This document contains the known issues for Novell Identity Manager 4.0.2.
The following sections provide information on known issues at the time of the product release.
You might encounter the following issues during the installation of the Identity Manager framework installer:
Ensure that the specified path doesn’t contain any spaces.
You cannot install the Linux/UNIX Bidirectional driver in a Solaris zone that contains a read-only/usr partition. If you select the driver for installation, the Identity Manager 4.0.2 framework installer reports an error.
If Platform Agent is already installed on a machine where you are installing Identity Manager 4.0.2, the Identity Manager installer will replace it. However, if the Platform Agent version installed in the system is higher than 2.02-62, it is downgraded to 2.02-62 version.
To workaround this issue, reinstall the latest version of Platform Agent after the Identity Manager installation is complete.
You might encounter the following issues when you use the Identity Manager integrated installer:
You cannot use UNC paths for installation and configuration when you use the Identity Manager 4.0.2 integrated installer (for example, \\myserver\share\Identity_Manager_4.0.2_Windows_Enterprise).
To workaround this issue, create an actual mapped drive.
The integrated installer does not perform a health check before the secondary server addition.
You must run ndscheck command if you are adding secondary server through the integrated installer. On Windows, run ndscheck command from the <install location>\NDS folder. On Linux/Solaris, run it from the /opt/novell/eDirectory/bin/ndscheck directory. Specify the mandatory parameters and run the command as follows:
ndscheck [-h <hostname port]>] [-a <admin FDN>] [[-w <password>]
NOTE:Running ndscheck command on Windows causes eMbox warnings to display on the screen. Don't treat these warnings as health check failure. It is safe to ignore them.
The configuration fails with an exit value of 13. For a successful configuration of RBPM and Identity Reporting Module, ensure that the number of open connections for the server is increased from a default value of 1024 before configuration is started.
To increase the open connections upto 4096, execute the ulimit -n 4096 command in the terminal where configuration is invoked. Ensure that your console terminal shows open files (-n) 4096 when you run the ulimit -n command.
This attribute is not listed under
in iManager. To workaround this issue, perform the following steps:Select authsamlProviderID in the
list and move it to the list by clicking on the left arrow.In the input field, enter a value in the following format:
cn=<Name of the SAML Object>
For example:
cn=SCCp16ouo,cn=nids,ou=accessManagerContainer,o=novell
This behavior occurs only on the Windows server platform when Access Manager creates the SAML authorization object.
This warning is displayed only on Solaris. It is safe to ignore the warning and continue with the installation.
You might encounter the following issues when you use the Remote Loader:
If you choose to have both a 32-bit and a 64-bit Remote Loader on the same machine, the audit events are generated only with the 64-bit Remote Loader. Events are not logged to the lcache file with the 32-bit Remote Loader.
When 32-bit and 64-bit Remote Loaders are installed together, the events are logged to the 64-bit lcache and 32-bit Remote Loader fails to log audit events. It displays the "Agent already running error" error message.
However, if a 64-bit Remote Loader is installed before installing a 32-bit Remote Loader, the events are logged to the 32-bit lcache, which prevents 64-bit Remote Loader from logging events. The 32-bit and 64-bit lcaches don’t work on the same machine.
To workaround this issue, don't install both 32-bit and 64-bit Remote Loaders on the same machine.
When a 32‐bit Remote Loader 4.0 is upgraded to 64‐bit 4.0.2 Remote Loader, the upgrade process does not clean the following 32‐bit 4.0.0 packages:
novell‐DXMLbase‐4.0.0‐20100929
novell‐DXMLedir‐4.0.0‐20100929
novell‐DXMLgw‐3.5.3‐20100405
novell‐DXMLrdxml‐4.0.0‐20100929
novell‐edirectory‐expat‐32bit‐8.8.6‐8
novell‐edirectory‐xdaslog‐32bit‐8.8.6‐8
novell‐NOVLjvml‐4.0.0‐20100929
You might encounter the following issues as you use the Identity Manager drivers:
At times, you cannot select drop-down options when creating or configuring a driver. To workaround this issue:
Click the drop-down menu and continue to hold the left mouse button until the desired option is highlighted.
