Novell Home

Novell Cool Solutions

Monthly Archives: July 2006

Just to clarify….



By:

July 31, 2006 2:14 pm

Reads:96

Score:Unrated

We got a bit carried away in our excitement around early momentum for SUSE Linux Enterprise 10. In our press release last Friday, we indicated we’d had 286,000 unique visitors to our new Novell Customer Center. That should have read 286,000 page views. So we wanted to set the record straight. In any case, a …

+read more


Categories: Expert Views, PR Blog

Staples2Naples Rally 2006 (Not ZENworks!)



By:

July 30, 2006 1:44 pm

Reads:2,985

Score:Unrated

This is my first totally off-topic post. Nothing to do with ZENworks whatsoever! Bit cheeky to a corporate blog – but it’s for charidy m8 ;) (The UK readers will get that one)

A friend and I have entered the Staples2Naples 2006 Banger Rally in September this year. This is a four day rally covering 1400 miles through France, Germany, Switzerland and Austria between September 22nd and 26th this year. There are only two rules:

  1. The car must be worth less than £100: Ours is a 1991 Volvo 440 Special Edition (means it has a plastic spoiler). Originally red, now pink with 103k miles clocked.
  2. It’s not a race. It’s a rally with challenges – arriving first does not mean you win.

Since the sun has reduced the paintwork on our car to an attractive pink we decided it would be cool to only 50% renovate it – one side like new and the other still pink to show the effects of the sun. Our chosen charity for the event is the Myfanwy Townsend Melanoma Fund and donations are made in memory of a colleage (Stuart Mansell – IDM Guru) who died from last December.

Some details if you’re interested.

Thanks everyone!

I promise to get back to ZENworks posts now :)

+read more


Categories: Uncategorized

ZENworks Asset Management Assures Standard Life



By:

July 27, 2006 7:23 am

Reads:71

Score:Unrated

Check out the ComputerWeekly article on how Standard Life, the UK-based insurance company, is successfully using Novell ZENworks Asset Management to gain control of complex software licensing arrangements and better understand their software usage. ZENworks Asset Management is giving Standard Life the ability to clearly see their licensing rights and requirements. This has giving the …

+read more


Categories: Expert Views, PR Blog

changes in idm 3.0.1 (idm sp1)



By:

July 26, 2006 10:10 pm

Reads:2,618

Score:Unrated

magnifier you asked me to give a little more details on what 3.0.1 really is. here you go with an as complete list as possible:

the main purpose of sp1 was to get localization and fixes out. there is only one new feature that was introduced with sp1. a published list of what’s new can be found in our documentation. the list that i put together here shows some more details and will be published as a TID, soon.

new feature – credential provisioning

the new credential provisioning allows you to provision credentials into Novell’s Secret Store or an external credential repository. using credential provisioning you will be able to 100% provision a new user including all its passwords for numerous applications. then you pass the new user his main password to login to his workstation and that’s it. because you have provisioned his credentials into the Secret Store, the new user can now seamlessly access Group Wise, Lotus Notes, web pages, whatever you have set up for him, through Novell Secure Login (or another single/seamless-sign on application).

designer

the designer part is much easier for me because we have our bugzilla database open to the public. this way you can easily create a changelog for yourself by running the appropriate query. to get all the bugs (remember that bugs are not always bugs) we fixed for 1.2 run this query.

the key benefits are:

  • Full support for Credentials Provisioning
    • Create Credential Repository
    • Create new Credential Provisioning Application
    • New actions in Policy Builder (these are in the iManager plug-ins, too)
      • clear SSO credential
      • set SSO credential
      • set SSO passphrase
  • Live browse, view, and edit any eDirectory object
  • Provisioning work flow Editor creates new custom work flow topologies
  • Generate doc in editable RTF format
  • Generate doc on just selected items
  • Remote control desktops where applications are running
  • New project checks
    • Check for local variables in policies
    • Filter and Schema Map Check
    • Public and Private Key should not be in the filter with npsmDistributionPassword at the same time
    • Check if all the classes and attributes in schema map exist in eDirectory schema
    • Make sure the Authentication Method for the AD Driver is set to “gotiate” when synchronizing passwords
    • Check if the syntax of container names in the AD driver policies is valid
  • Discovery and modeling of AD Domain Controllers
  • Start, stop, and status all drivers on driver sets and vaults
  • Deploy certificates for eDir-to-eDir drivers
  • Lots of new main menus and simplified context menus
  • Built-in HTML viewer/editor for Notification Templates

