9.0 Troubleshooting Identity Manager

Keep in mind the following information when you install Identity Manager:

Lotus Notes driver issue while installing Identity Manager

Source: On Solaris 10, while installing Identity Manager 4.0 as non-root, you might encounter the following error message for Lotus Notes driver:
ln: cannot create /usr/lib/locale/ja/wnn//ndsrep: File exists
ln: cannot create
cp: cannot create /usr/lib/locale/ja/wnn//libnotesdrvjni.so.1.0.0: Permission
denied
ln: cannot create /usr/lib/locale/ja/wnn//libnotesdrvjni.so.1: File exists
ln: cannot create /usr/lib/locale/ja/wnn//libnotesdrvjni.so: File exists
Action: Manually create the symbolic links. For information on checking and re-creating symbolic links, see Troubleshooting Installation Problems in the Identity Manager 4.0 Driver for Lotus Notes Implementation Guide.

The Identity Manager installation might sporadically fail on Windows 2008 SP2 32-bit platform

Source: The framework installer displays the following error:
Java Platform SE binary has stopped working.
Action: To work around this issue:
  1. Run the Identity Manager installer with the -DCLUSTER_INSTALL="true" option. This installs only the Identity Manager files and not the eDirectory schema and other files.

    <install_drive>:\windows\setup\idm_install.exe -DCLUSTER_INSTALL="true"
    
  2. Extend Identity Manager schema through iManager by using the Import Convert Export Wizard under eDirectory Maintenance.

  3. Create the default objects by using the LDIF file.

    • Default password policy LDIF file

      dn: cn=Password Policies,cn=Security
      objectClass: nspmPasswordPolicyContainer
      objectClass: Top
      cn: Password Policies
      ACL: 1#subtree#[Public]#[Entry Rights]
      ACL: 3#subtree#[Public]#[All Attributes Rights]
      
      dn: cn=Sample Challenge Set,cn=Password Policies,cn=Security
      objectClass: nsimChallengeSet
      objectClass: Top
      cn: Sample Challenge Set
      
      dn: cn=Sample Password Policy,cn=Password Policies,cn=Security
      objectClass: nspmPasswordPolicy
      objectClass: Top
      cn: Sample Password Policy
      
    • Default notification collection policy LDIF file

      dn: cn=Default Notification Collection,cn=Security
      objectClass: notfTemplateCollection
      objectClass: Top
      cn: Default Notification Collection
      ACL: 1#subtree#[Public]#[Entry Rights]
      ACL: 3#subtree#[Public]#[All Attributes Rights]
      
      dn: cn=Password Expiration Notification,cn=Default Notification Collection,cn=Security
      notfMergeTemplateSubject: Password Expiration Notification
      notfMergeTemplateData:: PGh0bWwgeG1sbnM6Zm9ybT0iaHR0cDovL3d3dy5ub3ZlbGwuY29tL2RpcnhtbC93b3JrZmxvdy9mb3JtIj4gDQo8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbnM+IA0KPGZvcm06dG9rZW4tZGVzY3JpcHRpb24gZGVzY3JpcHRpb249IkZ1bGwgbmFtZSBieSB3aGljaCB0byBhZGRyZXNzIHVzZXIiIGl0ZW0tbmFtZT0iVXNlckZ1bGxOYW1lIi8+IA0KPGZvcm06dG9rZW4tZGVzY3JpcHRpb24gZGVzY3JpcHRpb249Ik51bWJlciBvZiBkYXlzIHVudGlsIHBhc3N3b3JkIGV4cGlyZXMiIGl0ZW0tbmFtZT0iRXhwRGF5cyIvPiANCjwvZm9ybTp0b2tlbi1kZXNjcmlwdGlvbnM+IA0KPGhlYWQ+IA0KPHRpdGxlPlBhc3N3b3JkIEV4cGlyYXRpb24gTm90aWZpY2F0aW9uPC90aXRsZT4gDQo8c3R5bGU+IA0KPCEtLSBib2R5IHsgZm9udC1mYW1pbHk6IFRyZWJ1Y2hldCBNUyB9IC0tPiANCjwvc3R5bGU+IA0KPC9oZWFkPiANCjxib2R5IEJHQ09MT1I9IiNGRkZGRkYiPiANCjxwPkRlYXIgJFVzZXJGdWxsTmFtZSQsPC9wPiANCjxwPlRoaXMgbWVzc2FnZSBpcyB0byBpbmZvcm0geW91IHRoYXQgeW91ciBwYXNzd29yZCB3aWxsIGV4cGlyZSBpbjwvcD4gDQo8YnIvPiANCiAgJEV4cERheXMkIGRheXM8YnIvPiANCjxici8+IA0KPHA+UGxlYXNlIHBsYW4gdG8gY2hhbmdlIHlvdXIgcGFzc3dvcmQgYmVmb3JlIGl0IGV4cGlyZXMuPC9wPiANCjxwPiAtIEF1dG9tYXRlZCBTZWN1cml0eSAtIDwvcD4gDQo8cD4gDQo8aW1nIEFMVD0iUG93ZXJlZCBieSBOb3ZlbGwiIFNSQz0iY2lkOnBvd2VyZWRfYnlfbm92ZWxsLmdpZiIgaGVpZ2h0PSIyOSIgd2lkdGg9IjgwIi8+IA0KPC9wPiANCjwvYm9keT4gDQo8L2h0bWw+IA0K
      objectClass: notfMergeTemplate
      objectClass: Top
      cn: Password Expiration Notification
      
