NetIQ Identity Manager Designer 4.5 Release Notes

March 2015

NetIQ Identity Manager Designer 4.5 includes new features, improves usability, and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forums, our community Web site that also includes product notifications, blogs, and product user groups.

You can upgrade to Designer 4.5 from Designer 4.0.1 or later, or perform a new installation. Designer 4.5 includes all fixes and features addressed in Designer 4.0.2 Auto Update releases. For information about what’s new in previous releases, see the “Previous Releases” section in the Identity Manager Documentation Web site.

The documentation for this product and the latest release notes are available on the NetIQ Web site on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site.

To download this product, see the Identity Manager Product Web site.

1.0 What’s New?

The following outline the key features and functions provided by this version, as well as what has changed in this release:

1.1 64-Bit Designer

Designer 4.5 works natively on 64-bit systems. The Designer Installer installs the appropriate versions (32 bit or 64 bit) depending on the platform.

1.2 Updated Eclipse Framework

Designer 4.5 now uses Eclipse 4.3.

1.3 Startup and Shutdown Policy Sets in Policy Flow View

These policy sets are visible for drivers with engine version 4.0.2 Patch 3 or later.

1.4 Improved Job Deployments

Designer now sets up necessary rights for running a job during job deployment.

1.5 Editing Icons Is No Longer Supported

However, you can still import icons into Designer.

1.6 Support for Out of Band Sync On Subscriber Channel

This option is available only for Filter attributes on the Subscriber channel. It allows you to assign a higher priority to the selected attribute to process it before other attributes in the queue.

For more information about the Perform Out of Band Sync (Subscriber) Option, refer to Changing the Filter Settings in the NetIQ Identity Manager Policies in Designer Guide.

1.7 Creating Resource Subcontainers From a CSV File

To create resource subcontainers while importing resources from a CSV file, add a subcontainer field to the CSV file.

1.8 Package Manager Enhancements

  • Designer now supports deprecating packages. Designer polls for the list of deprecated packages during online package updates and notifies the users of the deprecations in all package manager operations, as required.

  • You can now view Package Readme during package upgrades.

  • Designer now prompts for migrating linkages at startup for older projects.

1.9 Support for Integer 64

Designer now supports creating and deploying schema attributes with syntax "Integer 64".

1.10 Updating Schema During Deploy

Designer now automatically updates the eDirectory schema during deploy operations when required. For example, it adds the DirXML-pkgLinkages attribute to the eDirectory schema if it does not exist while deploying.

1.11 Do Not Use the Package After/Before Linkage Option

The Package After/Before Linkage option of Package Manager might not work as expected. To confirm if you are using these package linkages, run the Project Checker.

As an alternative, NetIQ recommends that you use the Package Weights option of Package Manager to order the policies in a policy set.

1.12 Creating the deprecated.properties file On Custom Package Update Site

Designer automatically generates the deprecated.properties file if the update site is created by using the Designer package build and publish mechanism. This file contains the required instructions for building the list of deprecated packages.

If you have created your own update site, create a deprecations folder on the site and include a deprecated.properties file in this folder.

1.13 Designer Update Site Has Changed

NetIQ provides a new update site for downloading the Designer updates and packages. NetIQ recommends that you start using the new update site even though it continues to support the existing update site for updating the older versions of Designer. To receive notifications from the new update site, include the new URLs in your Designer. (Bug 905397)

To include the new URL of the Designer update site in Designer, do the following actions:

  1. Launch Designer.

  2. From Designer’s main menu, click Windows > Preferences > NetIQ > Identity Manager > Updates tab and change the value of the URL field to https://nu.novell.com/designer/updatesite4_5_0/.

  3. Click Apply, then click OK.

To verify whether the new URL is working,

  1. Launch Designer.

  2. From Designer’s main menu, click Help > Check for Designer Updates.

    If your version of Designer is up‐to‐date, a prompt informs you that no updates are available. If an update is available, a prompt lists components that you can update.

  3. If the updates are available, select the updates and then click OK.

To include the new URL of the package update site in Designer, do the following actions:

  1. Launch Designer.

  2. From Designer’s main menu, click Windows > Preferences > NetIQ > Package Manager > Online Updates and click the plus icon to add the new URL as https://nu.novell.com//designer/packages/idm/updatesite2_0_0/.

