Error message for deleting object is not localized.
Configure iManager task is not displayed for the member of a nested group which is an Authorized user.
Plug-ins are not removed when you selectoption in the Available Novell Plug-in Modules page, deselect one or more plug-ins in the list, and click .
iManager (2.7 with Tomcat 5.5) login screen, by default, hasenabled which results in security vulnerability.
option under the tab of the Modify User page does not work.
Large number of XSS vulnerabilities exist in iManager 2.7.
iManager 2.7.2 removes RBS collection ownership for a user when the user is added to / removed from a group object.
Plug-in allows inconsistency of group and group membership.
A user, who has logged in to iManager through Internet Explorer, as a t1 trustee user cannot view the property pages.
Plug-in download does not function when you add a plug-in with name same as that of one of the existing plug-ins, and rename the exiting plug-in of the same name.
Plug-ins are not displayed because of clash between .jar files.
Uniqueness scan does not work if a tree has more than 7000 users.
Login script that is created with Novell client appears blank in iManager.
iManager tree view filter does not work when you use scandinavian characters.
The following issues exist in the iManager 2.7 environment:
While working with iManager through IE 8 browser and when you click the Do you want to view only the webpage content that was delivered securely.tab, a security warning message appears. It is the security provided by IE 8 that mentions
To block this message from appearing, perform the following in the IE 8 browser:
The Internet Options window is displayed.
Click thetab. By default, the Internet option is selected.
The Security Settings window is displayed.
In thesection, enable “Display mixed content” (select the option corresponding to ).
The following issues exist in the new Tree tab of the Object View:
In the Object View’s Tree tab, the effects of container actions are not immediately reflected in the Navigation frame’s object list. For example, adding a container, or changing an existing container’s name, is not reflected in the Navigation frame until you manually refresh the view by leaving the Tree view and then re-opening it.
Tree View does not currently save its state, including current position within the tree, when switching between Tree View and the Browse/Search tabs.
If you inadvertently specify an invalid user name or scope when creating RBS Member Associations, when you try to save the changes iManager displays the following error:
The system encountered an unknown error. Please contact Novell Support.
This error prevents a successful save operation for any valid data that you might have entered. To avoid this problem, use the Object Selector to locate valid objects and scopes when configuring iManager RBS.
You might encounter the following error while authenticating iManager on a Server with SLES 9 SP3 or later version:
Unable to create AdminNamespace. java.lang.NoClassDefFoundError when authenticating on SLES 9.
Work around: Install compat-libstdc++-33-3.2.3-61.i386.rpm before installing iManager 2.7.
Because of changes to class structure and organization, iManager plug-ins must be recompiled to work with iManager 2.7. The iManager 2.7 Web site contains all currently available plug-ins, and will be regularly updated with additional plug-ins when they are available. If you add an older plug-in using Add Plug-in link, it does not display an error even though the plug-in is not added. You can view specific error information in the debug log.
Similarly, the OES 2 download includes the currently available iManager 2.7 plug-ins.
NOTE:iManager 2.7 does not allow the user to install old plug-ins that iManager 2.6 supported.
Be aware of the following login-related issues with iManager 2.7:
The iChain Single Sign-On functionality (including Forward authentication, OLAC, and Form Fill) does not work in a multi-tree environment. iManager 2.7 requires a user name, password, and tree name for login, whereas iChain requires only user name and password.
Form Fill from iChain also fails because the Exit button in the iManager toolbar directs you back to the initial login form. When Form Fill is active, you are simply logged back in to iManager.
In a single server environment, it is possible to use the iManager default settings and iChain will work correctly.
For the same reasons as iChain SSO, NetIdentity can cause problems with iManager login.
When using iManager 2.7 on a NetWare 6.5 SP3 server that was previously running iManager 2.x and Virtual Office, NetIdentity clients see a NetIdentity login dialog box that only requires user name and password, instead of the iManager login dialog box that requires user name, password, and tree name.
If, during the installation, there are problems with the display of the characters, you might need to change the system's character encoding to UTF-8.
Installing remotely through an ssh client might also require UTF-8 character encoding on the client to display characters properly.
For example, set the system variable LC_ALL=de_DE.utf8, then try running the install again.
If you want to install eDirectory and iManager on the same physical machine, you must install eDirectory before you install iManager. This allows eDirectory to perform the initial system configuration as required.
On Windows 2000 and 2003 Server with IIS 5 or 6, installing Groupwise® 7.0 WebAccess to IIS automatically installs Tomcat 5.5.