Release the left mouse button to select the option.
You might encounter the following issues when you use the Identity Reporting Module:
If you remove an attribute that was added to the Data Collection Service driver filter policy, the attribute is not removed from the extended attributes tables (idmrpt_ext_attr, which tracks the attributes) and no data is removed from the idmrpt_ext_item_attr table.
In Firefox, if the
on the Calendar page are set to show 1 week, clicking Today displays a day one week ahead of today.To see today’s schedule in the Calendar page, press the up-arrow to go back one week. This issue does not occur in Internet Explorer.
Under the following circumstances, the logevent.conf is overwritten without prompting during the installation of the reporting module:
There is already a logevent.conf file in /etc/ directory.
EAS is installed on the same machine.
During the reporting installation, you replace the value of localhost
and enter the machine's actual IP address for the EAS server.
To workaround this issue, manually update the /etc/logevent.conf file after the installation is complete.
If EAS is remotely installed and you want to test the connection to EAS during the Identity Reporting Module installation, the parent directory of your chosen install directory must exist prior to running the installation. Without an existing parent directory, the installation directory cannot be created in order to write the JDBC JAR file used for testing the connection. For example, if you are installing the Identity Reporting Module to /opt/novell/IdentityReporting, ensure that the /opt/novell directory exists before beginning the installation.
This problem has only been observed on WebSphere.
When you add an application in the Reporting Module, you might notice that a valid certificate is not properly converted. The following actions might cause this problem to occur:
Log in to the Identity Reporting Module with valid credentials.
Navigate to the Applications page and click the
button.Fill in all the mandatory fields and browse for the certificate by selecting the
check-box and clicking .The certificate should be converted, but this does not occur.
To workaround this issue, copy and paste the content of the certificate into the text area on the form.
You cannot modify the frequency of a schedule. To change the frequency (from week to month, for example), delete the schedule and create a new one.
In the Identity Reporting Module, if an .rpz file is downloaded by using the Internet Explorer browser, the file might change its extension from.rpz to .zip file format. This change does not cause any issues. The Reporting Module correctly handles the upload and import of the reports with the .zip file extension.This issue is not reported on Firefox.
If you use Internet Explorer browser in HTTPS to access the Reporting Module, the following pop-up message is displayed:
Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
If you select http://. This behavior is not observed with FireFox.
, the login screen for the Reporting Module does not appear. You must select . The behavior is observed because the download site for the new reports only supports the HTTP protocol. The link to that site is constructed if you useYou might encounter the following issues when you use the Roles Based Provisioning Module:
In Firefox or Dojo, if you attempt to copy text in the Detail portlet, an error message is displayed.
The following actions cause this message to appear:
Log in to the User application as administrator and go to the
tab.Click
in Portlet Applications.Click
.Click the
icon and enter some sample text, such as “TEST”.Select the text and click the
icon.If you follow these steps, you see the following error message:
“Exception... "Access to XPConnect service denied" code: "1011" nsresult: "0x805303f3 (NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED)" location: "http://172.16.1.99:8180/IDMProv/resource//portal-general/javascript/html_editor.js Line: 531" ” when clicked on Copy button.
You might also see this message when performing cut and paste operations.
The Roles Based Provisioning Module reports provided under
on the tab have been deprecated from Identity Manager 4.0 onwards. These reports will be removed in a future release.On WebSphere, if you create a new user with special characters in the name, the user cannot log in to the User Application. For example, if you create a user as /Test//
from the page, an error is displayed when the new user tries to log in to the User Application.
If you redeploy the User Application driver from Designer after running the integrated installer, the trustees for the Attestation Report provisioning request definitions are deleted and no one can execute the report. This is because the trustees are added to the Attestation Report provisioning request definitions when the User Application starts. Because Designer does not know about the trustees, an attempt to redeploy the User Application driver from Designer removes the trustees. Therefore, you need to import these objects from eDirectory after User Application startup to synchronize the trustees.