  3. Click OK.

  4. Select the required check boxes for the update sites in the Preferences window.

  5. Click Apply, then click OK.

To verify whether the new URL is working,

  1. Launch Designer.

  2. From Designer’s main menu, click Help > Check for Package Updates.

    If there are no package updates, Designer returns a message stating that no updates are available. If an update is available, a prompt lists the packages with newer versions.

  3. From the list of available packages, select the required version for update and click Yes.

2.0 System Requirements

For information about prerequisites, computer requirements, installation, upgrade or migration, see Considerations and Prerequisites for Installation in the NetIQ Identity Manager Setup Guide.

3.0 Installing Designer 4.5

After you purchased Identity Manager 4.5, log in to the Identity Manager Product Web site and follow the link that allows you to download the software. The following files are available:

Table 1 Identity Manager ISO Images

ISO

Platform

Description

Identity_Manager_4.5_Linux.iso

Linux

Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, Identity Reporting Module, and Identity Applications.

Identity_Manager_4.5_Windows.iso

Windows

Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, Identity Reporting Module, and Identity Applications.

Identity_Manager_4.5_Linux_Standard.iso

Linux

Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, and Identity Reporting Module.

Identity_Manager_4.5_Windows_Standard.iso

Windows

Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, and Identity Reporting Module.

You can install Designer using the product installer or through integrated installation program that bundles the latest versions of all necessary components for Identity Manager. For more information about prerequisites, computer requirements, installation, or upgrade, see Installing Designer in the NetIQ Identity Manager Setup Guide.

To download the installation kits, see the NetIQ Downloads Web Site.

4.0 Upgrading to Designer 4.5

You can upgrade to Designer 4.5 from Designer 4.0.2 or 4.0.1 using the Designer installation program. For the supported upgrade paths for 4.5, see Preparing to Upgrade Identity Manager in the NetIQ Identity Manager Setup Guide.

You cannot use the integrated installation process to upgrade an existing installation of Designer. For more information, see Upgrading Identity Manager in the NetIQ Identity Manager Setup Guide.

5.0 Offline Updates to Designer

Designer provides an in-built auto-update feature that notifies you of new features available at the Online Update Web site. This feature allows you to download Designer package and patch updates when the computer that has Designer installed is connected to the Internet.

You also can perform an offline update of Designer when the computer that has Designer installed is not connected to the Internet. To perform an offline update, first download the required contents from the Designer and Package Update Web sites on a local or remote computer and then point Designer to the directory containing the downloaded files.

5.1 Updating Designer in Offline Mode

To update Designer in offline mode, create an offline copy of the Designer update files and then configure Designer to read the patch updates from the files copied to the local computer.

To create an offline copy of the Designer update files on Linux, perform the following actions:

  1. Log in to the computer that has Designer installed and create a local directory.

  2. Download the latest patch zip file for Designer version from the specified location and unzip the files into the local directory.

To configure Designer to read the patch updates from the files copied to the local computer, perform the following actions:

  1. Launch Designer.

  2. From Designer’s main menu, click Windows > Preferences.

  3. Click NetIQ > Identity Manager and select the Updates tab.

  4. Select the Do not check for updates option and deselect all the other check boxes.

  5. Specify the URL field value as file:///<path_to_files>/updatesite4_5_0/.

    For a Linux mounted ISO, use the following URL format: file:////media/designer450offline/updatesite4_5_0/.

  6. Click Apply, then click OK.

  7. From Designer’s main menu, click Help > Check for Designer Updates.

  8. Select the required updates and click Yes to accept and update the Designer patch updates.

    You need to launch Designer again for the changes to take effect.

5.2 Updating Designer Packages in Offline Mode

To update Designer packages in offline mode, create an offline copy of the package update files and then configure Designer to read the package updates from the files copied to the local computer.

