for Novell Identity Manager: Readme
March 16, 2007
For the latest version of the Readme
file, visit http://www.novell.com/documentation/designer20/index.html
The documentation for Designer 2.0 for Identity Manager is
included in the build. It is also available
the Novell Product Documentation Web site.
For information about Novell®
Identity Manager 3.5, refer to the documentation located at the Novell
Product Documentation Web site.
- To browse the Designer help topics after Designer is
To search for specific Designer information after
- In Designer, click Help > Help Contents.
- Select a book, browse the table of contents, then click
- Click Help > Search, then enter text. Or press
on any page. (In Linux, press CTRL-F1.)
- Type a topic in the Search field, then click Go.
If you maximize an editor (for example, the Modeler), help
do not display when you press F1. To view the help, minimize the
This release of Designer includes User Interface translation
for Brazilian Portuguese, Chinese (Simplified), Chinese (Traditional),
Dutch, French, German, Italian, Japanese, and Spanish. The User
Interface language can be chosen at install or at runtime through the
preferences dialog box.
This release does not include translation of Designer runtime
help or product documentation. At this time, project documentation
generated by Designer is available in English only.
Some plugins are provided by the metadirectory and are
available only in languages supported by the metadirectory: Chinese
(Simplified), Chinese (Traditional), French, German, and Japanese. Some
third-party plugins might be available in English only.
or Japanese PDF not Displaying Properly Using Linux PDF Reader (Evince)
By default, Linux may be using a PDF reader (Evince) that doesn't
support the embedded font we use to display double-byte
characters. We recommend use of the Adobe Acrobat
Reader for Linux to support these languages.
Error: "Out of
Generating Documentation on Windows
Some Windows users have experienced an Out of Memory error
when generating documentation. To fix this, right-click the Designer
shortcut, then select Properties. You must make sure that the -vmargs
-Xms256m -Xmx1024m parameters are not enclosed in quotes. Only the path
to the designer.exe file must be in quotes. The following example
illustrates the path:
If you still experience problems, you can attempt to adjust
the -Xms256m -Xmx1024m parameters to a higher memory amount. Just make
sure you have that memory available on your system. The default
settings should be sufficient for most applications.
For more information, see "What's New - Application Framework - Heap
Size Control" in the Designer help menu.
Document Generation Styles
1.x versions of Document Generation styles are not compatible with
Designer 2.0. It is
recommended that you create a new style, then copy and paste your data
from the old style. Otherwise, you miss new functionality found in 2.0
Passwords are obfuscated. However, if you have other
in your project file, it is not encrypted in any way, and you must take
care to safeguard your information. In the future, the data will be
Clear Text in
Important: When you use any action that
might require a password to be entered (for example, Do Send Email),
the password is not being encrypted with this release. If you deploy
the policy or save it to disk, the password is in clear text.
Simulation Stops Working After Designer Upgrade
If simulation stops working after a Designer upgrade, and you are
unable to progress past the query/response stage of processing, you can
remedy the situation by checking and correcting your simulator
preferences page settings. To do this go to Window ->
Preferences -> Designer for IDM -> Simulation and verify
that all paths specified for Input, Output and Java Extensions are
valid paths and that they exist.
Templates Are Filtered by Name and Locality Settings
When running Designer in any language, by default you see only
notification templates for the language that you are running
in. To see templates in additional languages, change the filter
settings for the Outline view:
Also, when creating new templates, you must add the proper
language code to the template name so that your new templates
are filtered correctly.
For example, a German template should be named
<TemplateName_de>. The language codes are as
- Click the filter icon in the upper-right corner of the Outline
- Select the languages that you want to see.
English Templates are not named with a code.
will not Launch after Installation on Windows Vista
Windows Vista has implemented a new "User Account Control" feature that
prevents applications to run as "Administrator" unless you specifically
allow it. To run Designer in Vista, right-click on the
Designer shortcut and choose the option to "Run as
Administrator". You may also choose to disable "User Account
Heap Status Widget not Displayed When Running Designer Initially
The first time you run Designer, this widget will not show up.
The widget shows up once Designer has been restarted.
This is a known Eclipse issue.
Import Users may See "java.lang.NoClassDefFoundError:
When importing a project , users may see the above error in the error
log. If you are seeing this error in the error log re-install
designer to lay down the xerces.jar file again.
Projects created in Designer 2.0 are not compatible with
earlier versions of Designer. In this release, if you use a project
created earlier than Designer 2.0, Designer runs a project conversion .