As the iManager installation begins, the iManager installer program detects that IIS and Tomcat are available for use. The installer reports the inability to stop the iisadmin service. Near the end of the install, the installer reports the inability to start Tomcat.
After the install is completed, GroupWise WebAccess still works, but iManager does not (HTTP 404: Page not found).
Work around: Do not install iManager and GroupWise on the same Windows server.
This most commonly occurs when accessing different versions of iManager with the same browser. Resolve this problem by clearing the browser's stored cookies and cache and restarting the browser.
When this occurs, the following message appears: Unknown meaning for error number - 6016; Please call a Novell provider, but the value is saved. When you access Dynamic Groups, another error message appears: The system encountered an unknown error. Please contact Novell support.
The workaround is to give the Time Out setting an adequate and reasonable value.
iManager does not escape special characters automatically. Using a special character in an object name will cause an error unless you manually escape the character. More information about special characters is available in the iManager documentation.
Plug-In Studio can't find RBS Collections that have special characters in their names, so attempting to edit a plug-in that has been previously installed into an RBS Collection with special characters in its name causes the install to fail.
Creating a Property Book, and naming it using special characters might cause a DNS Error 603 message. For more information about naming a Property Book, see “Creating a New Property Book” in the iManager documentation.
To create a plug-in ID that includes extended characters, create the plug-in using standard characters, then use Advanced Properties to change the plug-in display name after it has been created.
Two instances in Firefox and Internet Explorer 8 tabbed views do not maintain connections to two different trees. Internet Explorer 6 maintains one session per instance, while Firefox uses the same session for all instances that use the same profile.
This difference in Web browser behavior gives the appearance that Firefox cannot support two different sessions and that connection information is crossing over. iManager can maintain a connection to two different trees at the same time in the Firefox browser, but only if each instance is using a different profile.
To work different sessions simultaneously, modify your profile using Firefox's Profile Manager. In Firefox 2.0 and 3.0, you can use the -no-remote option when launching Firefox to run multiple profiles simultaneously.
When closing iManager Workstation or SDK, you might encounter a javaw.exe Application Error. The error is benign and does not indicate any system problems or instabilities. You can safely close the error message box and continue working normally.
Using ASCII control characters in a login script might cause an Unhandled Exception Error in iManager. For this reason, Novell recommends using only the standard ASCII character set when creating login scripts.
iManager leverages Macrovision* InstallAnywhere* for its installation routine. Because of this, some of the language translation for the installation routine is provided by Macrovision. Novell has encountered a few errors in these Macrovision translations that it cannot access to correct. For example, when you are prompted to select a language for the installation, the language selection “Slovak” is translated to “Anglictina”, which means English rather than Slovak.
Novell is working with Macrovision to get these translation errors corrected.
The iManager Language Preferences setting does not change the language of eDirectory error messages, even though the language of iManager Web interface is changed.
To work around this issue, change the operating system default language on the eDirectory server that iManager is using.
Novell iManager might not display the links or third row of options in the Property Book, if the window size is minimized.
To work around this issue, expand the window or consider using a resolution greater than 1024 x 768.
When you try to access iManager from a browser, sometimes the Login page fails to load, and displays the following error message:
exception java.lang.NullPointerException com.novell.emframe.fw.servlet.AuthenticatorServlet.service(AuthenticatorServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
The browser cookies might be corrupted.
Work around: Clear the browser cookies, then try to access iManager.
During iManager 2.7 installation, you may not be able to change focus to the dialog that asks if you want to install iManager 2.7 plug-ins without using a mouse. This may prevent you to proceed with the install.
If you perform a non-English install of NetWare 6.5 SP7, iManager 2.6 is displayed as the product in multiple places during the install. Also, the list of installed products will display a product of iManager 2.6 with a version of 2.7.0. Even though iManager 2.6 is displayed as the product, iManager 2.7 is the version that is installed.
This is the result of the iManager 2.0.2 uninstall not removing the line Include sys:/tomcat/4/conf/nps-Apache.conf from SYS:\Apache2\conf\httpd.conf. You will also see a Apache2 startup error in SYS:\Apache2\logs\startup.err.
As a workaround, you must:
Remove the line Include sys:/tomcat/4/conf/nps-Apache.conf from the bottomof the file.
Save the changes.
Start Apache2, ap2webup.
