December 3, 2008
This readme contains the following sections:
The following issues are resolved in iManager 2.7.2:
The TreeName Display appears to be set only by the Roles and Tasks view instead of the Header Display. (395379)
iManager 2.7.2 allows plug-ins with Max-iManager-Version set to 2.7.0 to be installed in it.
The user cannot log in to iManager if he/she doesn’t have Public Browse Entry right.
Password Policies assignment list is not sorted. It is difficult for the user to navigate and validate individual assignments when the size of list increases.
A Custom Plug-in with Photo/JpegPhoto control gives HTTP 501 error while uploading larger files.
In the Edit Member Association page, under Role Based Services, an error page is displayed when you click a link.
A large size description control should be added to the General Property Book page and the Create User task. (175533)
After upgrading the iManager version to 2.7.1, Audit does not send events to the Novell Audit server, SLS.
Simple Selection default values are wrong. (414442)
Improper short length truncations for Members and Group Membership controls. (414803)
iManager does not respond when you log in with a copied user object.
Advanced Properties - Add to Create Object task is not saved in plug-in studio.
Plug-in Studio - Ability to set Page Order exists on Property Book Pages, but is missing from Tasks for Create/Modify. (353003)
Proper Error Handling is required for Plug-in Studio Import task. The user should not get the Null Pointer Exception.
The way the attributes with syntax case ignore list are displayed, is not useful.
In the Modify Object dialog box, under the Members tab, unexpected characters appear in the string, Member.
In OES 2, INVALID_ATTRIBUTE Namespace error is displayed while performing the Copy Object operation.
In the Object Extensions task, CLASS NOT DEFINED error is displayed while adding an auxiliary class (name with serial spaces).
iManager does not allow to modify user attributes for the DSFW created users.
The following issues are resolved in iManager 2.7.1:
Setting up LDAP interfaces breaks dynamic group functionality.
Adding more than one logic group in Advanced search filter for dynamic members query are not saved.
Cannot add multiple users to multiple groups at the same time.
The user cannot modify the chapter and page ordering while creating a property book, and while modifying the page list of an existing property book. (336071)
Cannot export custom plug-in using Internet Explorer.
Security vulnerability: Any user can delete Plug-in Studio created Property Book Pages. (336168)
Only one value on a multi-valued attribute with path syntax is displayed on Edit Attribute page.
When you export a plug-in, the manifest.mf file doesn't include Min-imanager-version, because of which when you import it back again fails.
Plug-in Studio's Task for Create: When creating users from these custom-created tasks, it is not making a uniqueID matching the CN. (346647)
Cannot truly assign Property Book Pages to thechapter of . (344410)
ASCII Values field cannot be edited in the Octet String editor.
Excessive DS Operations while modifying objects. (308623)
Simple Selection is broken in thetask screen. (336365)
Creation of a Volume object should have a Physical Volume name entry that is populated with all possible values.
task is broken. (343239)
On the Modify Object page of Directory Administration, the user's password cannot be set.
Option to use a proxy server to download plug-ins. (96942)
iManager-Group object could define a Collection Owner.
iManager 2.7 Octet String Editor does not work.
If the user changes passwords in such a way that they don't meet Universal Password Policy, proper messages are not displayed.
System Error occurs when the user tries to edit a stream attribute containing xml data.
Cannot add replica if the server exists as S/R replica in a ring.
The Object View, Tree, and Browse tabs return unsorted results.
Specific files that the user wants to browse for, are not listed under View Objects-Browse view.
The user cannot delete attributes from Auxiliary Classes by using iManager. Customer ldap scripts must be used to delete them.
The following files are changed in this support Pack:
IMPORTANT:iManager support packs DO NOT back up the files that are replaced and therefore cannot be automatically uninstalled. If you want to roll back these changes, you should manually back up the files replaced by this update. The list of files changed are:
IMPORTANT:iManager support packs do not make a backup of files replaced. The only way to roll back to a previous state is to backup all modified files before applying the support pack and then manually restoring the backed up files.
Also, iManager support packs must be installed on all iManager servers in your environment. Support packs do not automatically replicate other iManager servers in your tree.
NOTE:After you install the iManager support pack, iManager will be non-functional until you restart Tomcat.
To download and install an iManager support pack, extract the file:
For Windows and NetWare servers, use a windows decompression utility that supports zip, (that is, WinZip) to extract iman27_SP2.npm to a temporary directory either on the workstation or on the server.