Save Custom XDS
before Upgrading or Reinstalling
WARNING: By default, preferences for policy simulation
are saved to the plug-in directory. Running Designer 1.2 or
if you save your custom XDS documents to the plug-in directory, the
documents will be deleted if you run an upgrade or reinstall.
To prevent custom XDS documents from being deleted, save
to some other directory than the plug-in directory. For example, save
them to the workspace directory or change the default output directory
to the workspace directory.
Required for Designer
The minimum resolution required for Designer is 1024 x 768.
recommended resolution for Designer is 1280 x 1024.
Trace Preferences on NLD
On Novell Linux Desktop, some themes can cause display
Designer. One issue is the inability to see the available plug-ins to
trace when tracing is disabled. This problem is most widely seen with
the Industrial theme.
To work around this issue, change your theme to one of the
- Grand Canyon
and Project Data
It is a good practice to protect your work by periodically
your project. You can easily make a copy:
In the very rare event that Designer gets into a questionable state
(for example, lines aren't drawing correctly), as an extra precaution,
don't save the project. By not saving, you avoid the possibility of
saving a corrupted project. Close and then re-open the project
and resume your work.
- Right-click a project in the Project view.
- Select Copy Project.
Imported by Default
With this release of Designer, an application schema is not
automatically imported by default. You can always perform a refresh
application schema operation on a particular application after the
project has been imported:
- Right-click the application
- Select Live operations > Refresh
You can also change this preference by selecting Window >
Preferences >Identity Manager > Import, then select Include
application schema when importing drivers.
Running Designer with
Fonts in Windows
120 DPI is too large for text in standard Windows XP
decorations. Adjust the Display settings:
- In the Control Panel, select Display > Appearance
- In "Use the following method to smooth edges of screen
fonts," toggle Standard to ClearType.
If you have a display that necessitates 120+ DPI fonts, you need
ClearType. Besides the obvious anti-aliasing aspects, ClearType gives
fonts better weight. Without ClearType, the fonts are too thin and
light, decreasing readability.
- Click OK, then click Advanced.
- In the Item field, reduce the Icon, Menu, Message Box,
Selected Items, and ToolTip sizes.
- Reduce title bars and related controls to a preferred
- Fix icon spacing and scroll bar width.
- Make sure that you are running at a very high resolution.
This helps eliminate most of the display issues on an HD monitor.
The certificate wizard for eDir2eDir drivers allows for the generation
of certificates for a single trust or mutual trust (mutual
authentication). However, even though the wizard allows you
select mutual authentication and generate the certificates, this is
really operating in a single trust mode. This will be
in a future milestone.
If you want to maximize the performance on
large-scale operations (for example, copy/paste of several objects),
you will find that the performance is up to ten times faster if you
hide or close the Outline view. You get even more performance
if you also close the Properties view. To quickly restore
these views, click Window > Reset Perspective.
Enabling IDM 3.5
This release of Designer supports the new features introduced in IDM
3.5. IDM 3.5 features are enabled by default on all
new projects. The default IDM server version for all new
projects is 3.5. This is done in the server properties page
so that users can get access to the new
3.5 feature set. The server
properties page is found by going to the outline view and double
clicking on the server icons. More information can be found
in the "What's New" documentation for Designer 2.0.
If a Project Contains a JDBC 3.5
If a project contains a JDBC 3.5 driver, you need to slightly alter its
configuration file. Edit the configuration file by escaping the period
in the name. That is, change JDBC 3.5 to JDBC 3\.5. Otherwise, the
project doesn't deploy.
on Windows Vista
Designer 2.0 is not officially supported/tested on Windows Vista,
however our initial impression is that Designer will run well on Vista.
During the install you will see a message stating that you
are installing on a unsupported Windows version. You may
continue with the installation by selecting ok. See readme
item "Designer will not launch
after installing on Vista"
under general issues for instructions on running Designer on
on English Windows with East Asian Language Pack and with Double Byte
When installing to a path where there are double byte characters and if
your operating system is running the English version of Windows
with the East Asian Language Packs installed, the install
package will throw an error saying that it is unable to extract the
There are known issues with using Double Byte Character Sets (DBCS) in
Windows file paths. We cannot provide fix at this time as
have to come from the OS vendor or the install framework vendor.
As an alternative you can install to DBCS paths when
installing to a localized
version of the operating system.
Install Crashes on SLED 10, SuSE 10.2 with XGL Desktop
There are known cases when the Designer install crashes when installing
on SLED 10 and SuSE 10.2 when XGL is enabled.
The error may be displayed as:
An unexpected error has been detected by HotSpot Virtual Machine:
The problems are only seen when XGL is
enabled. If XGL is enabled, disable it and then
try installing again.
