Novell Analyzer 4.0.1 Readme

April 15, 2011

This document provides important information related to Novell Analyzer for Identity Manager. It includes the following sections:

1.0 Readme Information

The latest version of this Readme is available at the Novell Identity Manager documentation Web site.

2.0 Documentation

This Readme contains the known issues for Novell Analyzer for Identity Manager 4.0.1. In addition to this Readme, separate Readmes are available for Identity Manager 4.0.1 and Designer 4.0.1:

Additional documentation resources are also available for the following products:

3.0 Overview

Analyzer is an Eclipse-based Identity Manager project that provides a set of tools aimed at ensuring that general internal policies are adhered to for data quality, which includes data analysis, data cleansing, data reconciliation, and data monitoring/reporting. Customers can use Analyzer to analyze, enhance, and control all data stores throughout their enterprise.

Three phases—Analyze, Enhance, and Control—are particularly important when designing Identity Management solutions. Before implementing an Identity Management solution, designers spend a significant amount of time analyzing the identity data, cleansing the identity data, and modeling business rules to create identity data replication and synchronization policies that guarantee the data remains in a reliable state. Additionally, after an Identity solution is put into place, customers must verify and reconcile that the these processes are performing as intended to maintain consistent and reliable data.

The goal of Analyzer is to provide a set of tools to resolve data quality issues and improve the Identity Manager deployment process. Industry analysts note that Identity Management projects spend three to eight times more on design and implementation than on the cost of the software on design and implementation. Analyzer directly attacks these project-related costs by providing a powerful environment for cleaning and preparing identity data in order to streamline identity infrastructure implementations.

Novell is developing Analyzer under an iterative development model. At the end of each iteration Novell releases a milestone build that encompasses the goals of that milestone. These milestones provide customers with access to the product throughout the development cycle so they can participate in directing development decisions over time.

4.0 System Requirements

Review the following system requirements before installing Analyzer:

4.1 Hardware Requirements

  • Minimum video resolution: 1024 x 768 (1280 x 1024 recommended)

  • Memory: 512 MB minimum (1 GB recommended)

  • Processor: 1 GHz or higher

4.2 Software Requirements

  • Analyzer requires one of the following operating systems:

    • SUSE Linux Enterprise Desktop 10 SP2

    • SUSE Linux Enterprise Server 10 SP2

    • SUSE Linux Enterprise Server 11

    • openSUSE 10.3

    • openSUSE 11.3

    • Windows XP or Vista

    • Windows 2003

    • Windows 2008

  • compat-2008.5.6-6.1.i586.rpm (32-bit system) or compat-32bit-2008.5.6-6.1.x86_64.rpm (64-bit system)

  • Gettext Utilities (Linux installation only)

5.0 Available Drivers

The following Identity Manager drivers have been tested with Analyzer 4.0.1, both locally and remotely where applicable:

  • Active Directory

  • JDBC

    NOTE:The JDBC driver has been tested with the following databases: DB2, Informix, MySQL, Oracle, PostgreSQL, SQL Server, and Sybase.

  • LDAP

  • PeopleSoft

  • i5/OS

  • Linux/UNIX

  • OS/400

  • RACF

  • SAP User

  • TopSecret

For information about installing and configuring a Remote Loader for the drivers that require it, see the Identity Manager Remote Loader documentation.

6.0 Known Issues

The following issues exist in the Analyzer 4.0.1 environment:

6.1 Analyzer fails to start after being installed through the integrated installer

To start the Analyzer, perform the following steps to change the XULRunner mapping:

  1. As a root user, navigate to the /opt/novell/idm/Analyzer folder.

  2. Open the Analyzer.ini file in the gedit editor.

  3. Add the following line at the end of the list of the parameters given in the Analyzer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
    

    The Analyzer.ini file should read as follows:

    -vmargs
    -Xms256m
    -Xmx1024m
    -XX:MaxPermSize=128m
    -XX:+UseParallelGC
    -XX:ParallelGCThreads=20
    -XX:+UseParallelOldGC
    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
    
  4. Save the file and close it.

6.2 Avoiding projects created with pre-release versions of Analyzer

Over the course of its development, Analyzer has gone through some significant architectural and model changes. Because of this, projects created with pre-release versions of Analyzer might not work properly with the released Analyzer.