localization

  • Installation: added Japanese
  • Meta Directory Engine: added Japanese
  • iManager Plug-Ins: added Chinese Simplified, Chinese Traditional, Japanese
  • Administration Guide: added Chinese Simplified, Chinese Traditional, Japanese
  • Driver Guides:
    • Active Directory: Chinese Simplified, Chinese Traditional, Japanese
    • Delimited Text: Chinese Simplified, Chinese Traditional, Japanese
    • eDirectory: Chinese Simplified, Chinese Traditional, Japanese
    • Exchange 5.5: Chinese Simplified, Chinese Traditional
    • GroupWise: Chinese Simplified, Chinese Traditional
    • JDBC: Chinese Simplified, Chinese Traditional, Japanese
    • LDAP: Chinese Simplified, Chinese Traditional, Japanese
    • Lotus Notes: Chinese Simplified, Chinese Traditional, Japanese
    • SOAP: Chinese Simplified, Chinese Traditional

meta directory engine

  • If the driver parameters XML references a named password and the named password has not been defined for the driver, then the driver should receive a blank password at startup. Prior to this fix, the driver received the name of the named password instead.
  • The Identity Manager Engine and Remote Loader can now be used with key pair files generated by Novell Audit’s audcgen utility.
  • When many drivers are all set to auto start on a single server there was the possibility that one or more of the drivers wouldn’t start due to resource contention. Now drivers are started one at a time, with the Identity Manager Engine waiting until a driver has reported that it is started before starting another driver.
  • When a driver has been stopped for a long time the driver cache data can build up to a large size. Previously, when 1 MB of data had been processed from the cache the data would be physically purged. The purge process is potentially expensive because it involves physical disk writes. The purge algorithm has been changed such that up to half the cache data will be processed before the cache is physically purged.
  • When an eDirectory move replicated to an IDM server that did not previously contain a replica or at least an external reference to the moved object, the IDM engine would not generate any events on the publisher channel. Changed so that at least a sync event will be generated.
  • A modify-password command submitted to the subscriber channel would perform a verify password operation to verify that the password was really different in order to avoid loopback problems and extra events. This caused two problems: a verify password operation that fails causes a) a 3 second delay (a huge performance hit); and b) the intruder lockout count to be incremented. Changed algorithm so that password verification happens by comparing against current value of nspmDistributionPassword instead.
  • Conversion of a 1.x style rule that contained non-standard elements to a DirXML Script policy caused those non-standard elements to be copied verbatim to the policy, causing it to be unusable.
  • Added do-set-sso-credential, do-set-sso-passphrase, and do-clear-sso-credential actions to DirXML Script to support integration with NSL and SecretStore.
  • Removed restriction disallowing moving of an eDirectory object from a partition with a replica on the IDM server to a partition with no replica on the IDM server.
  • The DirXML Script processor was getting confused by an input element being embedded somewhere underneath an output element. This was a problem in particular for the JDBC driver, which embeds the complete input document inside the corresponding status element it returns in the the output document.