NDSBase and NICI
When installing on Linux, supporting Linux packages for
Designer are needed. The GNU gettext
utilities are a set of tools that provide a framework for
internationalized and multilingual messages. Make sure you have
installed this package and any dependencies for this package before
installing Designer. You can use YaST to check for installed packages
and to check dependencies.
Designer Installs it's own JRE
The installation installs a JRE specifically for Designer.
won't impact Java* installed for other uses on the workstation.
Designer on Windows
Some users have reported the inability to install Designer
Windows*. The install starts to run but closes with the following
"This Application has Unexpectedly Quit."
If you see this issue, do the following:
Right-click the Designer install.exe file and choose
Properties. Select the Compatibility tab. Under the Compatibility mode
section, choose the option to "Run this program in compatibility mode"
and select Windows 2000 from the drop-down menu. The Designer install
should execute normally.
Privileges are Required
and NICI requires root privileges. The install program
prompts you for the root password so that you can install these
On Linux, Install
The following error occurs with some versions of Linux:
- Invocation of this Java Application has caused an
InvocationTargetException. This application will now exit.
The xhost program makes Linux more secure by not allowing
hosts and users to make connections to the X server. If you are logged
in as a valid user and are trying to run the install as root, this
error can occur. For more information on xhost, refer to the man page
On Linux, Resizing
after Pre-Installation Summary Halts Installation of Designer.
This is a problem with the underlying install framework in
by Designer. The issue is being tracked and addressed by the
third party company responsible for that install framework.
Our installation framework provided by Macrovision, confirms that this
is a problem in the install framework. At this time these
links will have to be opened
manually by the user.
If you are running eDirectory on Linux and also want to run
Designer, you may need to run Designer as root.
eDirectory install requires you to install its base packages as root.
This prevents a normal user from running them. Specifically, Designer
crashes if you are running as a non-root user when
importing or deploying and when connecting to a tree.
Running Designer on
We don't recommend that you use the gtk-qt-engine -
Engine for Use with Qt Plugins and Settings. This RPM package is
installed with SUSE Linux 9.2 and 9.3 and
possibly other Linux Distributions. There are known issues that cause
crashes and Designer theme issues when this package is installed.
If you must use this RPM package, obtain the latest version.
You can download this version from http://www.kde-look.org.
Even with the latest version of the package, Designer theme
functionality might not be present.
To determine whether you have the gtk-qt-engine - GTK-style
for Use with Qt Plugins and Settings RPM package installed, enter:
If gtk-qt-engine appears in the list, you should remove the
by issuing the following command as the root user:
rpm -e gtk-qt-engine
If You Encounter
Issues on Linux
If you encounter display issues in GNOME*:
Normally, this process fixes display issues.
- Select the Applications menu.
- Click Preferences > Font, then decrease the size
- You can also adjust the thematic elements to your liking.
mind that GTK thematic elements can cause performance issues with
Designer. If Designer is running slowly, especially when you use
pull-down menus and other widgets, you might try changing to a
simplified GTK theme.
Because Eclipse (Designer) is a GTK application, it is recommended that
you use GTK themes rather than qt-based themes. This can be
accomplished using one of the following methods:
You must remove the gtk-qt-engine package mentioned in section 3.6.
This can be done through YaST or by using the instructions given above.
You need to have the following packages installed on your
system. If you installed the GNOME subsystem, you already have these
control-center2 > Gnome Control Center
gtk2-themes > or the themes you downloaded, and all
the related dependencies
gnome-themes > only needed if you are going to use
Gnome Control Center to set your theme
Do one of the following:
ln -s /opt/gnome/lib/control-center-2.0/gnome-settings-daemon
Set your GTK theme and font settings from the KDE SUSE
menu. Select Utilities > Desktop >Gnome Control Center.
You can set this control center application to automatically run each
time KDE is started. The following command will accomplish this:
(for "user", use your username)
- Create a GTK control file (usually named .gtkrc-2.0) in
your user home directory or the directory where your system is
configured to look for GTK2_RC_FILES. Entering "set |grep gtk" shows
how this environment variable is configured and which files it is
looking for. The file should include the following information. You can
use any font and GTK theme that you prefer.
font_name="Sans Serif 6"
widget_class "*" style "user-font" gtk-theme-name="Xfce-stellar"
gtk-font-name="Sans Serif 6"
from the Shell
The StartDesigner.sh file sets important variables,
memory parameters. If Designer isn't launched from this file, Designer
won't function correctly or be able to call other programs (for
example, Mozilla*) on Linux.
