NetIQ Identity Manager 4.8.3 Hotfix 1 Common Dependencies Release Notes

1.0 What’s New?

This release includes updates to the following components:

1.1 Support for NICI 3.2.0

This hotfix contains an updated version of NICI (3.2.0) which has a different FIPS 140-2 validated cryptography library with an active certificate.

1.2 Updates for Third-party Components

This hotfix includes an updated version of OpenSSL (1.0.2y).

2.0 System Requirements

You must have the following versions at a minimum to apply this hotfix:

  • eDirectory 9.2.4

  • iManager 3.2.4

  • Identity Manager 4.8.3

3.0 Updating This Hotfix on Linux

When two or more Identity Manager components are installed on the same server, you must stop the corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an update.

This hotfix requires you to update the following components based on your requirement.

3.1 Updating Identity Vault

You can update the Identity Vault as a root or non-root user.

Updating Identity Vault as a Root User

  1. Run the following command to stop the Identity Vault instance:

    ndsmanage stopall

  2. Download and extract the eDirectory-9.2.4-HF1.zip file.

  3. Navigate to the <HF extracted location>/Linux directory.

  4. Run the following command:

    rpm -Uvh patterns-edirectory-9.2.4-1.x86_64.rpm nici64-3.2.0-0.x86_64.rpm netiq-openssl-1.0.2y-0.x86_64.rpm

  5. Run the following command to start the Identity Vault instance:

    ndsmanage startall

Updating Identity Vault as a Non-root User

  1. Log in as a non-root user on the server where Identity Vault is installed.

  2. Run the following command to stop the Identity Vault instance:

    ndsmanage stopall

  3. Log in as a root user and perform the following steps:

    1. Download and extract the eDirectory-9.2.4-HF1.zip file.

    2. Navigate to the <HF extracted location>/Linux directory.

    3. Run the following command:

      rpm -Uvh nici64-3.2.0-0.x86_64.rpm

    4. Copy the nonroot.tar.gz file to the location where Identity Vault is installed. For example, /home/ediruser.

  4. Log in as a non-root user.

  5. Navigate to the location where Identity Vault is installed. For example, /home/ediruser.

  6. Extract the nonroot.tar.gz file.

    tar -xvf nonroot.tar.gz

  7. Run the following command to start the Identity Vault instance.

    ndsmanage startall

3.2 Updating Remote Loader

NOTE:Before updating the Remote Loader, ensure that the following components are stopped:

  • Remote Loader instance

  • Driver instance running with the Remote Loader

  1. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  2. Navigate to the <HF extracted location>/common/Linux directory.

  3. (Conditional) If you are running a 64-bit Remote Loader, navigate to the x86_64 directory and run the following commands:

    rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm

    rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm

  4. (Conditional) If you are running a 32-bit Remote Loader, navigate to the i586 directory and run the following command:

    rpm -Uvh netiq-openssl-32bit-1.0.2y.x86_64.rpm

  5. Start the Remote Loader instance and the driver instance.

3.3 Updating Fanout Agent

NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:

  • Fanout Agent instance

  • Driver instance

  1. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  2. Navigate to the <HF extracted location>/common/Linux/x86_64 directory.

  3. Run the following command to update NICI:

    rpm -Uvh nici64-3.2.0-0.00.x86_64.rpm

  4. Start the Fanout Agent instance and the driver instance.

3.4 Updating iManager

  1. Stop the iManager Tomcat instance:

    rcnovell-tomcat9 stop

  2. Download and extract the iManager-3.2.4-HF1.zip file.

  3. Navigate to the <HF extracted location>/Linux/ directory.

  4. Run the following commands:

    rpm -Uvh netiq-openssl-1.0.2y-0.x86_64.rpm

    rpm -Uvh nici64-3.2.0-0.x86_64.rpm

  5. Start the iManager Tomcat instance.

    rcnovell-tomcat9 start

3.5 Updating Identity Applications

  1. Stop the Tomcat service.

    systemctl stop netiq-tomcat.service

  2. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  3. Navigate to the <HF extracted location>/common/Linux/x86_64 directory.

  4. Run the following command to update OpenSSL:

    rpm -Uvh netiq-openssl-1.0.2y.x86_64.rpm

  5. Restart the NGINX service:

    systemctl restart netiq-nginx.service

  6. (Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.

    systemctl restart netiq-postgresql.service

  7. Start the Tomcat service:

    systemctl start netiq-tomcat.service

3.6 Updating Identity Reporting

This hotfix does not contain any updates for Identity Reporting.

4.0 Updating This Hotfix on Windows

When two or more Identity Manager components are installed on the same server, you must stop the corresponding services before updating to this hotfix. For example, if Identity Vault and iManager are installed on the same server, you must stop the Identity Vault and the iManager Tomcat services before performing an update.