To avoid difficulty, specify a new workspace for the released Analyzer and do not mix old projects with new projects. When you use the internal Analyzer database, this ensures that you are not mixing pre-release data tables and formats with the released Analyzer data tables.

If you use an external MySQL database as your Analyzer database, clean out any pre-release data before using it with the released Analyzer. To do this, use your preferred database management tool to delete the following database tables before starting the released Analyzer for the first time:

  • DSTable_ver where ver is a version number

  • AnalysisTable_ver where ver is a version number

  • All tables with an enf_ prefix

Alternatively, you can create a new MySQL database for use with the released Analyzer.

6.3 Data browser issues

Please note the following issues when using the Data Browser:

Limit Attributes in Data Set Definition: Novell recommends restricting data set definitions to fewer than 10 attributes for optimal Data Browser performance. Creating data set definitions with more than 10 attributes causes the Data Browser performance to deteriorate significantly.

Painting Issues: When you return from the Multi-Value Edit dialog box to a cell with multiple values, Analyzer does not repaint the table cursor correctly.

Sorting Issues: Integer columns sort as strings instead of integers. For example, 100 sorts before 90. Also, sorting is case sensitive. For example, “Bob” sorts before “andy”.

Empty Column in Flat File Data Import: The Source-DN field is always empty in a data set instance imported from a flat file. You can ignore it.

To correct the display, move to another cell with a click or an arrow key, then move back to the original cell.

6.4 Analyzer does not start after installing on Windows Vista

Windows Vista has implemented a new User Account Control feature that prevents applications from running as Administrator unless you specifically allow it.

To run Analyzer in Vista, right-click the Analyzer shortcut and choose the option to Run as Administrator. You can also choose to disable User Account Control.

6.5 Analyzer database does not initialize after restart

If you quickly stop and restart Analyzer, the Analyzer Database might not reinitialize properly. To avoid this problem, wait approximately thirty seconds before restarting Analyzer.

If Analyzer starts and the Analyzer Database is not initialized correctly, select Refresh View in the Project View to reinitialize the database.

6.6 Using a MySQL external database with Analyzer

Analyzer allows you to change its internal database from the default HSQLDB to a MySQL database. You can configure database settings in Window > Preferences > Analyzer > Database Settings. When you use an external MySQL database, be aware of the following issue:

Extended and Double-Byte Characters: The MySQL database uses the default character set from the operating system for encoding table fields. If an extended or double-byte character is not recognized by the default character set, Analyzer displays ??? in the Data Browser. To avoid this, set the operating system’s default character set to UTF-8, or to a character set that includes all the extended or double-byte characters that Analyzer might import.

6.7 SAP User driver requires additional files

To use the SAP user driver, you must install the sapjco.jar library in Analyzer, and install the librfc32.dll and sapjcorfc.dll into the Windows %systemroot% folder (typically C:\windows\system32).

Restart Analyzer after installing these files.

6.8 DB2 driver requires additional libraries

The Analyzer DB2 driver requires the following two libraries to function properly. You can download these libraries from IBM.

  • db2java.zip

  • db2jcc.jar

6.9 Warning about modifying data

Analyzer does not prevent users from modifying anything in a data set. If a user with appropriate rights to the source application modifies a value, for example a GUID or DN, Analyzer does not attempt to determine if the modification causes a problem when written out to the source application.

To avoid causing unintended problems in the source application, users should be careful when modifying data and sending those modifications to the source application.

6.10 Errors when sending updated data to an application

When you attempt to push updated data to the source application from Analyzer’s Data Browser (by clicking Save to Application), you might get an error indicating there was a problem with the update operation. However, the Data Browser’s modified data indicators in the data table change to indicate that the updates were successful.

If this occurs, the data updates might have been unsuccessful. Re-import the data from the source application to make sure you know the true state of the data before making any other data modifications.