  • Filtering out of notify attributes is now working when applied to the result of a merge.
  • Added new engine control that controls the setting of creatorsName attribute for objects being created on the Publisher channel. This was done because of the performance penalty. If the control is is set to true, then the creatorsName will be forced to the DN of the driver. If set to false, then the createorsName will be the DN of the server object hosting the driver. Default for the control is false, whereas the old behavior was true. The change was made because setting creatorsName has to be done in a separate eDirectory transaction which can cut publisher channel add performance in half.
  • IDM reported a -603 when it goes remote for home directory creation because the connection to the remote server was not authenticated.
  • Auxiliary classes that are inherit from Top were not added automatically to an add operation because the mandatory attribute Object Class is not usually explicitly present in the add operation.
  • Documentation
    • Added documentation for Credential Provisioning policies.
    • Updated IDM 3 Entitlements documentation
    • Updated documentation to cover install of IDM on non-root install of eDirectory.
    • Updated Documentation with instructions how to upgrade from 1.1a to IDM3
    • Updated readme on NMAS Method Install FAILING on Solaris/AIX/Linux with eDirectory 8.7.3
  • Fixed the issue where the Novell Audit event definition file for Identity Manager caused an error when the Novell Audit 2.0 plugin for iManager was used to browse the Identity Manager Log Application object.
  • Addressed installer issues on AIX
  • Addressed installer issues when installing Secret Store
  • Role-Based Entitlements
    • DirXML-EntitlementResult attributes should be cleaned up automatically
    • Driver now handles static includes/excludes
    • Corrected mispelled attr name excludedMember (was exludedMember).
    • Non-user classes were not allowed in the Role-based Entitlements plug-in for iManager. If you entered the class manually, a warning appeared. This has been corrected by adding non-user classes to the subscriber filter list in the plug-in. The warning no longer appears.
    • The RBE plug-ins no longer require that a driver have a manifest to be considered for entitlements.
    • Non user classes are now automatically added to the Entitlement Service Driver’s subscriber filter.
  • iManager Plug-Ins
    • The User Profile pages no longer generate unexpected ClassCastException errors.
    • The driver wizard now creates default engine control values on new drivers.
    • The hint at the bottom of the New Policy task now shows the correct Role and Task names for the IDM Overview.
    • The filter generated for the Entitlement Service Driver by the RBE plug-ins now include the DirXML-SharedProfile class and Member and excludeMember attributes. This change allows for proper handling of changes to an RBE profile’s static or dynamic membership list.
    • Role-Based Entitlements: Re-evaluate membership – warning if driver is stopped
    • Pressing the “Close” button in the “Edit eMail Templates” page when it is invoked from the “Forgotten Password” property page does not close the “Edit eMail Templates” page.
    • If an error occurs assigning a password policy to a container an error message is now displayed to the user.
    • In the “Password Policy Summary” property page, the value displayed for some of the password policy options is now correct.
    • The provisioning plug-ins now correctly handle localized strings that use both a language and country code.