For Unix servers, use gzip and tar to decompress and extract the tarball to a temporary directory on which the patch will be applied. (that is, gzip -d -c iman27sp2.tgz | tar xvf -). Linux users can use tar -zxvf iman27sp2.tgz.
NOTE:Support pack files, like plug-ins, are packaged in modules (NPMs). Those modules are capable of containing one or more support packs. This Support Pack is a cumulative patch and includes all fixes from previous Support Packs.
Log in to iManager.
Click iman27_SP2.npm file, then click .and browse to the
Verify that the module is iman27_SP2.npm and the description reads Support Pack 2 for iManager 2.7.
Select the checkbox next to the support pack file iman27_SP2.npm and click.
The installation takes a few minutes.
NOTE: Internet Explorer may append a .zip extension to the .npm when it is downloaded. The browser might actually remove the .npm extension, and replace it with .zip. The extension must be .npm. Otherwise, the installation does not upload the file.
Clickand Restart Tomcat.
NOTE:Tomcat sometimes requires several minutes to fully initialize. Wait a few minutes before trying to log into iManager after restarting Tomcat.
Table 1 Enter Table Title Here
Type tomcat5 stop. Wait at least a minute, then type tomcat5 start to start the service again.
Stop and start the Tomcat service.
Enter /etc/init.d/novell-tomcat5 stop, then enter /etc/init.d/novell-tomcat5 start.
Close Mobile iManager and re-open Mobile iManager.
Verify that the new support pack has been installed.
Log in to iManager, then check whether the home page displays the new version (2.7.2).
Check the log file located in webapps/nps/WEB-INF/changelog.
Clickin the upper-left corner of the iManager application window to view the iManager information page.
iManager 2.7.2 includes the following product enhancement:
Simple Selection feature is now added for, > , and > tasks under . This helps to easily locate the object by searching across the entire tree based on certain parameters of the object.
iManager now has a framework that extends a plug-in schema by using the schema definition, which is provided by the plug-in, during the plug-in installation. Schema extension is specific to the tree into which the user has logged in.
The users can now modify the size of the Login Script view window in Plug-in Studio window. For this, he/she has to specify the column size which indicates the number of characters, and the row size which indicates the number of rows, in the corresponding fields by using theicon.
The users can now view all the values together for an attribute of syntax Multi-Valued Case Ignore List. He/she can edit values and each component of a multi-value entry with the help of a pop-up window. “-” acts as value separator in the list. A scrollbar is also provided for an attribute which has many values.
You can now add group objects to the authorised users and the groups list. After adding, all the members of the group become authorised users. If a user is a member of a group which is present in the authorised users and groups list, after logging in, he/she has the right to configure iManager. Therefore, administrators can now create groups of users who have rights to configure iManager server and add the group to the authorised users and groups list.
In thetask page, a Refresh button is provided to refresh the page to have the updated information.
When the schema (classes and attributes) is updated through external sources such as ICE plug-in, executing LDIF file, executing SCH file, and so on, you can see the updated information by clicking one of the following respective tasks:
If iManager Servers are running under the firewall proxy, the client can access the Internet through a proxy server. Only HTTP Proxy is supported. It is a Web proxy HTTP. To download the plug-ins, the user has to enable the Proxy feature, and specify the proxy host IP address, port number, user name, and password.
When you search for User-Class objects, Simple Selection option now displays the results that includes user DN, based on which iManager sorts the results, in addition to the users’ first name, and the last name.
If you want the iManager server to time out after a certain period, you can do it by specifying the number of days, hours, and minutes in the respective fields in the Authentication page. If you never want the server to time out, select theoption.
You can now download the plug-in modules from a custom site by specifying the URL of the custom site in the Download URL field, in the Plug-in Download page.
When you choose to modify multiple objects, the attribute values that are common to all the selected objects are displayed in the MVSelect Controls. You can add, edit, or delete the values of an attribute which will simultaneously affect all the selected objects.
You can now select and install a desired plug-in which automatically installs all the dependent plug-ins.
Security container now supports other object types in addition to aliases.
In the Plug-in Studio page, few custom tasks which are not created by a particular iManager server are displayed because of their entry in eDirectory. The custom tasks that are not created by the iManager server are not installed on it. A columnis now provided to indicate whether a custom task/page is installed on the server. The tasks/pages that are not installed are marked as . A tick mark is displayed for the tasks/pages that are installed. This helps you in exporting a custom task. If the custom task that you want to export is marked as under the column, you should first install it and then export it.