You might encounter the above error when authenticating to eDirectory with iManager 2.7 Workstation or SDK on SLED 10. This indicates the problem while updating NICI. You might notice a message that prime NICI was unsuccessful when you updated NICI.
NICI 2.7.0 is installed with SLED 10 and the Open Desktop Edition add-on (ODE). iManager 2.7 requires NICI 2.7.3 and prompts you to install when you run iManager 2.7 Workstation or SDK for the first time. The issue is because NICI 2.7.0 is not successfully upgraded to NICI 2.7.3. During the update, you get a message that prime NICI was not successful.
Work around: Remove both versions of NICI on the system, ignoring any dependencies. For example, the ODE add-on itself has a dependency on NICI. So, remove NICI by telling the Software Management to ignore the dependency. Re-install NICI 2.7.3 that you got with iManager 2.7 Workstation. Before you install NICI 2.7.3, make sure that you delete the /var/novell/nici directory.
While doing RBS Configuration in Internet Explorer, if you try to open a Data Table Element in a new window or a new tab, you cannot get the desired result. Instead, you should directly click the links.
After installing a plug-in such as, service pack, if you immediately (without waiting at least for 3 Seconds) click, a blank page appears. Now you should restart Tomcat:
For Windows: Restart tomcat services from
For Linux: /etc/init.d/novell-tomcat5 restart
Internet Explorer 6.0 does not display tooltips for the items in a list. So, the iManager mvStringEditor tag does not show tooltips for the values it contains. This is fixed in Internet Explorer 7.0 or later and it shows tooltips for the values in the iManager mvStringEditor tag.
If the Admin wants to allow all the eDirectory users to access iManager, he should add(case sensitive) to the list in the Configure page.
If the Admin adds an invalid user, for example, Current logged in user is not authorized to configure iManager is displayed.to the list, then he cannot modify the Configure page next time when he visits the page. A message,
Work around: In Configiman.properties file, modify the corresponding line as AllUser=true.
After authentication on iManager 2.7 workstation, the following Security Warning message is displayed:
The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?
The message is also displayed many times when you go to the tree view, and the other parts of iManager.
Open the security-prefs.js file from <imanager workstation folder>/bin/windows/mozilla/greprefs.(for Windows)
Open the security-prefs.js file from <imanager workstation folder>/bin/linux/mozilla/greprefs.(for Linux)
Modify the following settings from true to false as:
New downloads of Linux workstation have these flags set to false, by default.
iManager workstation might not display error messages, pop-ups, and load pages like Tree View, Object Browse, and Create Objects. This happens when the XULRunner browser cache contains old data of the previous build of iManager 2.7 workstation.
As a workaround, you must manually clear the data from browser cache:
Windows: C:\Users\<username>\AppData\<Profile>\Mozilla\eclipse\Cache (Windows XP)
C:\Users\<username>\AppData\Roaming\Mozilla\eclipse\Cache (Windows 7/Vista)
Delete the data in the Cache directory.
The Object Selector icons in the Group Member and Group Membership property book pages allow you to select the objects that have auxiliary classin their attributes. However, the design for adding such objects to the history requires to be an object type. Therefore, these objects are not added to the history.
You can make a Nested Group also a Dynamic Group and vice versa by using the Object Extension task under Schema role. However, as long as eDirectory allows the auxiliary classes to be added to the objects by using the Object Extension task, iManager does not check them. Therefore, if you make a group as nested and dynamic, it might not properly function.
Changes done to the page order of a Property Book throughhave higher precedence than reordering the for the same Property Book while modifying the through . This is because the latter modifies the Property Book object in the eDirectory, whereas the former is specific to a particular Property Book on particular iManager server.
The user cannot select valued or unvalued attributes select boxes by using keyboard.
Work around: In Firefox 3, press Scroll Lock + Up/Down arrow or Shift + Ctrl + Up/Down arrow.
In Internet Explorer 7, press Scroll Lock + Up/Down arrow.
When you log in to iManager that is connected to eDirectory, where DSFW server is installed, as Administrator, and try to modify the objects under a container, for example, a few objects of type Users, Configuration, Computers, and so on appear as undefined. A “?” is displayed against the object types.
DSFW administrator cannot configure RBS in iManager. He/she fails to do while modifying ACL value. This is because the rights for the DSFW administrator are limited that he/she has the supervisor rights only on the domain and subdomains which he/she manages. But he/she does not have all rights as the Tree administrator.