integration modules

  • Active Directory
    • Documented the effects of restoring any AD objects and what happens to the associated Identity Manager objects.
    • Document changes for 1.1a to 3.0 upgrade on the AD Driver
    • Added documentation about how Active Directory accounts expire and how it differs from how Identity Vault accounts expire.
    • Fixed Broken links in AD doc
    • Preconfiguration does now have DirXML-ADAliasName mapped for Group
    • Preconfigured Driver no longer attempts to set illegal attribute
    • Subscriber matching rule no longer fails on non-user objects.
    • Subscriber create rule no longer fails due to the application attributes not being available.
    • Subscriber transform rule “map fullname” no longer fails due to an extraneous “CN=” being appended.
    • Subscriber matching rule “Match Users Based on Full Name” no longer does an incorrect query.
    • Ability to totally disable the password sync portion of the driver. This allows multiple instances of the ADDriver to exist on the same computer when one instance is configured for synchronizing passwords.
    • Fixed bad variable comparison in default publisher event transformation policy
  • Lotus Notes
    • The Notes Driver can add Replication entries to newly created mailfiles (Windows platform only).
    • The Notes Driver publisher channel now honors different format selections for publishing src-dn and old-src-dn attributes. Options are: NOTES_TYPED, NOTES, SLASH_TYPED, LDAP_TYPED, LDAP, DOT_TYPED, DOT
    • child element of command is now honored for setting the HTTPPassword field for non-registered (non-certified) user’s.
    • Fixed erroneous retry loop caused when element was processed under certain circumstances.
    • Improved mailfile filename creation and collision detection logic.
    • NotesDriverShim now appropriately handles HTTPPassword creation when a password value contains special characters such as double-quote (“).
    • NotesDriverShim query processor now appropriately handles search values containing special characters such as backslash (‘\’).
    • NotesDriverShim no longer displays httpPassword values in clear text.
    • Updated the sample Notes dirver configuration file (Notes.xml) to reflect the appropriate typcase for attribute “Internet EMail Address” instead of the inappropriate typecase of “Internet Email Address”
  • JDBC
    • Fixed JDBC Connector Child Table Insert Error
    • JDBC, Spec. V3, fixed auto-generated primary keys problem
    • Fixed JDBC Triggerless Publisher Sending Extraneous Delete Events which may result in data loss.
    • Fixed Triggered publisher not closing batch statements resulting in Oracle cursor exhaustion.
    • Subscriber channel is no longer disabled when filter is empty.
  • Avaya
    • Help for the Avaya PBX Audix Subscriber plug-ins
    • iManager Plugins: A PBX site or workorder container can now include the tree name as part of the slash format DN.
  • User Application
    • Fixed a problem where the User Application Driver would not start
  • Delimited Text
    • Some characters can not be synchronized with DelimitedText Driver in RHEL3 Server.
  • SAP HR
    • When the driver is given permission to “Read” from the SAP HR system on the Publisher channel, previous versions of the driver attempt to validate the effective dates of future-dated events when the future-dated IDocs are processed. This is done by reading the current data instances and comparing the beginning and ending validity dates of the current data with the validity dates for that data in the future-dated IDoc. The driver now contains a “Future-dated Event Validity Checking Option” which enables the Administrator to perform or not perform the validity check.
  • LDAP
    • Parameters were added to the sample LDAP driver configuration that allow the user to define startup behavior when using the LDAP-Search publication method. For example, it is now possible to choose whether the very first poll result will be synchronized if there is no previous poll result to compare with.
    • Queries to the LDAP driver rely on the “namingcontexts” attribute on the LDAP server’s rootDSE being set properly. It often isn’t in early version of Oracle Internet Directory (OID). A driver workaround was made to allow queries and the “Migrate into Identity Vault” option to work properly in those cases.
  • SOAP
    • A configurable subscriber option was added to the sample configurations for the SOAP driver that allow the user to specify HTTP result codes that will return a “retry” status and result in the command being tried again.

user application

still working on this list.