To create an offline copy of the package update files on Linux, perform the following actions:

  1. Log in to the computer that has Designer installed and create a local directory.

  2. In a shell, change to this directory and run the following commands to copy the Designer package update files:

    wget -r -nH -np https://nu.novell.com//designer/packages/idm/updatesite1_0_0/

    wget -r -nH -np https://nu.novell.com//designer/packages/idm/updatesite2_0_0/

To configure Designer to read the package updates from the files copied to the local computer, perform the following actions:

  1. Launch Designer.

  2. From Designer’s main menu, click Windows > Preferences.

  3. Click NetIQ > Package Manager > Online Updates.

  4. Click the plus icon to add a new URL.

  5. Provide information for the following fields:

    1. Vendor: Specify the vendor name for package update.

    2. URL: Specify the URL as file:///<path_to_files>/packages/idm/updatesite1_0_0/.

      For Linux mounted ISO, use the following URL format:

      file:////media/designer450offline/packages/idm/updatesite1_0_0/

      file:////media/designer450offline/packages/idm/updatesite2_0_0/

      NOTE:To add multiple package sites, repeat this step for including the specified URLs.

  6. Click OK.

  7. Select the required check boxes for the sites in the Preferences window.

    NOTE:The new sites are selected by default.

  8. Click Apply, then click OK.

  9. From Designer’s main menu, click Help > Check for Package Updates.

  10. Select the required updates and click Yes to accept and update the Designer package updates.

    You need to launch Designer again for the changes to take effect.

6.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

6.1 Installation Issues

Installing on English Windows with the East Asian Language Pack and with a Double-Byte Install Path

When you are installing on a path where there are double-byte characters and if your operating system is running the English version of Windows with the East Asian Language Packs installed, the install package throws an error, saying that it cannot extract the compressed file. There are known issues with using double-byte character sets (DBCS) in Windows file paths that come from the operating system (OS) vendor or the install framework vendor. Alternatively, you can install to DBCS paths, when you are installing to a localized version of the operating system.

Warning Messages When You Start Designer After Installing

The following warning messages appear on the SUSE Linux Enterprise Desktop ( SLED 11) platform:

Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: cannot open shared object file: No such file or directory
Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directory

It is safe to ignore these messages. (Bug 492755, Bug 494258)

Establishing Communication with eDirectory Within Designer 4.5 Causes an Error on Windows 7

Issue: This issue occurs because a previous version of NICI might not have uninstalled properly and might have some residual files left on the file system. (Bug 542862)

Workaround: To work around the issue, remove all the NICI files from the system and reinstall Designer.

NICI Fails to Install on Windows During Designer Installation

Issue: Sometimes, if the path of the Designer executable is too long, the following error message appears while installing Designer:

Error Executing the Specific Program

C:\Users\Administrator\AppData\Local\Temp\pftE915~tmp\Disk1\Setup.exe -s -f1C:\Users\Administrator\Desktop\designer_cdimage_win\linux\final\designer_win32\designer_install\components\nici\wcniciu0.iss -f2C:\Users\Administrator\AppData\Local\Temp\designerNici.log

Though this error message is displayed, Designer installation completes successfully, however NICI fails to install. (633185)

Workaround: To work around this issue, manually install NICI by running the <Designer Install Location>\components\nici\wcniciu0.exe command.

Installer Does Not Create a Designer Desktop Shortcut on Non-English openSUSE Servers

If you install Designer 4.5 on an openSUSE server in a non-English environment, the installer does not create a Designer shortcut icon on the desktop. (Bug 751561)

Integrated Installer installs Designer by default on Red Hat 6.5 platform

Designer is not supported on Red Hat 6.5.

The User Interface is Not Readable When Active Directory Base is installed in Non-English Locales

When Active Directory Base is installed, some of the User Interface items are displayed incorrectly in the Remote Loader page in the Driver Configuration wizard.

There is no fix for this issue.

6.2 General Issues

The Project Converter Does Not Support Remotely Mounted Workspace

Issue: If you convert Designer 3.5 project to Designer 4.5 after mounting the Designer 3.5 workspace in the local computer where Designer 4.5 is installed, the Project Converter does not convert the Designer 3.5 project. (Bug 658159)

Workaround: Copy the Designer 3.5 workspace to the local computer where Designer 4.5 is installed, and then run the Project Converter.

The Internal Web Browser Does Not Work on Linux Platforms in Designer

Issue: The internal Web browser does not work as expected because of XULRunner issues. (Bug 612438)

Workaround: Navigate to the external browser from Designer > Windows > Preferences > General > Web Browser > Use External Web Browser. This brings up the iManager URL through the system default Web browser, such as Mozilla Firefox or Microsoft Internet Explorer.