The following issues exist in the iManager 2.7 environment:
The following issues exist in the new Tree tab of the Object View:
In the Object View’s Tree tab, the effects of container actions are not immediately reflected in the Navigation frame’s object list. For example, adding a container, or changing an existing container’s name, is not reflected in the Navigation frame until you manually refresh the view by leaving the Tree view and then re-opening it.
Tree View does not currently save its state, including current position within the tree, when switching between Tree View and the Browse/Search tabs.
If you inadvertently specify an invalid user name or scope when creating RBS Member Associations, when you try to save the changes iManager displays the following error:
The system encountered an unknown error. Please contact Novell Support.
This error prevents a successful save operation for any valid data that you might have entered. To avoid this problem, use the Object Selector to locate valid objects and scopes when configuring iManager RBS.
You might encounter the following error while authenticating iManager on a Server with SLES 9 SP3 or later version:
Unable to create AdminNamespace. java.lang.NoClassDefFoundError when authenticating on SLES 9.
Work around: Install compat-libstdc++-33-3.2.3-61 before installing iManager 2.7.
Because of changes to class structure and organization, iManager plug-ins must be recompiled to work with iManager 2.7. The iManager 2.7 Web site contains all currently available plug-ins, and will be regularly updated with additional plug-ins when they are available. If you add an older plug-in using Add Plug-in link, it does not display an error even though the plug-in is not added. You can view specific error information in the debug log.
Similarly, the OES 2 download includes the currently available iManager 2.7 plug-ins.
NOTE:iManager 2.7 does not allow the user to install old plug-ins that iManager 2.6 supported.
Be aware of the following login-related issues with iManager 2.7:
The iChain® Single Sign-On functionality (including Forward authentication, OLAC, and Form Fill) does not work in a multi-tree environment. iManager 2.7 requires a user name, password, and tree name for login, whereas iChain requires only user name and password.
Form Fill from iChain also fails because the Exit button in the iManager toolbar directs you back to the initial login form. When Form Fill is active, you are simply logged back in to iManager.
In a single server environment, it is possible to use the iManager default settings and iChain will work correctly.
For the same reasons as iChain SSO, NetIdentity can cause problems with iManager login.
When using iManager 2.7 on a NetWare 6.5 SP3 server that was previously running iManager 2.x and Virtual Office, NetIdentity clients see a NetIdentity login dialog box that only requires user name and password, instead of the iManager login dialog box that requires user name, password, and tree name.
If, during the installation, there are problems with the display of the characters, you might need to change the system's character encoding to UTF-8.
Installing remotely through an ssh client might also require UTF-8 character encoding on the client to display characters properly.
For example, set the system variable LC_ALL=de_DE.utf8, then try running the install again.
If you want to install eDirectory and iManager on the same physical machine, you must install eDirectory before you install iManager. This allows eDirectory to perform the initial system configuration as required.
On Windows 2000 and 2003 Server with IIS 5 or 6, installing Groupwise® 7.0 WebAccess to IIS automatically installs Tomcat 5.5.
As the iManager installation begins, the iManager installer program detects that IIS and Tomcat are available for use. The installer reports the inability to stop the iisadmin service. Near the end of the install, the installer reports the inability to start Tomcat.
After the install is completed, GroupWise WebAccess still works, but iManager does not (HTTP 404: Page not found).
Work around: Do not install iManager and GroupWise on the same Windows server.
This most commonly occurs when accessing different versions of iManager with the same browser. Resolve this problem by clearing the browser's stored cookies and cache and restarting the browser.
When this occurs, the following message appears: Unknown meaning for error number - 6016; Please call a Novell provider, but the value is saved. When you access Dynamic Groups, another error message appears: The system encountered an unknown error. Please contact Novell support.
Work around: Give the Time Out setting an adequate and reasonable value.
iManager does not escape special characters automatically. Using a special character in an object name will cause an error unless you manually escape the character. More information about special characters is available in the iManager documentation.
Plug-In Studio can't find RBS Collections that have special characters in their names, so attempting to edit a plug-in that has been previously installed into an RBS Collection with special characters in its name causes the install to fail.
Creating a Property Book, and naming it using special characters might cause a DNS Error 603 message. For more information about naming a Property Book, see “Creating a New Property Book” in the iManager documentation.
To create a plug-in ID that includes extended characters, create the plug-in using standard characters, then use Advanced Properties to change the plug-in display name after it has been created.