      dn: cn=Password Reset Fail,cn=Default Notification Collection,cn=Security
      notfMergeTemplateSubject: Notice of Password Reset Failure
      notfMergeTemplateData:: PGh0bWwgeG1sbnM6Zm9ybT0iaHR0cDovL3d3dy5ub3ZlbGwuY29tL2RpcnhtbC93b3JrZmxvdy9mb3JtIj4NCiAgPGZvcm06dG9rZW4tZGVzY3JpcHRpb25zPg0KICAgIDxmb3JtOnRva2VuLWRlc2NyaXB0aW9uIGl0ZW0tbmFtZT0iVXNlckZ1bGxOYW1lIiBkZXNjcmlwdGlvbj0iVGhlIHVzZXIncyBmdWxsIG5hbWUiLz4NCiAgICA8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbiBpdGVtLW5hbWU9IlVzZXJHaXZlbk5hbWUiIGRlc2NyaXB0aW9uPSJUaGUgdXNlcidzIGdpdmVuIG5hbWdDT0xPUj0iI0ZGRkZGRiI+DQogIDxwPkRlYXIgJFVzZXJGdWxsTmFtZSQsPC9wPg0KICA8cD5UaGlzIGlzIGEgbm90aWNlIHRoYXQgeW91ciBwYXNzd29yZCBjb3VsZCBub3QgYmUgcmVzZXQgaW4gdGhlICRDb25uZWN0ZWRTeXN0ZW1OYW1lJCBzeXN0ZW0uLiAgVGhlIHJlYXNvbiBmb3IgZmFpbHVyZSBpcyBpbmRpY2F0ZWQgYmVsb3c6PC9wPg0KICA8cD5SZWFzb246ICRGYWlsdXJlUmVhc29uJDwvcD4NCiAgPHA+SWYgeW91IGhhdmUgYW55IGZ1cnRoZXIgcXVlc3Rpb25zLA0KICAgICBwbGVhc2UgY29udGFjdCB0aGUgaGVscCBkZXNrIGF0ICgwMTIpIDM0NS02Nzg5IG9yIGVtYWlsDQogICAgIGF0IDxhIGhyZWY9Im1haWx0bzpoZWxwLmRlc2tAbXljb21wYW55LmNvbSI+DQogICAgIGhlbHAuZGVza0BteWNvbXBhbnkuY29tIDwvYT48L3A+DQogIDxwPiAtIEF1dG9tYXRlZCBTZWN1cml0eTwvcD4NCiAgPHA+PGltZyBTUkM9ImNpZDpwb3dlcmVkX2J5X25vdmVsbC5naWYiIEFMVD0iUG93ZXJlZCBieSBOb3ZlbGwiIHdpZHRoPSI4MCIgaGVpZ2h0PSIyOSIvPjwvcD4NCjwvYm9keT4NCjwvaHRtbD4NCg==
      objectClass: notfMergeTemplate
      objectClass: Top
      cn: Password Reset Fail
      