Setting the LDAP Ports Correctly After Importing a Project into Designer

Issue: When you create a project after importing it from a live system in Designer, Designer does not set the ports correctly in the Identity Vault Properties view. (Bug 680745)

Workaround: Change the LDAP ports in the Identity Vault Properties view before deploying the imported project.

Designer Does Not Support Using dn-ref Job Parameters as Package Prompts

Designer does not support using job parameters of the dn-ref type as package prompts. If you are required to add a dn-ref job parameter as a package prompt, use a dn job parameter as a package prompt, instead. (Bug 806651, Bug 777509)

Cannot Configure Query Token to Read Multiple Attributes Using Argument Builder

In the Policy Builder, when you create a new rule and use a Query token in an action within the rule, you can only use the Argument Builder to specify a single attribute for the query to read. If you add more than one attribute, Designer uses only the most recently added attribute in the query.

If you must add multiple attributes to a Query token, you can either add attributes in Policy Builder without opening the Argument Builder or modify the XML to include the attributes you want to add.

To add attributes in Policy Builder, click the plus icon for each attribute you want to add and specify the attribute values you want to add into the Read attribute fields. Do not click the Edit the arguments icon. Click Finish, and Policy Builder appends the attributes to the expression rather than replacing the existing attribute.

To add attributes in the XML, open the policy in Policy Builder, click the XML Source tab, and manually add the additional attributes as new token-text elements within the token-query element. (Bug 828001, Bug 809728, Bug 676701)

Argument Builder May Not Successfully Remove Arguments from Specific Actions

If you previously upgraded your Designer installation to Designer 4.5 and then used the Argument Builder to remove an argument from one of the several types of actions and add a new argument, the Argument Builder may not remove the previous argument from the action. With the duplicate argument, the action cannot function properly.

This issue affects the following actions:

  • append XML text (do-append-xml-text)

  • rename destination object (do-rename-dest-object)

  • rename source object (do-rename-src-object)

  • set operation class name (do-set-op-class-name)

  • set operation property (do-set-op-property)

  • set XML attribute (do-set-xml-attr)

  • status (do-status)

  • trace message (do-trace-message)

If you upgraded to 4.5 and modified one of the above actions in a policy rule, reopen the policy in Policy Builder, click the XML Source tab, and manually remove any duplicated arguments in the rule XML.

To avoid this issue, NetIQ Corporation recommends that you immediately upgrade your Designer environment to Designer 4.5 while modifying any of the above actions. (Bug 810407, Bug 809428)

Designer May Not Properly Display User Application Driver Packages After Upgrading

Issue: If you create a non-base package for a User Application driver in Designer and then upgrade to Designer version 4.5 AU3, Designer does not display the package in the Available Packages list when you install the User Application driver. (Bug 827294, Bug 789499)

Workaround: To install the package, clear Show only applicable package versions, select the appropriate package, and then click Next.

Designer Cannot Merge Different Global Configuration Value Versions During Driver Import

If you install a driver in Designer that includes at least one global configuration value (GCV) and then try to import a second version of the driver that has a modified version of the existing GCV, Designer displays a message saying the global variables could not be merged.

Designer does not currently support merging existing GCVs during the driver import process, irrespective of whether the conflicting GCVs are located on the driver, in the driver set, or in any GCV resource objects. (Bug 838471, Bug 841105)

Designer Does Not Re-import Roles or Resources Previously Exported to XML

Issue: If you create a role or resource subcontainer in the Provisioning view Role Catalog, add a role or resource to that subcontainer, export the Role Catalog to an XML file, then delete the subcontainer and role or resource and attempt to recover the role or resource by importing from the XML file, the import does not recreate the role or resource. (Bug 846134, Bug 846604)

Workaround: To import Role Catalog subcontainers and objects from an XML file, you must create a new User Application driver and import the XML file into that driver’s Role Catalog.