rolled-in patches

  • Active Directory Driver
    • Subscriber “match everything else” Rule configuration was incorrect
    • ADDriver continues to accumulate ldap connections without freeing them.
    • IDM Password sync filter blocks other applications during password changes. This is manifested when high volumes of passwords are being changed through a script while at the same time attempting to change a password through an application such as MMC.
  • JDBC Driver
    • jdbc driver connecting to mssql 2000 not dropping dbaccounts
    • When a JDBC connection goes bad, all other JDBC traffic is stopped. 3 JDBC connectors, 2 Oracle Instances
    • 2.0 driver optimizes out type 1,2 events when type 6 event is present.
  • LDAP Driver
    • Fixed a problem with driver initialization that occurred if it tried to read a schema definition that claims inheritance from a non-existant class. This problem was rare, but occurred with some Oracle Interent Directory classes, such as orclUniqueConfig.
    • A new LDAP SDK is included with SP1 which fixes a problem with LDAP move operations being formed incorrectly at the protocol level. This affected subscriber move commands in the LDAP driver.
    • Character encoding issues have been fixed and improved in the LDAP driver. The problems fixed occurred primarily when interfacing with Oracle Internet Directory (OID).
  • SAP HR Driver
    • The driver allows all Relationships infotype data (Infotype 1001 and all AD extensions) to be obtained on the Publisher channel via two methods: 1) If the field data is in the Publisher filter, all data will be synchronized as the IDoc is processed. 2) The data may be obtained via the RELATIONSHIPS and RELATIONSHIPS-PADxx pseudo-object queries which can be sent from Publisher channel policies.
  • GroupWise Driver
    • GroupWise Driver updated to support GroupWise 7 and GroupWise 7sp1
    • GroupWise sample configuration file (GroupWise.xml) modfied to remove options for mounted file system support when running on Linux
  • SOAP Driver
    • The SOAP driver would sometimes strip SOAP error content from the return, if an error was also set at the HTTP level. The driver has been updated to return both the approprate error code and also the error content if available.
  • Avaya Driver
    • Fix for the issue where eDirectory shuts down and does not restart during Avaya Driver installation on eDir 8.8
  • iManager Plug-Ins
    • In the “Filter” property page if you double click on a class or attribute in the filter the right side of the page does not slide in all the way to the left.
    • In the “Password Policy Summary” property page, the value displayed for some of the password policy options was not correct.
    • The “Check Password Status” task takes a long time when the user you are checking the password status for has pending associations.
    • Null pointer exception when you leave the Password Sync property page when there is not a server associated with the driverset.
    • Unlocalized buttons in the “Edit eMail Template” property page.
    • The “Add Tag” popup is partially hidden when it is displayed in the “Edit eMail Templage” property page.
    • In the “Edit Migration Criteria” dialog there was an unneeded link.
    • In the “Edit eMail Template” property page the “Add Tag” popup is partially hidden by the select control that holds the list of tags.
    • In the GCV property page if the type is dn and the dn format is ldap the ldap name is not created correctly.
  • Documentation
    • PassSync 1.0 will not work by simply adding the policy PassSync(Pub)-Command Transform Policies. Added more documentation on how to make PassSync 1.0 work in and IDM 3.x environment.
    • DirXML 1.1a is not supported on Solaris 9. Documentation says Solaris 7 and up is supported.
    • IDM3 driver doc for remedy is missing most information.
    • Chaptes 6.0 Understanding the Default Driver Configuration
    • Need better information on differences between Bundle Edition and IDM Standard
    • IDM 201 Documentation refers to TID 2969825, but this TID does not exist
    • (DirXML)Password set on AD driver using IDM 3.0 plugin fails with -683 on IDM 2.x engine
  • Regarding password self-service… If a challenge-response question is greater than 128 characters an error would occur in the UserApplication when the user is prompted to enter a response. This was fixed by limiting the length of questions to no more than 128.
  • An error occurs when attempting to create a Driver activity report. Driver Activity is one of the Novell Audit pre-canned reports.

+read more


Categories: Uncategorized

Ron Hovsepian at AlwaysOn Summit July 26



By:

July 25, 2006 10:55 pm

Reads:27

Score:Unrated

Novell CEO Ron Hovsepian is participating in a panel on open source at the AlwaysOn Summit at Stanford on Wednesday, July 26, at 10:30 am Pacific. AlwaysOn provides a streaming webcast of all the Summit sessions. You can find that here. Ron is on a panel along with Martin Mickos of MySQL and several other …

+read more


Categories: Expert Views, General, PR Blog

Spinning an identity web with RedSpider



By:

July 25, 2006 8:37 am

Reads:94

Score:Unrated

A group of Dutch community colleges have banded together to create RedSpider, an identity management system based on Novell Identity Manager. This innovative system manages user accounts for 12 colleges and more than 150,000 staff and students across the Netherlands. User information is entered only once, but is accessible by all RedSpider community colleges. Students …

+read more


Categories: Expert Views, General, PR Blog

Using Profiles on Terminal Servers

coolguys

By:

July 25, 2006 12:00 am

Reads:4,404

Score:Unrated

Bjoern Schoenhoff shares his advice about how to make profiles stick on Terminal Servers.

+read more


Categories: Uncategorized

Setting up a customer system



By:

July 24, 2006 2:56 pm

Reads:3,143

Score:Unrated

Along the lines of ‘How do Novell do it?’ I thought I would share with you all how we set up a customer system in house – well the GroupWise part anyway.

All in all, it’s a pretty easy process.  I guess a lot of people may not realise it, but all the configuration for a GW system is stored in the primary domain database, and that database is replicated to all other domains and Post Offices.  So, all we need to set up a complete copy of a customer system, excluding the mail of course, is the wpdomain.db from the primary domain.