      dn: cn=Password Set Fail,cn=Default Notification Collection,cn=Security
      notfMergeTemplateSubject: Notice of Password Set Failure
      notfMergeTemplateData:: PGh0bWwgeG1sbnM6Zm9ybT0iaHR0cDovL3d3dy5ub3ZlbGwuY29tL2RpcnhtbC93b3JrZmxvdy9mb3JtIj4NCiAgPGZvcm06dG9rZW4tZGVzY3JpcHRpb25zPg0KICAgIDxmb3JtOnRva2VuLWRlc2NyaXB0aW9uIGl0ZW0tbmFtZT0iVXNlckZ1bGxOYW1lIiBkZXNjcmlwdGlvbj0iVGhlIHVzZXIncyBmdWxsIG5hbWUiLz4NCiAgICA8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbiBpdGVtLW5hbWU9IlVzZXJHaXZlbk5hbWUiIGRlc2NyaXB0aW9uPSJUaGUgdXNlcidzIGdpdmVuIG5hbWUiLz4NCiAgICA8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbiBpdGVtLW5hbWU9IlVzZXJMYXN0TmFtZSIgZGVzY3JpcHRpb249IlRoZSB1c2VyJ3MgbGFzdCBuYW1lIi8+DQogICAgPGZvcm06dG9rZW4tZGVzY3JpcHRpb24gaXRlbS1uYW1lPSJDb25uZWN0ZWRTeXN0ZW1OYW1lIiBkZXNjcmlwdGlvbj0iVGhlIGV4dGVybmFsIGFwcGxpY2F0b24gbmFtZSIvPg0KICAgIDxmb3JtOnRva2VuLWRlc2NyaXB0aW9uIGl0ZW0tbmFtZT0iRmFpbHVyZVJlYXNvbiIgZGVzY3JpcHRpb249IlRoZSBmYWlsdXJlIHJlYXNvbiIvPg0KICA8L2Zvcm06dG9rZW4tZGVzY3JpcHRpb25zPg0KPGhlYWQ+DQogIDx0aXRsZT5Ob3RpY2Ugb2YgUGFzc3dvcmQgU2V0IEZhaWx1cmU8L3RpdGxlPg0KICA8c3R5bGU+IDwhLS0gYm9keSB7IGZvbnQtZmFtaWx5OiBUcmVidWNoZXQgTVMgfSAtLT4gPC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IEJHQ09MT1I9IiNGRkZGRkYiPg0KPHA+RGVhciAkVXNlckZ1bGxOYW1lJCw8L3A+DQogIDxwPlRoaXMgaXMgYSBub3RpY2UgdGhhdCB5b3VyIHBhc3N3b3JkIGNvdWxkIG5vdCBiZSBzZXQgaW4gdGhlICRDb25uZWN0ZWRTeXN0ZW1OYW1lJCBzeXN0ZW0uLiAgVGhlIHJlYXNvbiBmb3IgZmFpbHVyZSBpcyBpbmRpY2F0ZWQgYmVsb3c6PC9wPg0KICA8cD5SZWFzb246ICRGYWlsdXJlUmVhc29uJDwvcD4NCiAgPHA+SWYgeW91IGhhdmUgYW55IGZ1cnRoZXIgcXVlc3Rpb25zLA0KICAgICBwbGVhc2UgY29udGFjdCB0aGUgaGVscCBkZXNrIGF0ICgwMTIpIDM0NS02Nzg5IG9yIGVtYWlsDQogICAgIGF0IDxhIGhyZWY9Im1haWx0bzpoZWxwLmRlc2tAbXljb21wYW55LmNvbSI+DQogICAgIGhlbHAuZGVza0BteWNvbXBhbnkuY29tIDwvYT48L3A+DQogIDxwPiAtIEF1dG9tYXRlZCBTZWN1cml0eTwvcD4NCiAgPHA+PGltZyBTUkM9ImNpZDpwb3dlcmVkX2J5X25vdmVsbC5naWYiIEFMVD0iUG93ZXJlZCBieSBOb3ZlbGwiIHdpZHRoPSI4MCIgaGVpZ2h0PSIyOSIvPjwvcD4NCjwvYm9keT4NCjwvaHRtbD4NCg==
      objectClass: notfMergeTemplate
      objectClass: Top
      cn: Password Set Fail
      