Designer Overwrites Modified Package Linkage Order on Update

If you modify the order of linkages within a package, Designer does not recognize the package as being customized. Subsequently, if you update the package, Designer overwrites the modified linkage order with the linkage order specified in the updated package. (Bug 845207)

A Failure Message is Displayed When a Deleted Role Container or Subcontainer Is Deployed

Issue: If you delete a container or subcontainer that contains roles and then attempt to deploy it, deployment fails. This is because, by design, a container or subconatainer that contains roles cannot be deleted. (Bug 846814, Bug 846359)

Workaround:

  1. Delete the roles contained in the container or subcontainer.

  2. Deploy the container or subcontainer and wait for the Roles driver to delete the roles.

  3. After the roles are deleted, delete the container or subcontainer.

  4. Deploy the container containing the subcontainer that you deleted.

Error Message is Displayed When Notification Templates Are Edited in the E-Mail Template Editor

When you edit a notification template in the E-Mail Template Editor, an error message is displayed in the Error tab. For example, if you open an HTML e-mail template, such as the Forgot Hint link and enter some text in the body tag, an error notification is displayed in the Error tab. (Bug 879626)

Resource and Resource Containers Are Missing When Objects Are Imported From Resources in the Provisioning View

Issue: When you import provisioning objects (from XML files) from Resources in the Provisioning view, the containers and the objects inside them are neither imported successfully nor displayed in the Provisioning view, as expected. Instead, the containers are missing and only the resources are displayed. (Bug 847299)

Workaround: Import the provisioning objects (XML files) by right-clicking Role Catalog and not Resource. This ensures that the resource and resource containers are imported and displayed in the Provisioning view.

Performing an Update on a Provisioning Folder With an Existing Name Throws a Version Control Error

When you create two User Application drivers with the same name and perform an Update operation, a version control error is thrown. This is because of a conflict that occurs when one user commits the changes made to the project and at the same time, another user updates the same project.

For more information about managing packages in version control, refer to “Managing Packages Best Practices” in the NetIQ Designer for Identity Manager Administration Guide. (881818)

The Font Size of Some Tabs in the Designer 4.5 User Interface (UI) Appear Big When You Run Designer on a 24 Inches Monitor with 1920 x 1200 Resolution on Linux

To work around this issue, follow the instructions mentioned in this Web site: http://blog.nanthrax.net/2012/07/change-tab-font-in-eclipse-juno/. (Bug 889167)

Newly Created Empty Roles and Resources Sub-Container Shows Equal When Compared With the IDV Live Server

When you compare a newly created empty roles or resource sub-container (by clicking Live-Compare in Provisioning View), the Designer/eDir Object Compare window does not show the compare status as unequal. Instead, it shows equal. (Bug 890543)

Ports for Deploying the Entitlement Policy

The default port for deployment is port 389. You can also deploy the entitlement policy using other ports, such as port 636. In Modeler, go to the Properties view and select Identity Vault. Change useLDAPSecureChannel setting to True.

6.3 Linux Issues

Running Designer on Linux With gtk-qt-

NetIQ Corporation recommends that you do not run Designer with the gtk-qt-engine RPM installed, because it causes crashes and Designer theme issues. This RPM package is installed with SUSE Linux and some other Linux distributions.

If you must use the gtk-qt-engine RPM package, obtain the latest version that you can download from the KDE-Look Web site. Note that even with the latest version of the package, the Designer theme functionality might not be present.

To determine whether you have the gtk-qt-engine RPM package installed, enter:

rpm -qa|grep gtk-qt

If gtk-qt-engine appears in the list, run the following command as the root user to remove the package:

rpm -e gtk-qt-engine

Designer Launch Fails on SLED 10.3 or SLED/SLES 11

Adding XULRunner to Designer.ini on SLED 10.3 or SLED 11 64-Bit

To launch Designer, you must add the appropriate version of XULRunner to the Designer.ini file using the following steps:

  1. Check the XULRunner version in the /usr/lib directory.

  2. Open the Designer.ini file from the Designer installation directory.

  3. If you are running SLED 10.3, add the following line at the end of the Designer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.8.1.21/
    
  4. If you are running SLED 11, add the following line at the end of the Designer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
    
  5. Save the Designer.ini file, then launch Designer. (Bug 617010)

JVM Crashes When Launching Designer, the Welcome Page, or Opening Help on 64-Bit Linux

Issue: If the 32-bit version of XULRunner is installed on a 64-bit Linux distribution, the JVM might crash when you launch Designer, when the Welcome Page displays, or when you view a Help topic. (Bug 748277, Bug 749437)

Workaround:

  1. Open the Designer.ini file located in the Designer installation directory.

  2. Add the following line at the end of the Designer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
    
  3. Save the Designer.ini file, then launch Designer.

The Welcome Page Is Not Displayed on Some Linux Distributions

Issue: If the Welcome page is not displayed correctly on Linux, it is probably because your version of XULRunner is not compatible with Eclipse. Designer uses the embedded browser that XULRunner provides in a few places, including the Welcome page and the Help system.