This hotfix requires you to update the following components based on your requirement.

4.1 Updating Identity Vault

  1. Stop the Identity Vault service.

  2. Download and extract the eDirectory-9.2.4-HF1.zip file.

  3. Navigate to the <HF extracted location>\Windows directory.

  4. Copy all the files to the location where Identity Vault is installed. For example, C:\NetIQ\eDirectory.

  5. Run the NICI_wx64.msi to upgrade NICI.

  6. Start the Identity Vault service.

4.2 Updating Remote Loader

NOTE:Before updating the Remote Loader, ensure that you perform the following steps:

  • Stop the Remote Loader instance

  • Stop the Driver instances running with the Remote Loader

  • Close the Remote Loader Console

  1. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  2. (Conditional) If you are running a 64-bit Remote Loader, perform the following steps:

    1. Navigate to the <Identity Manager installed location>\Common\OpenSSL folder.

    2. Back up the libeay32.dll and ssleay32.dll files.

    3. Open command prompt and navigate to the <HF extracted location>\common\Windows\x86_64 folder.

    4. Run the NetIQ-OPENSSL.exe:

      NetIQ-OPENSSL.exe -i PRODUCT_NAME=IDM PRODUCT_VERSION=4.8.3.0 STAND_ALONE_UPGRADE=true

    5. (Conditional) If Remote Loader is running on a standalone server, perform the following steps:

      1. Navigate to the <HF extracted location\common\Windows\x86_64 folder.

      2. Run the NICI_wx64.msi to upgrade NICI.

  3. (Conditional) If you are running a 32-bit Remote Loader, perform the following steps:

    1. Navigate to the <Identity Manager installed location>\RemoteLoader\32bit folder.

    2. Back up the libeay32.dll and ssleay32.dll files.

    3. Navigate to the <HF extracted location>\common\Windows\i586 folder.

    4. Copy the libeay32.dll and ssleay32.dll files to the <Identity Manager installed location>\RemoteLoader\32bit folder.

    5. Run the NICI_w32.msi to upgrade NICI.

  4. Start the Remote Loader instance and the driver instance.

4.3 Updating Fanout Agent

This procedure applies only if Fanout Agent is installed on a standalone server.

NOTE:Before updating the Fanout Agent, ensure that the following components are stopped:

  • Fanout Agent instance

  • Driver instance

  1. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  2. Navigate to the <HF extracted location>\common\Windows\x86_64 directory.

  3. Run the NICI_wx64.msi to upgrade NICI.

  4. Start the Fanout Agent instance and the driver instance.

4.4 Updating iManager

  1. Log in to the server where iManager is installed.

  2. Stop the Tomcat service.

  3. Navigate to the location where iManager is installed. For example, <Identity Manager installed location>\IDM\iManager\Tomcat\webapps\nps\WEB-INF\bin\windows.

  4. Back up the libeay32.dll, ssleay32.dll, openssl_checksum.txt and openssl_checksum.txt.asc files.

  5. Download and extract the iManager-3.2.4-HF1.zip file.

  6. Navigate to the <HF extracted location>\Windows folder.

  7. Copy the libeay32.dll, ssleay32.dll, openssl_checksum.txt and openssl_checksum.txt.asc files to the path where iManager is installed.

    For example, <Identity Manager install location>\IDM\iManager\Tomcat\webapps\nps\WEB-INF\bin\windows.

  8. Navigate to the <HF extracted location>\Windows folder.

  9. Run the NICI_wx64.msi file.

  10. Start the Tomcat service.

4.5 Updating PostgreSQL

NOTE:This procedure applies only if you are using the PostgreSQL shipped with Identity Manager and you are running PostgreSQL 12.2 or later versions.

  1. Log in to the server where PostgreSQL is installed.

  2. Navigate to the location where PostgreSQL is installed. For example, C:\NetIQ\IDM\postgres.

  3. Navigate to the bin folder and back up the libeay32.dll and ssleay32.dll files.

  4. Stop the NetIQ PostgreSQL service.

  5. Download and extract the Identity_Manager_4.8.3_HF1_Common_deps.zip file.

  6. Navigate to the <HF extracted location>\common\Windows\x86_64 folder.

  7. Copy the libeay32.dll and ssleay32.dll files to the path where PostgreSQL is installed. For example, C:\NetIQ\IDM\postgres\bin.

  8. Start the NetIQ PostgreSQL service.

4.6 Updating Identity Applications

This hotfix does not contain any updates for Identity Applications.

4.7 Updating Identity Reporting

This hotfix does not contain any updates for Identity Reporting.

5.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Release Notes. If you need further assistance with any issue, contact Technical Support.

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

7.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

© 2021 NetIQ Corporation. All Rights Reserved.