Problems with the update operation occur primarily when adding a value to a multi-valued attribute.

6.11 IDS trace level

The IDS Trace view consumes significant resources. You should only open the IDS Trace view when you need the information.

The IDS Trace level is set to 3 by default in order to track connection problems and errors. This trace level can cause performance issues with data browsing. You can modify this setting by clicking the Preferences button in the IDS Trace view.

6.12 Importing does not return data from the application

The following issues can prevent Analyzer from displaying data set content in the Data Browser view:

6.12.1 SQL reserved word used as a column name

Analyzer 4.0.1 does not support SQL reserved words as column names for data sets (For example, group or select.) If a column name is an SQL reserved word, no data displays in the Data Browser view. To avoid this, exclude the column (attribute) with a reserved-word name from the data set.

6.12.2 Subscriber Is disabled for the selected connection

By default, Analyzer’s Subscriber channel is enabled so that you can perform data set queries. However, if a connection profile was synchronized from Designer with the Subscriber channel disabled, it remains disabled for Analyzer. If your data sets do not have any data, confirm that the connection profile’s Subscriber channel is enabled in Analyzer.

To do this, right-click the desired connection profile, then select Properties. In the connection profile properties, select IDS Configuration > Parameters > Subscriber Options. Make sure that Disable subscriber is set to No (default).

6.13 Back button does not work in the configuration wizard

The Back button in the Configuration Wizard dialog boxes is not functional. If you need to make a change to the connection profile on which you are working, either cancel the wizard and start over, or finish configuring the connection profile and make the change in the connection properties.

6.14 Analysis does not consider the class name

Analyzer performs its data analysis solely based on the attribute name, and does not take the class name into account. Therefore, if you map attributes from different classes to the same application attribute, the analysis tests only the first mapped attribute it encounters. For example, in the following schema map, Analyzer tests only the name attribute mapped to the Group class, and ignores the mapping in the User class.

Class = Group
  |___ Attribute = gname ---> name
Class = User
  |___ Attribute = uname ---> name

This issue might also exist with the preconfigured schema maps that Analyzer includes with its drivers. The mappings might be correct to the attribute name, but not the class name.

6.15 Deleting multiple projects generates exceptions

If you delete multiple Analyzer projects simultaneously, the error log might record several exception messages. These messages are benign and do not indicate any problem with Analyzer or with the delete operation.

6.16 Some characters cause problems with pattern frequency analysis

The Pattern Frequency analysis metric does not work properly with data that includes the following characters. If you attempt to do a pattern frequency analysis on a data set that has values that contain any of these characters, the analysis fails and returns an empty result.

Character

Description

+

Plus (addition) symbol

*

Asterisk

.

Period

Apostrophe

?

Question mark

|

Pipe symbol

\

Backslash symbol

( )

Left or right parentheses

[ ]

Left or right bracket

6.17 Apostrophe in a value causes a problem with saving to an application

If you modify a data value in a data set instance so that it includes an apostrophe (‘), Analyzer generates a Java exception error when attempting to save the changes back to the application. This occurs when using either the HSQL database or an external MySQL database for Analyzer.

6.18 Unable to import connections from Designer

If connections do not import properly from Designer, the likely problem is that the server configuration associated with the driver set in Designer is incorrect or incomplete. For example, when you create a new driver set in Designer, the default server DN is server.context. If you attempt to import connection information that includes invalid information like this, the import fails.

Before importing connection information from Designer, make sure that the server information is valid.

6.19 Errors when printing reports

On Linux systems with CUPS printers, the JasperReports framework is unable to print reports directly from the Report Viewer. However, you can save the report as a PDF file, then print it from a PDF reader.

6.20 Unable to cancel large data operations

When you import a large data set instance or run an SQL query on a large data set instance, clicking Cancel in the progress dialog box does not work. To cancel the operation, you can either let the operation complete or shut down and restart Analyzer.