Two instances in Firefox and Internet Explorer 7 tabbed views do not maintain connections to two different trees. Internet Explorer 6 maintains one session per instance, while Firefox uses the same session for all instances that use the same profile.
This difference in Web browser behavior gives the appearance that Firefox cannot support two different sessions and that connection information is crossing over. iManager can maintain a connection to two different trees at the same time in the Firefox browser, but only if each instance is using a different profile.
To work different sessions simultaneously, modify your profile using Firefox's Profile Manager. In Firefox 2.0 you can use the -no-remote option when launching Firefox to run multiple profiles simultaneously.
When closing iManager Workstation or SDK, you might encounter a javaw.exe Application Error. The error is benign and does not indicate any system problems or instabilities. You can safely close the error message box and continue working normally.
Using ASCII control characters in a login script might cause an Unhandled Exception Error in iManager. For this reason, Novell recommends using only the standard ASCII character set when creating login scripts.
iManager leverages Macrovision* InstallAnywhere* for its installation routine. Because of this, some of the language translation for the installation routine is provided by Macrovision. Novell has encountered a few errors in these Macrovision translations that it cannot access to correct. For example, when you are prompted to select a language for the installation, the language selection “Slovak” is translated to “Anglictina”, which means English rather than Slovak.
Novell is working with Macrovision to get these translation errors corrected.
The iManager Language Preferences setting does not change the language of eDirectory error messages, even though the language of iManager Web interface is changed.
To work around this issues, change the operating system default language on the eDirectory server that iManager is using.
Novell iManager might not display the links or third row of options in the Property Book, if the window size is minimized.
To work around this issue, expand the window or consider using a resolution greater than 1024 x 768.
When you try to access iManager from a browser, sometimes the Login page fails to load, and displays the following error message:
exception java.lang.NullPointerException com.novell.emframe.fw.servlet.AuthenticatorServlet.service(AuthenticatorServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
The browser cookies might be corrupted.
Work around: Clear the browser cookies, then try to access iManager.
During iManager 2.7 installation, you may not be able to change focus to the dialog that asks if you want to install iManager 2.7 plug-ins without using a mouse. This may prevent you to proceed with the install.
If you perform a non-English install of NetWare 6.5 SP 7, iManager 2.6 is displayed as the product in multiple places during the install. Also, the list of installed products will display a product of iManager 2.6 with a version of 2.7.0. Even though iManager 2.6 is displayed as the product, iManager 2.7 is the version that is installed.
This is the result of the iManager 2.0.2 uninstall not removing the line "Include sys:/tomcat/4/conf/nps-Apache.conf" from SYS:\Apache2\conf\httpd.conf. You will also see a Apache2 startup error in SYS:\Apache2\logs\startup.err.
Work around: You must:
Remove the line "Include sys:/tomcat/4/conf/nps-Apache.conf" from the bottomof the file.
Save the changes.
Start Apache2, ap2webup.
You might encounter the above error when authenticating to eDirectory with iManager 2.7 Workstation or SDK on SLED 10. This indicates the problem while updating NICI. You might notice a message that prime NICI was unsuccessful when you updated NICI.
NICI 2.7.0 is installed with SLED 10 and the Open Desktop Edition add-on (ODE). iManager 2.7 requires NICI 2.7.3 and prompts you to install when you run iManager 2.7 Workstation or SDK for the first time. The issue is because NICI 2.7.0 is not successfully upgraded to NICI 2.7.3. During the update, you get a message that prime NICI was not successful.
Work around: Remove both versions of NICI on the system, ignoring any dependencies. For example, the ODE add-on itself has a dependency on NICI. So, remove NICI by telling the Software Management to ignore the dependency. Re-install NICI 2.7.3 that you got with iManager 2.7 Workstation. Before you install NICI 2.7.3, make sure that you delete the /var/novell/nici directory.
While doing RBS Configuration in Internet Explorer, if you try to open a Data Table Element in a new window or a new tab, you cannot get the desired result. Instead, you should directly click the links.
After installing a plug-in such as, service pack, if you immediately (without waiting at least for 3 Seconds) click, a blank page appears. Now you should restart Tomcat:
For Windows: Restart tomcat services from
For Linux: /etc/init.d/novell-tomcat5 restart
Internet Explorer 6.0 does not display tooltips for the items in a list. So, the iManager mvStringEditor tag does not show tooltips for the values it contains. This is fixed in Internet Explorer 7.0 and it shows tooltips for the values in the iManager mvStringEditor tag.