Workaround: To download a compatible version of XULRunner:

  1. Download the XULRunner installer for Linux from the Mozilla FTP site.

  2. Unregister your current version of XULRunner by running the following command as root:

    xulrunner --unregister-global
    
  3. Follow the instructions to install XULRunner.

  4. Restart Designer, then confirm that the Welcome page is working, as expected.

An Exception Occurs while Browsing the Designer 4.5 Help System

Issue: When you browse the Help content on the openSUSE 11.2 platform, it throws an exception. This is probably because your version of XULRunner is not compatible with Eclipse. (Bug 609379)

Workaround:

  1. Download the xulrunner-1.8.1.3.en-US.linux-i686.tar file and install it on openSUSE 11.2.

  2. Open the Designer.ini file from the Designer installation directory, then add the following line at the end:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner
    
  3. Save the Designer.ini file, then restart Designer.

Designer Does Not Display Welcome Page Properly in openSUSE 11.4

Issue: When you install Designer on an openSUSE 11.4 server, Designer does not display the Welcome page correctly. (Bug 754029)

Workaround: Install XULRunner 1.9.2 on the openSUSE server:

  1. Open the Designer.ini file located in the Designer installation directory.

  2. Add the following line at the end of the Designer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9.2/
    
  3. Save the Designer.ini file, then launch Designer.

Designer Crashes on Performing a Live Import

Issue: When you perform a live import in Designer 4.5 that is running on eDirectory 8.8 SP7, Designer crashes. This is caused by a NICI library mismatch because Designer 4.5 is designed to work on eDirectory 8.8 SP8 that has NICI 2.7.7, whereas eDirectory 8.8 SP7 uses NICI 2.7.6. (Bug 872479)

Workaround: Either upgrade to eDirectory 8.8 SP8 or use the following procedure:

  1. Stop Designer.

  2. Execute the following command:

    export
    LD_LIBRARY_PATH=/opt/novell/lib64/:/opt/novell/eDirectory/lib64/:/opt/novell/eDirectory/lib64/nds-modules/
    
  3. Start Designer using the ./Designer command.

    Do not use the StartDesigner.sh command.

6.4 Workflow/Provisioning Issues

Resources Associated with Roles Are Not Deleted from the Resources List of the Role Editor

Issue: Under the Resources List in the Role Editor, a read-only list of the associated resources is available along with the role. The information in this list is obtained and updated for all the roles when the Role Catalog is imported from eDirectory. You can see new resource associations but not the resource associations that have been removed in the User Application. (Bug 516730)

Workaround: Ensure that the deleted resource associations are removed from the Resources List:

  1. Before performing a Live Import from the Role Catalog, go to the Navigator View, then navigate to the \MyProject\Model\Provisioning\AppConfig\RoleConfig\ResourceAssociations folder.

  2. Remove all the files in the folder except the ResourceAssociations.digest file.

  3. From the Provisioning View, select the Role Catalog object, then run the Live Import to import all of the resource associations again and to provide the updated correct information.

Designer Throws Error When Deploying Role Catalog After Deleting Role or Resource Subcontainers

Issue: If you create a role or resource subcontainer, add one or more objects to the subcontainer, deploy the Role Catalog, and then delete the subcontainer and try to re-deploy the Catalog, Designer throws a java.lang.NullPointerException error message.

This issue occurs because Designer does not immediately delete role or resource objects when you delete those objects in the Role Catalog. Instead, Designer marks the objects for deletion by the Role and Resource Service Driver when the driver deploys the Catalog to the Identity Vault. (Bug 846814)

Workaround: Complete the following steps:

  1. In the Provisioning view, right-click the role or resource object located in the subcontainer you want to delete and select Delete.