If you attempt to do this in your own environment for your own testing then (VERY IMPORTANT, KEEP READING THIS SENTENCE) do it on a server that has NO access to the rest of your network.  If you don’t follow this advice then it is very possible that all the ‘test’ changes you make get replicated into your live system.

So, set up a test server with eDirectory and copy your wpdomain.db to it.  It helps to have the agent NLM’s already installed on the server (just copy them to sys:\system) and some ‘empty’ domain and PO dirs.  An empty dom dir just needs the 4 .DC files in it, an empty PO dir needs the 3 PO .DC files and the ofviews structure.
In ConsoleOne connect to this domain (Tools | GroupWise System Operations | Select Domain) – if you followed my advice and you are not connected to your corporate tree you will be prompted for a login, cancel this dialog and continue connecting to the domain.

Once connected hightlight an eDir OU and select Tools | GroupWise Utilities | GW/eDirectory Association | Graft Objects.  Follow the wizard to create eDir objects for your GW objects – you only need to graft as many as you need to test with.  This may only be one or two domains and a couple of post offices.

Once all that is done you need to change the config of the objects to reflect your test server – specifically you will need to change the domain and PO UNC paths and any paths and IP addresses on the MTA and POA.  This may also include reconfiguring the ports so that they are all unique (assuming you are doing all this on a single server).

Once done you can just start the agents up manually:

gwmta /home-data:\testdom

gwpoa /home-data:\testpo

as an example.

Now you have a basic copy of your system, you can get as fancy as you need to be to duplicate whatever problem you are working on.  This may require getting more data from the live system copied over, like user and message databases, or setting up a GWIA – but the basic are there.

For us in NTS this is a real easy way to duplicate customer problems and test potential fixes, without disrupting users.  If you are going to try this then please be really careful and heed my warning above.  If we get calls asking why users are magically disappearing from GroupWise we’ll know what you did – or didn’t do, as the case may be.

+read more


Categories: Uncategorized

Comments – and our editorial policy

coolguys

By:

July 21, 2006 9:12 pm

Reads:3,220

Score:Unrated

Red Pen

Since we started Cool Blogs a few months ago we have been very open with our comments – and our policy on accepting comments.

In all that time we have killed several thousand ‘spam’ comments and I’m proud to say we have rejected just a couple of others.

We like to think that we are ‘open’ in many ways; we encourage debate; we encourage discussion; we like to get feedback on areas of Novell that otherwise you would never see.

As Cool Blogs grows and gets more readership it’s time to start publicly sharing our ideals for this blog – and especially the comments.

  • Our number one goal is open communication.Novell Cool Bloggers are encouraged to blog about any area of Novell or adjacent technology. The only caveat is that we need to safeguard our intellectual property and competitive edge – so release dates will be within a calendar quarter window, we will not discuss projects or plans that are not publicly announced, we will not discuss financial matters.
  • We encourage our readers and subscribers to join in. Comment. Make suggestions. Give feedback. Again – our aim is to make this a broadly acceptable community that is of interest to many people. Comments may be edited or rejected to remove offensive or profane commentary. Comments may also be removed if they are not generally ‘constructive’ and in keeping with the subject of the post.
  • We try to follow sensible guidelines – ‘spam’, ‘trolling’, ‘astroturfing’ and ‘flaming’ are generally not acceptable and will lead to comments being edited or redacted.

Sorry this sounds like a harsh approach – we’ve been running with these guides for months now – and we’ve rejected less than 0.5% of non-Spam comments. For those that comment – please continue!

I’m interested in your feedback. Please feel free to comment directly on this post and our policy. What else would you like to see? What would you take out of that policy?

Written at: Draper, UT

+read more


Categories: Uncategorized

Integrating Novell OES Linux iManager, Virtual Office and Welcome Page with Apache 2.2.2, Tomcat 5.5.17 and Sun Java2 1.4.2



By:

July 21, 2006 1:52 pm

Reads:4,282

Score:Unrated

Jonathan Peck has provided a guideline for installing Apache’s web server version 2.2.2 and the Tomcat Java servlet version 5.5.17 and integrating them with your current OES Linux setup.

+read more


Categories: Uncategorized

RSS

© 2014 Novell