If the Admin wants to allow all the eDirectory users to access iManager, he should add(case sensitive) to the list in the Configure page.
If the Admin adds an invalid user, for example, Current logged in user is not authorized to configure iManager is displayed.to the list, then he cannot modify the Configure page next time when he visits the page. A message,
Work around: In Configiman.properties file, modify the corresponding line as AllUser=true.
After authentication on iManager 2.7 workstation, the following Security Warning message is displayed:
The information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?
The message is also displayed many times when you go to the tree view, and the other parts of iManager.
Open the security-prefs.js file from <imanager workstation folder>/bin/windows/mozilla/greprefs.(for Windows)
Open the security-prefs.js file from <imanager workstation folder>/bin/linux/mozilla/greprefs.(for Linux)
Modify the following settings from true to false as:
New downloads of Linux workstation have these flags set to false, by default.
iManager workstation might not display error messages, pop-ups, and load pages like Tree View, Object Browse, and Create Objects. This happens when the XULRunner browser cache contains old data of the previous build of iManager 2.7 workstation.
Work around: You must manually clear the data from browser cache.
Go to C:\Users\<username>\AppData\<Profile>\Mozilla\eclipse\Cache (the path varies depending on the configuration and OS).
Delete the data in the Cache directory.
The Object Selector icons in the Group Member and Group Membership property book pages allow you to select the objects that have auxiliary classin their attributes. However, the design for adding such objects to the history requires to be an object type. Therefore, these objects are not added to the history.
You can make a Nested Group also a Dynamic Group and vice versa by using the Object Extension task under Schema role. However, as long as eDirectory allows the auxiliary classes to be added to the objects by using the Object Extension task, iManager does not check them. Therefore, if you make a group as nested and dynamic, it might not properly function.
If you try to uninstall a plug-in from iManager 2.7 without support pack 1, and fail, you cannot uninstall the same plug-in even after installing the support pack 1. Work around: You must manually uninstall.
Changes done to the page order of a Property Book throughhave higher precedence than reordering the for the same Property Book while modifying the through . This is because the latter modifies the Property Book object in the eDirectory, whereas the former is specific to a particular Property Book on particular iManager server.
The user cannot select valued or unvalued attributes select boxes by using keyboard.
Work around: In Firefox 3, press Scroll Lock + Up/Down arrow or Shift + Ctrl + Up/Down arrow.
In Internet Explorer 7, press Scroll Lock + Up/Down arrow.
When you log in to iManager that is connected to eDirectory, where DSFW server is installed, as Administrator, and try to modify the objects under a container, for exapmle, a few objects of type Users, Configuration, Computers, and so on appear as undefined. A “?” is displayed against the object types.
DSFW administrator cannot configure RBS in iManager. He/she fails to do while modifying ACL value. This is because the rights for the DSFW administrator are limited that he/she has the supervisor rights only on the domain and subdomains which he/she manages. But he/she does not have all rights as the Tree administrator.
After upgrading the iManager version to 2.7.2, the custom plugins that are installed prior to 2.7.2, are shown asunder column in the Plug-in Studio page.
Work around: Select the plug-in, then click> . The plug-ins are installed with the features of iManager 2.7.2.
After upgrading the iManager version to 2.7.2, newly added Property Book pages such as Nested Settings, Group Member, and Group Memberships do not appear while modifying a group by using the Modify Group task.
Work around: You should manually assign the pages to the Modify Group property book for the RBS Collection being used, or create a new RBS Collection.
Click> . The RBS Configuration page is displayed.
Click the existing RBS Collection. The Collection: <RBS Collection> page is displayed.
Click thetab, then select the Modify Group, and then click > . The Edit Page List page is displayed.
From the Available Pages: list, select The property book was successfully modified is displayed., , and , then click the Right Arrow so that the selected items are moved to the Assigned Pages: list, and then click . The message,
Click> . The RBS Configuration page is displayed.
Click> . is invoked. This guides you to create a new RBS Collection with the newly added pages.
When the master/parent server is down, the iManager user cannot find the tree root because the information of the tree root is available only with the master/parent server. Because the user cannot find the tree root, he/she cannot log in to the child server which has the replica.
After modifying the values for an attribute with the octet string syntax, the value is not properly saved in the edirectory, and is corrupted. This also happens when a new value is added to the octet string list by using iManager's octet string editor.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2008 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.