  2. Select Delete object in identity vault on deploy of parent container, then click OK.

  3. Right-click Role Catalog and select Live > Deploy All.

  4. Click Deploy, then click OK.

  5. To verify the Role and Resource Service Driver has deleted the role, log into iManager.

  6. In iManager, click View Objects.

  7. In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.

  8. Click the container where the role was previously stored. If the role is still in the container in the Identity Vault, refresh until the Role and Resource Service Driver removes the role.

  9. In the Provisioning View in Designer, right-click the subcontainer you want to remove and select Delete, then click OK.

  10. Right-click Role Catalog and select Live > Deploy All.

  11. Click Deploy, then click OK.

Designer Displays Incorrect Status When Deleting Roles

Issue: Designer currently displays deployment status incorrectly when you delete a role from the Role Catalog in Designer and then deploy the Catalog to the Identity Vault. In some instances, when the Role and Resource Service Driver successfully deletes a role from the Identity Vault, Designer incorrectly displays a failure message. At the same time, if the Role and Resource Driver is stopped, Designer incorrectly displays a success message. (Bug 846029, Bug 847047)

Workaround: To verify that the Role and Resource Driver removed the role you deleted from the Identity Vault, complete the following steps:

  1. Log in to iManager and click View Objects.

  2. In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.

  3. Click the container where the role was previously stored.

  4. When finished, close iManager.

Updating Any User Application Package Causes Designer 4.5 to Create Duplicate Objects and Block Deploying the Driver

Issue: If you install Designer 4.5 in your environment, import or create the User Application driver, and then upgrade or downgrade any of the User Application driver packages, Designer creates duplicate objects in the DAL, including objects in the User, Provisioning, Role, and Resource categories. Because of the duplicate objects, Designer does not deploy the driver to the live environment, and the driver does not function, as expected. (Bug 855670, Bug 857475, Bug 826765)

Workaround: Complete the following steps:

  1. Start Designer.

  2. When prompted to check for Designer updates, select Yes and click OK.

  3. Update your Designer installation to the 4.5 AU4 version.

  4. Delete the existing User Application driver.

  5. (Conditional) If the Identity Vault contains a previous version of the User Application driver, complete the following steps:

    1. In the Modeler, right-click the driver set and select Live > Import.

    2. Click Browse.

    3. Select the User Application driver in your Identity Vault and click OK, then click Continue.

    4. Click Yes to confirm.

    5. Click Import, then click OK when finished.

  6. (Conditional) If you have a previous backup of the User Application driver, complete the following steps:

    1. In the Modeler, right-click the driver set and select Import from Configuration File.

    2. Click Browse, then navigate to the location of the backed-up User Application driver configuration file.

    3. Select the XML file and click OK, then click OK again.

    4. Provide the requested information for the imported driver and click Next.

    5. Click OK when finished.

  7. In the Modeler, right-click the User Application driver and select Driver > Properties.

  8. Click Packages.

  9. Perform any necessary upgrade or downgrade procedures, then click OK.

  10. Right-click the driver and select Driver > Live > Deploy, then follow the steps in the Deployment Summary.

6.5 Document Generation Issues

The Document Generator Does Not Generate Documentation for Roles-Based Objects

Designer 4.5 does not generate documentation for roles-based entitlement policies or roles-based provisioning module resources. For more information about generating documentation for projects, see “Documenting Projects” in the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide. (Bug 480369)

Cannot Generate Documentation for Projects with Large Numbers of Drivers or Large RBPM Deployments

In Designer projects with more than 40 drivers installed or very large roles-based provisioning module deployments, the Document Generator fails with an out-of-memory error.

This error occurs due to limitations in the Apache FOP print formatter that Designer uses to generate documentation. For information on the memory-usage limitations of the FOP formatter and suggestions for improving memory usage, see “Memory Usage” on the Apache FOP Project page . (Bug 796616, Bug 520231)

Generated Documents Are not Listed in Projects View Automatically

Issue: When you generate a document in Designer, it is not listed in the Generated folder in the project, though it (the generated PDF document) opens without any errors. (Bug 879625)

Workaround: Refresh the Generated folder to make the generated document available in the list.