6.21 Connection wizard help pages

The Connection Wizard uses some dynamic help pages from which Designer is unable to properly reference the Analyzer help pages. Because of this, when you click the Help button you get general Eclipse help rather than dialog-specific help for the Connection Wizard.

The first three pages and the final Summary page in the Connection Wizard are static pages that properly display the Analyzer help. Use the help from these pages to get all the help information for the Connection Wizard.

6.22 Matching analysis does not exclude deleted values

If you have deleted values in the Data Browser that have not been updated to the application, the deleted values are still considered when running a Matching Analysis.

6.23 Application schema import fails

The Identity Vault schema does not support multiple classes with the same name. Some application schemas, such as Notes, do support duplicate class names. If you want to import an application schema that includes duplicate class names, you should first consolidate the duplicate class names into a single class that contains the attributes from all duplicate classes.

If you cannot resolve the duplicate classes in the application schema, you can manually resolve the duplicate class names in Analyzer by doing the following:

WARNING:This procedure is not recommended and can cause inconsistencies in the Identity Vault schema. It should only be used if absolutely necessary.

  1. Open the IDS Trace view (Window > Show View > IDS Trace).

  2. In the Project view, right-click the appropriate connection, then select Refresh Schema.

    This captures the application schema in the IDS Trace. If the IDS Trace does not capture the entire schema, increase the IDS Trace window size by clicking the Preferences icon, then increasing the Maximum lines to retain setting.

  3. Open the Navigator view (Window > Show View > Navigator).

  4. In the Navigator view, expand the appropriate project, then browse to Model > Analyzer.

  5. Double-click the appropriate schema file (*ShimConfig.xml) to open it in an XML editor.

    If there are multiple shim config files, you can identify the application associated with each file by opening the file and looking at the contents of the <class-name>, <auth-id>, and <auth-context> tags.

  6. In the XML editor, search for the following elements. If they do not exist, add them to the schema immediately above the closing </shim-config> tag.

    <app-schema-def>
       <schema-def>
    ...
       </schema-def>
    <app-schema-def>
    
  7. In IDS Trace, locate the <NDS> tag, then paste the contents of the <NDS> tag into the <schema-def> tag in the *ShimConfig.xml file.

    Make sure you do not include the <NDS> as part of what you copy and paste into the *ShimConfig.xml.

  8. Search for any duplicate <ClassDef> elements in the schema definition and consolidate all attribute definitions <attr-def> under a single <ClassDef> element.

  9. Save the changes to the schema file (Ctrl+S), then restart Analyzer.

6.24 Matching is case sensitive when using HSQL

If you are using HSQL as the back end database for Analyzer, matching is case sensitive. If you are using MySQL, the back end database is case insensitive.

6.25 Analyzer crashes on Windows if CM Synergy is installed

When Analyzer is installed on Windows and you have CM Synergy installed, browsing for files causes Analyzer to shut down. You cannot have CM Synergy and Analyzer installed on the same machine.

The CM Synergy install overwrites one of the Windows native libraries that Analyzer uses.

6.26 JVM crashes when launching Analyzer, the Welcome Page, or opening Help on 64-bit Linux

If the 32-bit version of XULRunner is installed on a 64-bit Linux distribution, the JVM might crash when you launch Analyzer, when the Welcome Page displays, or when you view a Help topic. To resolve this problem:

  1. Open the Analyzer.ini file located in the Analyzer install directory.

  2. Add the following line to the end of the Analyzer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/

  3. Save the Analyzer.ini file and launch Analyzer.

7.0 Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2011 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

For Novell trademarks, see the Novell Trademark and Service Mark list.

All third-party trademarks are the property of their respective owners.

Third-Party License Information for Analyzer

The following sections discuss the third-party license information about Analyzer.

Analyzer includes software developed by IBM Corp. using the Eclipse platform (all rights reserved) and the Apache Software Foundation. Novell is an Eclipse Foundation Member.

HSQLDB License

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the Hypersonic SQL Group.

Jython License

Copyright© 2006, Sun Microsystems, Inc.

All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

  • Neither the name of the Sun Microsystems, Inc. nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.