If you install PostgreSQL on a server that is set up with Simplified Chinese as the number format (by using
), PostgreSQL does not install successfully. Ensure that the Simplified Chinese Number format is changed on the server where you are installing PostgresSQL.When the User Application is accessed in a language other than the default language (for example, accessing in Spanish while the default language is set to English), if a resource is added to a role, ensure that a value is supplied for the default language in the
field. To do this, press the button after the field and enter a value in the language that is marked with the (the default language). If a value is not entered for the default language, you get an error and you cannot add the resource to the role.If an administrator deletes a role that requires a workflow after a user has made a role request, the workflow addressee for the role request still sees the workflow in the Task List and be able to approve or deny the request.
When the User Application is deployed on WebSphere 7, if you access a Web Service home page either directly or from the Administration page, you see a broken image on the page. It also throws a java.lang.NullPointerException in the SystemOut.log file. However, there is no loss of functionality. You can still download the WSDL file and use the Web Services.
If you create the tables for the User Application during installation, you might still see messages in the log that indicate that the database is being updated at start-up time when you start the User Application. This is caused by a limitation in Liquibase 2.0.1.
To workaround this issue, set the create-db-on-startup parameter to false in the web.xml file, as shown below:
<init-param> <param-name>create-db-on-startup</param-name> <param-value>false</param-value> </init-param>
Novell provides the JBossPostgreSQL utility as a convenience. If your company does not already provide an application server and a database server, you can use the JBossPostgreSQL utility to install an Open Source version of these components. By running this utility, you can install these components without having to download them separately. If you need support, go to the third party provider of the component. Novell does not provide updates for these components, or administration, configuration, or tuning information for these components, beyond what it is outlined in the RBPM documentation.
You might encounter the following issue as you use Role Mapping Administrator.
When you make changes to the active profile in the Role Mapping Administrator configuration page, all the cached authorizations are cleared from the database. You must reload the authorizations after changes are made to the active profile. For more information, see loading authorizations in the Identity Manager Role Mapping Administrator 4.0.2 User Guide.
You might encounter the following issues as you use iManager:
When you are using iManager, particularly the Policy Builder, Internet Explorer 7 continually prompts you for access to the Clipboard. To disable prompting:
Click
> .Click the
tab, then click .Click
> , then select .After you restart Internet Explorer, the prompting stops.
If you want to use the NDS-to-NDS Driver Certificates Wizard, you must download and install the iManager plug-in for Novell Certificate Server.
You might encounter the following issues during uninstallation of the Identity Manager Metadirectory engine and drivers.
On Windows, the jar files from the lib directory are not removed. On Solaris, the DXMLnotes.pkg is not removed. You need to remove them manually.
The uninstall log files are created in the temp directory.
The Identity Vault uninstallation hangs when you run the nds-uninstall command.
To successfully uninstall the Identity Vault:
Stop the DHost from the Task Manager.
Start the NDS service.
Start the uninstallation program.
For more information on uninstalling the Roles Based Provisioning Module, refer to uninstallation details in the Identity Manager Roles Based Provisioning Module 4.0.2 User Application: Installation Guide.
The following command might fail with an exit value of 1:
cmd /c copy "C:\Users\Administrator\AppData\Local\Temp\2\I1285831815\Windows\resource\jre\..\iawin64_x64.dll" "C:\Program Files (x86)\Novell\Identity Manager\Uninstall_Roles_Based_Provisioning_Module_for_Novell_Identity_Manager\resource\iawin64_x64.dll
The uninstaller does not remove the <system drive>\Novell\conf folders.
and theTo work around this issue, manually remove these folders.
If you select Brazilian Portuguese, Danish, Dutch, English, French, German, Italian, Swedish, Spanish, or Russian as your choice of language for installing Identity Manager 4.0.2, the installer displays corrupt characters during installation.