StartDesigner.sh is located in the /path to the
Opening a Browser
Designer on Red Hat Fedora Core
If you are running the latest Fedora core, you might see errors in the
error log when you try to use Designer's Browser functionality:
"Internal browser is not available: No more handles libstdc++.so.5:
cannot open shared object file:"
The latest Fedora core is shipping with a new shared library that
provides browser support. However, Eclipse still depends on the old
library. To work around the problem, log in as root
and issue the following command to install a compatibility library.
sudo yum install libstdc++.so.5.
What's New HTTP
Launching Browser on Linux.
Certain links on the what's new page, (specifically the bugzilla links)
do not launch a browser on Linux. This is an Eclipse issue
that should be fixed in later versions which we will implement into
Designer. As a temporary workaround, you may configure your
eclipse preferences to launch an external browser for viewing help
files. This is found by going to preferences - general - web
Form Field That Returns Undefined Does Not Display an Error or
If a field on a form used by a workflow returns the value "undefined",
the form does not display an Error or Warning message. This situation
results from a problem in the script. In general, if a form script
evaluates to "undefined", the script is considered to be in error. The
workaround is to make sure you do not set "undefined" in the
preactivity mappings. To do this, use a try/catch/finally block to
ensure that there is always a valid value being sent to each control.
Setting Trustee Rights on a Provisioning Request Definition
You might encounter the following error message when trying
set Trustee Rights on a provisioning request definition or when trying
to access the Identity Vault via the ECMA expression builder:
"Cannot connect to host 'xxx', verify the address is
and the server is running."
If the address is correct and the server is running, this
might be caused by a slow connection.
You can change the connection timeout by setting the Connection
via Windows > Preferences > Provisioning.
Credentials in the Provisioning Request Definition Editor
When you connect to the Identity Vault from the provisioning request
editor (for example when setting Trustee rights on a provisioning
request definition) you are prompted for your Identity Vault
credentials. If you type an incorrect password and click the Save
password button in the Identity Vault credentials dialog box, you
cannot connect to the Identity Vault and you are not prompted to retype
To work around this issue, access the Modeler view and reconfigure the
Identity Vault credentials for the project.
A portion of Designer code includes derivative Eclipse code, where we
have enhanced Eclipse source code to best suite the needs of our
product and customers. This code has been contributed back to
Eclipse community under the EPL license agreement under Bugzilla entry
#105582. The contributed code deals solely with
Eclipse framework UI and contains no Identity Manager-specific code,
concepts, or logic. Novell retains full rights and ownership
all code outside of the specific code contributed, as noted in
This product includes software developed by IBM Corp. using
Eclipse platform (all rights reserved) and the Apache Software
Foundation (http://www.apache.org). Novell is an Eclipse Foundation
This product includes TightVNC viewer software, which is a
free remote control software package derived from VNC. This is under
license and ships as a separate plug-in, apart from the core Designer
Novell, Inc. makes no representations or warranties with
the contents or use of this documentation, and specifically disclaims
any express or implied warranties of merchantability or fitness for any
particular purpose. Further, Novell, Inc. reserves the right to revise
this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or
Further, Novell, Inc. makes no representations or warranties
respect to any software, and specifically disclaims any express or
implied warranties of merchantability or fitness for any particular
purpose. Further, Novell, Inc. reserves the right to make changes to
any and all parts of Novell software, at any time, without any
obligation to notify any person or entity of such changes.
Any products or technical information provided under this
Agreement may be subject to U.S. export controls and the trade laws of
other countries. You agree to comply with all export control
regulations and to obtain any required licenses or classification to
export, re-export, or import deliverables. You agree not to export or
re-export to entities on the current US export exclusion lists or to
any embargoed or terrorist countries as specified in the US export
laws. You agree to not use deliverables for prohibited nuclear,
missile, or chemical biological weaponry end uses. Please refer to
www.novell.com/info/exports/ for more information on exporting Novell
software. Novell assumes no responsibility for your failure to obtain
any necessary export approvals.
Copyright © 2005-2006 Novell, Inc. All rights
reserved. No part of
this publication may be reproduced, photocopied, stored on a retrieval
system, or transmitted without the express written consent of the
Novell, Inc. has intellectual property rights relating to
embodied in the product that is described in this document. In
particular, and without limitation, these intellectual property rights
may include one or more of the US patents listed at
http://www.novell.com/company/legal/patents/ and one or more additional
patents or pending patent applications in the US and in other countries.
For a list of trademarks, see the Novell Trademark and
Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html).
All third-party trademarks are the property of their
A trademark symbol (®,
etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party