6.6 Backward Compatibility Issues

Designer 4.5 Does Not Support 2.1.1 Workspaces

Designer 2.1.1 workspaces are not compatible with Designer 4.5. Designer stores projects and configuration information in a workspace. These workspaces are not compatible from one version of Designer to another. You must point Designer 4.5 to a new workspace and not to a workspace that was used by a previous version of Designer.

Designer 4.5 Does Not Support Conversion of Projects Older than Designer 3.0

To work around this issue, convert the older projects to Designer 3.0.1, then import them into Designer 3.5. (Bug 531135)

6.7 Upgrade Issues

Upgrading from Designer 3.0.1 to Designer 4.5 is Not Supported

Designer 3.5 and later is a full-fledged RCP application. It does not support upgrades from versions of Designer prior to 3.5. If you import a Designer 3.0.1 project into the latest release of Designer, Designer automatically converts the project to version 4.5 so that the project can be used in the latest Designer release. (Bug 531690)

Manually Modify and Deploy Schema Changes After Upgrading to Designer 4.5

Issue: If you create a project using a previous version of Designer and then upgrade your environment to Designer 4.5, you must manually update and deploy the schema to be able to work with the project.

In addition, if you create a project using a previous version of Designer and then import that project into a Designer 4.5 environment, you must also perform the schema update and deploy the updated schema. (Bug 845210)

Workaround: To modify and deploy Designer 4.5 schema changes, complete the following steps:

  1. In the Modeler, right-click the Identity Vault and select Manage Vault Schema.

  2. In the Classes list, select DirXML-PkgItemAux.

  3. In the Attributes window for the DirXML-PkgItemAux class, click the Add Optional icon.

  4. In the Select Optional Attribute window, select DirXML-pkgLinkages and click OK.

  5. Click OK.

  6. Save your Designer project.

  7. Right-click the Identity Vault and select Live > Schema > Compare.

  8. Click the drop-down menu and select Show all.

  9. Expand Attributes and select DirXML-pkgLinkages.

  10. If the Compare Status is Unequal, select Update eDirectory.

  11. Expand Classes and select DirXML-PkgItemAux.

  12. If the Compare Status is Unequal, select Update eDirectory.

  13. Click Reconcile, then click No.

  14. Click OK when finished.

Migrating Package Linkages to New Structure After Upgrading to Designer 4.5

To migrate your Package Catalog to the new linkage structure, complete the following steps:

  1. (Conditional) If you have not already imported your project into Designer 4.5, click File > Import and follow the steps in the Import Wizard.

  2. (Conditional) If you want to update an existing project, we recommend you back up your project:

    1. Click Project > Export Project.

    2. In the Export Project window, select the project.

    3. Select To archive file.

    4. (Conditional) Click either Save in zip format or Save in tar format, as appropriate for your environment.

    5. Click Browse and navigate to where you want to save the backup file.

  3. In the Outline view, right-click Package Catalog and select Migrate Linkages.

  4. Click Yes to confirm you have already backed up your project.

  5. Click OK.

This procedure is applicable for projects that were created using any version prior to Designer 4.5 and for projects imported from the Identity Vault. (Bug 847441)

Upgrading User Application Driver Package from Designer 3.0 to 4.5 Shows the Package as Customized

If you create a User Application driver package using Designer 3.0 and then upgrade to Designer 4.5, the property of the User Application base package that is installed, is shown as Customized. (Bug 889949)

An Error message is Displayed When Designer is Launched for the First Time After Upgrading It From Designer 4.0.2

Issue: This error occurs because the upgrade program does not delete the org.eclipse.osgi container. (Bug 886559)

Workaround: Delete the container from <designer_install_location>\configuration\ and start Designer.

6.8 Uninstallation Issues

Uninstallation Does Not Remove Packages and Plugins Folders from Windows Server

When you run the installer to uninstall Designer from a Windows server, the installer might not remove all folders created during the installation process. In some environments, the installer does not remove the packages or plugins folders from the Designer installation folder. (Bug 748541)

Uninstallion on Linux Does Not Remove the UninstallDesigner Folder

After you have uninstalled Designer on Linux, the UninstallDesigner folder is not removed. (Bug 891926)

7.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

[Return to Top]