If you select English, the installer contains a corrupt character on the Select Language page of the installation program. However, the characters display correctly for the Asian languages when the installer is run on Asian Windows.
For the characters to display correctly, ensure that you change the default font of your Windows machine to Lucida Console by using the following steps before installing Identity Manager:
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage and change the OEMCP value from 850 to 1252.
For Russian, change the OEMCP value from 866 to 1251 in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage directory.
Go to cmd in the text box, then press Enter to launch the command prompt.
, typeRight-click the title bar of the cmd window to open the pop-up menu.
Scroll down in the pop-up menu and select the
option to open the Console Windows Properties dialog box.Click the Raster to Lucida Console ( ).
tab and change the default font fromClick
.Restart the machine.
A Microsoft Visual C++ 2005 Redistributable error message displays when Identity Manager is installed on Russian Windows 2008 SP2. When you click
in the error message, the installation completes successfully.To avoid this error, visit the Microsoft support site and run the steps specified in the Let me fix it myself section of the online page.
Ensure that you install the following libraries before installing Identity Manager on RHEL 6.0:
For GUI Install: Before invoking the Identity Manager installer, manually install the dependant libraries.
For a 64-bit RHEL: Install the following libraries in the same order:
libXau-1.0.5-1.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
glibc-2.12-1.7.el6.i686.rpm
libstdc++-4.4.4-13.el6.i686.rpm
libgcc-4.4.4-13.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For a 32-bit RHEL: Install the following library:
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For Package Install on RHEL 6.x: Before invoking the Identity Manager installer, you must manually setup a repository for the installation media.
(Conditional) If you are copying the ISO to the server, run the following command:
#mount-o loop <path to iso>/mnt/rhes62
(Conditional) If you are copying to a CD or a DVD, and to the server, run the following command:
#mount /dev/cdrom/mnt/rhes62
(Conditional) If you have mounted the ISO, create a repository file in the /etc/yum.repos.d location and perform the following configuration steps:
#vi/etc/yum.repos.d/rhes.repo [redhat-enterprise] name=RedHat Enterprise $releasever - $basearch baseurl=file:///mnt/rhes62/ enabled=1
(Optional) If you are using an installation server, configure the following in vi /etc/yum.repos.d/rhes.repo:
[redhat-enterprise] name=RedHat Enterprise $releasever - $basearch baseurl=<url to the installation source> enabled=1
Run the following commands after setting up the repository:
# yum clean all # yum repolist # yum makecache
To install the 32-bit packages, change “exactarch=1” to “exactarch=0” in the /etc/yum.conf file.
Install the GPG key by using the rpm import <path / url> to RPM-GPG-KEY-redhat-release command:
# rpm --import /mnt/rhes62/RPM-GPG-KEY-redhat-release
or
# rpm --import http://<url>/RPM-GPG-KEY-redhat-release
(Optional) To install the required packages for Identity Manager 4.x, execute the following script:
#!/bin/bash PKGS="libXau.i686 libxcb.i686 libX11.i686 libXext.i686 libXi.i686 libXtst.i686 glibc.i686 libstdc++.i686 libgcc.i686 compat-libstdc++-33.i686 compat-libstdc++-33.x86_64" for PKG in $PKGS ; do yum -y install "$PKG" done
NOTE:The script cannot locate compat-libstdc++-33.x86_64 library in the 32-bit repository unless you have modified the 64-bit repository and installed the RPM separately.
For Non-GUI Install: Before invoking the Identity Manager installer, manually install the dependant libraries.
For a 64-bit RHEL: Install the following libraries in the same order:
glibc-2.12-1.7.el6.i686.rpm
libstdc++-4.4.4-13.el6.i686.rpm
libgcc-4.4.4-13.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For a 32-bit RHEL: Install the following library:
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
NOTE:Ensure that the unzip rpm is installed before installing Identity Manager. This is applicable for all Linux platforms.
To workaround this issue, manually start JBoss after system reboot.
To workaround this issue, manually start the Role Mapping Administrator service after completing the Identity Manager 4.0.2 installation.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2012 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.