After upgrading the iManager version to 2.7.2, the custom plug-ins that are installed prior to 2.7.2, are shown asunder column in the Plug-in Studio page.
As a workaround, select the plug-in, then click> . The plug-ins are installed with the features of iManager 2.7.2.
After upgrading the iManager version to 2.7.2, newly added Property Book pages such as Nested Settings, Group Member, and Group Memberships do not appear while modifying a group by using the Modify Group task.
Work around: You should manually assign the pages to the Modify Group property book for the RBS Collection being used, or create a new RBS Collection.
Click> . The RBS Configuration page is displayed.
Click the existing RBS Collection. The Collection: <RBS Collection> page is displayed.
Click thetab, then select the Modify Group, and then click > . The Edit Page List page is displayed.
From the Available Pages: list, select The property book was successfully modified is displayed., , and , then click the Right Arrow so that the selected items are moved to the Assigned Pages: list, and then click . The message,
Click> . The RBS Configuration page is displayed.
Click> . is invoked. This guides you to create a new RBS Collection with the newly added pages.
When the master or parent server is down, the iManager user cannot find the tree root because the information of the tree root is available only with the master/parent server. Because the user cannot find the tree root, he/she cannot log in to the child server which has the replica.
When you uninstall iManager plug-ins on Windows Vista, the uninstallation does not properly happen. Even though you get an uninstallation successful message, you can still view the plug-ins as installed in thelist.
Work around: The problem occurs because .com.zerog.registry.xml file that is required for uninstallation might be hidden. You should make the file available for uninstallation by making it visible:
Click. The My Computer page is displayed.
Click. The Folder Options dialog box is displayed.
Under, select .
When installing iManager (of any language) in Portuguese-Brazilian locale, if you set the LANG environment variable to pt_BR.UTF-8, pt_BR.utf8, or pt_BR, the installer corrupts the gettingstarted.html file of the particular language.
As a workaround, before starting the iManager installation, set the LANG environment variable to pt_PT.UTF-8 by entering the following command at the terminal:
If you have installed a plug-in through iManager 2.7.2 or earlier versions and if you try to uninstall this plug-in through iManager 2.7.3 or later version, the plug-in does not get uninstalled properly.
In this case, you must manually uninstall the plug-in by removing the following directories:
\<TOMCAT>\webapps\nps\WEB-INF\modules\<plugin_name_dir> (The MANIFEST.MF file is present in this directory and must be deleted)
You must also delete the UninstallerData directory for the plug-in that you want to delete. The UninstallerData directory is present in the following path:
Windows: C:\Program Files\Novell\Tomcat\webapps\nps\UninstallerData\Uninstall_<plugin_name>
On Netware 6.5 SP8, while editing an existing Custom task in plug-in studio or creating a new Custom plug, if you click Preview, tomcat5 crashes and a Service Unavailable message appears.
Nds Login hangs for sometime (10-15 minutes) while trying to login using invalid user authetication such as as o=novell or =novell.
To avoid this issue, you must copy and place the latest NMAS library:
Linux: Place the libnmasclnt.so file in the /var/opt/novell/iManager/nps/WEB-INF/bin/linux directory.
Windows: Place the nmas.dll and nmasmsg.dll files in the /tomcat/webapps/nps/WEB-INF/bin/windows directory.
While trying to access the tasks of Novell Certificate Server or Novell Certificate Access through iManager, iManager throws a java exception error (java.lang.NullPointerException\n at com.novell.admin.PKI.certificate.eDir.eDirCertificateManagerVariables.getNativeAPIVersion). This is because the Novell Certificate Server Plug-ins for iManager (PKI) has a dependency on the libstdc++-libc6.2-2.so.3 library.
To avoid getting this error, you must install the following RPMs on the iManager server:
32-bit: compat (compat-2006.1.25-11.2)
64-bit: compat-32bit (compat-32bit-2006.1.25-11.2)
32-bit: compat (compat-2009.1.19-2.1)
64-bit: compat-32bit (compat-32bit-2009.1.19-2.1)
You might encounter the following error while authenticating iManager on a Server with SLES 10 SP3 (64-bit):
Unable to create AdminNamespace. java.lang.NoClassDefFoundError when authenticating on SLES 10 SP3.
Work around: Install libstdc++33-32bit-3.3.3-7.8.1 before installing iManager 2.7.
For information on iManager 2.7 issues following this release, see Novell iManger 2.x Readme Addendum in the Novell Knowledge Base.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.