Novell DirXML 1.1a for Solaris

Last updated August 18, 2004

1.0 Documentation

For information about DirXML^® and the drivers, refer to the documentation located at the Novell Product Documentation site.

You can view the documentation online in HTML, or download a copy in PDF format.

The latest readme file is also available online at the same location.

2.0 Special Instructions

If you use Novell^® iManager 1.5 to administer User objects and you also use the DirXML Driver for GroupWise^® (or if you have used it in the past), refer to TID #NOVL82926 and download the patch for iManager. The patch is necessary for maintaining correct Group Lists, GroupWise PO memberships, and GroupWise Distribution Lists.
If you don't download the patch, you will experience errors after you view Group Memberships on a User object. If you select any other tabs from the Modify Object task after viewing Group Memberships (such as Login Script, See Also, or Postal Address), you will see a message indicating that the GroupWise Post Office DN is not a group. You cannot exit iManager until you delete the offending DN. If you delete the offending DN, the User's association with his or her post office and distribution lists will be lost.
If you are running Novell eDirectory^TM 8.7 and the DirXML Driver for eDirectory on Solaris*, refer to TID #NOVL83005 and download the patch for Novell eDirectory.
If you do not install this patch you might encounter the following error when starting the driver: "IOException: Implementation NOT supported on current platform."
Before you can create DirXML objects such as drivers and driver sets, you must extend the eDirectory schema by using the dxmlconfig utility. For more information on this utility, refer to the dxmlconfig man page.
If you are using iManager to manage DirXML, you must manually copy preconfigured driver files to the correct iManager directory. Before you import preconfigured drivers, copy the preconfigured driver files found in each driver directory (driver\rules) on the product build to the iManager InstalledPath\tomcat\webapps\eMFrame\WEB-INF\classes\templates\browser\DirXML.Drivers directory.
After you install the iManager DirXML plug-ins, you must stop and restart the Web server.
The driver configuration files are located in the /usr/lib/dirxml/rules directory, which contains a subdirectory for each driver.
DirXML uses the Solaris* Java* Runtime Environment*. Please see http://java.sun.com/j2se/1.3/jre/install-solaris-re.htm for more information about downloading the latest operating system patches that might be required.
When you run the Remote Loader, the following files are created in the current directory or in the directory specified while setting the value of the variable RDXML_BASE_PATH:
1. Two password files - lpwdportnumber and dpwdportnumber

2. State files with an .xml extension

3. Log file with a .log extension

For proper administration, after unloading the Remote Loader service you must manually remove these files from their physical location.
If you are using remote.conf, remove or comment out the '-sp' line to start the Remote Loader.

3.0 Known Issues

Migration events being dropped: If you experience a -734 cache error, virus protection software might be corrupting Novell cache files. These are the symptoms:
- A cache error -734 occurs.
- A message in the trace says that the event cache has been deleted, and events that are in the cache are dropped.
- The driver can begin processing again and succeeds until another cache error occurs.
To resolve the issue, make sure your virus protection software is excluding TAO files. In addition, exclude from virus protection the Novell\NDS folder and all the subfolders below it.
Due to limitations of the Netscape* browser, you cannot administer DirXML with iManager. This will be fixed in a future release.
The Remote Loader will not run with JVM/JRE version 1.4 or higher. You should use a previous release of the JVM/JRE.
The DirXML Driver Set object must exist in a full replica on the server that is hosting the drivers.
All options specified in the configuration file /usr/lib/dirxml/rules/remote.conf must be preceded with a hyphen ("-") sign
The functionality of the rdxml component is available only with Java* drivers and not with native drivers.
Ensure that you do not delete a driver that is currently running. Deleting the driver might cause ndsd to stop.
The dxmlconfig utility can be invoked only on the machine that is running the DirXML engine.
When you migrate objects from eDirectory, the query to associate objects is generated by using the criteria in the Matching rules.
In ConsoleOne^®, server-directed read/writes do not work if the target server is on a WAN and the user has not authenticated to the server. We recommend that users authenticate to the server they want the driver to run on before they associate the Driver Set object with that server.
The drivers won't start if the command ndsrepair -U is executed. This is because DirXML does not load after the ndsrepair -U command is run. To solve this problem, restart ndsd.
When entering the Remote Loader parameters, ensure that you only use one space between the hostname, port, and kmo values. The DirXML engine treats the extra white space as the next value and causes a driver error.
If you create passwords that contain extended foreign characters such as accented or double-byte characters, we recommend that you manage passwords from one kind of administration tool. If you are using both ConsoleOne and iManager, you might have problems authenticating to one client if you created your password in the other system. Each handles extended characters differently and submits different hash values to eDirectory.
If you need to create passwords in both administration tools, you should restrict passwords to the lower 128 ASCII characters.
DirXML 1.1a export files are not fully backwards compatible with DirXML 1.0. DirXML 1.0 exports and imports the driver filter as a single string of encoded data. DirXML 1.1a decodes the driver filter into a set of human-readable XML tags that are much easier to handle. DirXML 1.1a will accept either the encoded form or the human-readable form on import, but will only export the human-readable form. As a result, you cannot export a DirXML 1.1a configuration and import it into a DirXML 1.0 driver. Similarly, standard import files for the DirXML 1.1a release might not be compatible with DirXML 1.0.
If you experience authentication problems during the installation, and if you are certain your authentication information is correct, you should ensure that the NCP packet signature level is not set to 3. If the parameter value is set to 3, you will see a -864 error in DSTrace. You should set the value to 1, reboot your computer, run the installation program, and then set the value back to 3 to maintain the same security level.
NCP packet signatures determine the level of enhanced security support. Enhanced security includes the use of a message digest algorithm and a per connection/per request session state. The values are as follows: 0=disabled, 1=enabled but not preferred, 2=preferred, and 3=required. Setting this parameter to 2 or 3 increases security, but decreases performance.
If you install DirXML on the same computer that is hosting iManager, then you might see a message during DirXML installation warning you that the eProv package cannot be installed. Close the message and continue with DirXML installation. You might see the warning, but the install is still successful, as the eProv package is not required for DirXML.
The Remote Loader will not run with JVM/JRE version 1.4 or higher. You should use a previous release of the JVM/JRE.
Additional issues associated with the DirXML 1.1a release are located in TID #10064493.

4.0 Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.

Copyright ^© 2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Patents Pending.

ConsoleOne, DirXML, GroupWise, and Novell are registered trademarks of Novell, Inc. in the United States and other countries.

eDirectory is a trademark of Novell, Inc.

All third-party trademarks are the property of their respective owners.