      dn: cn=Password Sync Fail,cn=Default Notification Collection,cn=Security
      notfMergeTemplateSubject: Notice of Password Synchronization Failure
      notfMergeTemplateData:: PGh0bWwgeG1sbnM6Zm9ybT0iaHR0cDovL3d3dy5ub3ZlbGwuY29tL2RpcnhtbC93b3JrZmxvdy9mb3JtIj4NCiAgPGZvcm06dG9rZW4tZGVzY3JpcHRpb25zPg0KICAgIDxmb3JtOnRva2VuLWRlc2NyaXB0aW9uIGl0ZW0tbmFtZT0iVXNlckZ1bGxOYW1lIiBkZXNjcmlwdGlvbj0iVGhlIHVzZXIncyBmdWxsIG5hbWUiLz4NCiAgICA8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbiBpdGVtLW5hbWU9IlVzZXJHaXZlbk5hbWUiIGRlc2NyaXB0aW9uPSJUaGUgdXNlcidzIGdpdmVuIG5hbWUiLz4NCiAgICA8Zm9ybTp0b2tlbi1kZXNjcmlwdGlvbiBpdGVtLW5hbWU9IlVzZXJMYXN0TmFtZSIgZGVzY3JpcHRpb249IlRoZSB1c2VyJ3MgbGFzdCBuYW1lIi8+DQogICAgPGZvcm06dG9rZW4tZGVzY3JpcHRpb24gaXRlbS1uYW1lPSJDb25uZWN0ZWRTeXN0ZW1OYW1lIiBkZXNjcmlwdGlvbj0iVGhlIGV4dGVybmFsIGFwcGxpY2F0b24gbmFtZSIvPg0KICAgIDxmb3JtOnRva2VuLWRlc2NyaXB0aW9uIGl0ZW0tbmFtZT0iRmFpbHVyZVJlYXNvbiIgZGVzY3JpcHRpb249IlRoZSBmYWlsdXJlIHJlYXNvbiIvPg0KICA8L2Zvcm06dG9rZW4tZGVzY3JpcHRpb25zPg0KPGhlYWQ+DQogIDx0aXRsZT5Ob3RpY2Ugb2YgUGFzc3dvcmQgU3luY2hyb25pemF0aW9uIEZhaWx1cmU8L3RpdGxlPg0KICA8c3R5bGU+IDwhLS0gYm9keSB7IGZvbnQtZmFtaWx5OiBUcmVidWNoZXQgTVMgfSAtLT4gPC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IEJHQ09MT1I9IiNGRkZGRkYiPg0KICA8cD5EZWFyICRVc2VyRnVsbE5hbWUkLDwvcD4NCiAgPHA+VGhpcyBpcyBhIG5vdGljZSB0aGF0IHlvdXIgcGFzc3dvcmQgZnJvbSB0aGUgJENvbm5lY3RlZFN5c3RlbU5hbWUkIHdhcyB1bmFibGUgdG8gc3luY2hyb25pemUgdG8gb3RoZXIgY29ubmVjdGVkIHN5c3RlbXMuICBUaGUgcmVhc29uIGZvciBmYWlsdXJlIGlzIGluZGljYXRlZCBiZWxvdzo8L3A+DQogIDxwPlJlYXNvbjogJEZhaWx1cmVSZWFzb24kPC9wPg0KICA8cD5JZiB5b3UgaGF2ZSBhbnkgZnVydGhlciBxdWVzdGlvbnMsIHBsZWFzZSBjb250YWN0IHRoZSBoZWxwIGRlc2sgYXQgKDAxMikNCiAgICAgMzQ1LTY3ODkgb3IgZW1haWwgYXQgPGEgaHJlZj0ibWFpbHRvOmhlbHAuZGVza0BteWNvbXBhbnkuY29tIj4NCiAgICAgaGVscC5kZXNrQG15Y29tcGFueS5jb20gPC9hPjwvcD4NCiAgPHA+IC0gQXV0b21hdGVkIFNlY3VyaXR5PC9wPg0KICA8cD48aW1nIFNSQz0iY2lkOnBvd2VyZWRfYnlfbm92ZWxsLmdpZiIgQUxUPSJQb3dlcmVkIGJ5IE5vdmVsbCIgd2lkdGg9IjgwIiBoZWlnaHQ9IjI5Ii8+PC9wPg0KPC9ib2R5Pg0KPC9odG1sPg0K
      objectClass: notfMergeTemplate
      objectClass: Top
      cn: Password Sync Fail
      
  4. Install the NMAS methods.

  5. After installing the NMAS plug-ins on iManager, goto NMAS > NMAS Login> Methods > New. Browse to and install the configuration files from the desired NMAS methods.

NOTE:Ensure that you refer the log file before applying the workaround. For example, the Role Based Provisioning Module schema is already extended, you don't need to extend it while installing the Role Based Provisioning Module driver.

When two events occur on the syntax stream attribute, the first attribute change is lost

Source: The Identity Manager 4.0 engine does not store the STREAM and OCTET_STRING attributes in the cache. When an event is synchronized to the connected system, the engine reads these attributes from the Identity Vault and updates the connected system. If these attributes are modified before the engine reads them from the Identity Vault, the modified value is updated in the connected system and the intermediate change might be lost.
Action: If the attribute is changed frequently, use an appropriate syntax other than SYN_STREAM.

For example, if an XML object is stored in the STREAM attribute, use XMLData syntax instead of SYN_STREAM.