Documentation and the latest readme file for iManager 2.5 are available at Novell iManager 2.5 Web site.
The following Novell® software products should not be installed on the machine where you will be installing the iManager 2.5 software:
Novell Virtual Office 1.3 or lower
exteNd Director 4.1.1 or lower
After you upgrade to iManager 2.5 from 2.0.2, you must also upgrade to the most current version of the plug-ins you use. Failure to upgrade could introduce some unpredictable behavior from old plug-ins. Go to the iManager Plug-In Download Website for the most current versions of plug-ins.
For information on additional iManager 2.5 issues for this release, refer to Novell iManager 2.x Readme Addendum.
Help content continues to be added to iManager.
On a NetWare 6.5 server, if the product.ni install file is located in a directory called “install,” the installer will give the error “File product.ni was not found in the specified path (SYS:).”
Workaround: simply rename the directory to something other than “install.”
On Windows, when a plug-in module is uninstalled, it sometimes still displays in the Roles and Tasks view. If the .jar files contained in an .npm are in use, iManager cannot delete them.
The iManager 2.5 installation program on Solaris install might incorrectly state that the 112438 patch is not installed when in fact it is.
Mobile iManager is not supported on the SLES 8 (SUSE Linux Enterprise Server 8) platform.
If the path to the .jsp file is too long (for example, “c:\documents and settings\administrator\desktop\”), an “Unable to compile class for JSP...” error appears when you are trying to edit the value of an attribute.
If you go to Configure view > Module Installation > Available Novell Plug-in Modules, and click New, then click the Browse button, nothing happens.
Workaround: type the entire path in the text box instead of browsing.
When you attempt to import an LDIF file and click on the Browse button, nothing happens. This same operation works fine if running on Windows, or from a server-based iManager installation.
iManager is processing the install; you just don’t receive any visual confirmation.
After you have extracted the file, a message occurs: “tar: A lone zero block at 242725. “ Ignore it; the product works.
Mobile iManager 2.5 will only run, on NLD, if you are logged in as root. To allow other users to run Mobile iManager, you must add permissions for those users. For example:
chmod -R og+w /opt/imanager.
If you observe strange behavior from iManager, such as a blank screen or missing Roles and Tasks, while using different versions of it in the same browser, clear the browser cache or force a refresh.
When you upgrade from iManager 2.0.2 to 2.5 and then uninstall iManager 2.5, the novell-libldap_c package is not removed. Manually remove this package using the command:
rpm -e novell-libldap_c
If you create a policy when Universal Password is enabled and assign the policy to a user (or a user's container), then open the Modify User page for that user and click Restrictions > Set Password, the Set Password link will not open the new Universal Password Set page.
To get full Universal Password functionality, make sure NMAS 2.3 or later is present on your server and use the Set Universal Password task.
iManager 2.5 does not use portal services. In previous versions of iManager, portal services were used to provide password self-service functionality to users. Using iManager 2.5, if you want users to have access to the self-service features, you must also include an iManager 2.0.2 server in your configuration. As an administrator, you can still install and configure Universal Password Management and the Identity Manager self-service features on an iManager 2.5 server. Only the end-user tasks require iManager 2.0.2.
To configure iManager 2.02 to act as a user portal, run the password self-service installer on all iManager servers to install the service. You can download the plug-ins from the Novell download site
You can also use Virtual Office.
Password management plug-ins require a schema extension in order to work. The password management plug-in installer for iManager 2.5 will extend schema and configure the plug-in for you. Version 2.0.x of the plug-in installer is not supported with iManager 2.5.
This install can't be done via rconsole, rconj, or a similar terminal program such as AdRem. It requires the GUI.
Copy the pwd_install.jar to the sys: volume.
From the server console, enter:
java -cp sys:/pwd_install.jar install
Clear the check box, iManager Plug-ins for Password Management on the Install Components screen.
Copy the pwd_install.jar to /tmp directory.
From the server console, enter:
java -Djava.library.path=/tmp -cp /tmp/pwd_install.jar install
Clear the check box, iManager Plug-ins for Password Management on the Install Components screen.
Double-click the pwd_install.exe file.
Clear the check box, iManager Plug-ins for Password Management on the Install Components screen.
If you are running iManager 2.0.2 with the IDM plug-ins installed and upgrade to iManager 2.5, the install code actually tries to install the older plug-in version into iManager 2.5. You can verify that you have this issue by logging into iManager 2.5 > Configure view > Module Installation > Installed Novell Plug-in Modules. Check any of the Novell Identity Manager plug-ins to verify that the version is at least 2.1.64. If the version is older than 2.1.64 (such as 2.1.61 or 1.0) manually remove those plug-ins and install the most current plug-ins. See iManagerTID #1009719 for further details.
To prevent this problem from happening in the first place, if the older IDM plug-ins are installed in iManager 2.0.2, delete the following NPM files (if they exist) from the tomcat\webapps\nps\packages directory before you perform the upgrade. After the upgrade is complete, go to http://download.novell.com and download the latest IDM plug-ins for iManager.
If an .npm file contains .npg files in the Packages directory, these .npg files are not getting uninstalled. All other files in the .npm should be uninstalled.
LDAP Role | Create LDAP Object Task
The Create button creates the object but will not take it though the LDAP Wizard to assign the necessary things such as Host server on LDAP server or Server List on LDAP Group.
When creating a LDAP Group or Server, do not use the Create button. Instead, use the Next button at the bottom of the page.
After installing RBS for the first time in iManager 2.5 the access mode listed does not immediately change from 'Unrestricted' to 'Collection Owner Access'. You must exit iManager and reauthenticate to make the change visible.
You must enable pop-up windows in your Web browser while working in iManager. If you use an application that blocks pop-up windows, you must disable the blocking feature while working in iManager or allow pop-ups from the iManager host.
iChain's Single Sign-on functionality (including Forward authentication, OLAC, and Form Fill) is not compatible with iManager 2.5. iManager 2.5 requires a username, password, and treename for login, so Single Sign-on using "Forward authentication..." or OLAC will not work. Form Fill also fails because the "Exit" button in the iManager toolbar directs you back to the initial login form. When FormFill is active, you are simply logged back in to iManager.
The server might abend while using iManager with products that use the Nsure™ Audit platform agent. To solve this problem:
Unload Java.
Rename or delete the sys:\tomcat\4\webapps\nps\web-inf\lib\LogEvent.jar file.
Restart the server.
When using Dynamic Groups or any other feature that uses the eDirectory LDAP server, eDirectory might crash, or the NetWare server might abend. If you are using eDirectory version 8.7.3.2, we recommend updating to version 8.7.3.3 or higher.
The following eDirectory tasks have been moved:
Schema Maintenance (Roles and Tasks > Schema)
Repair Sync (Roles and Tasks > Partitions and Replicas)
Replica Repair (Roles and Tasks > Partitions and Replicas)
Replica Ring Repair (Roles and Tasks > Partitions and Replicas)
The error message, " Dynamic Group support is not enabled. The selected Dynamic Group object cannot be used as a role member," displays when you try to add an object as a member of a role, even though Dynamic Group support is enabled. This message can occur when a group has been converted to a Dyanmic Group but support for dynamicGroupAux classes has not been enabled. To enable support for dynamicGroupAux classes:
Click the Configure icon on iManager and select iManager Server > Configure iManager.
Select the RBS tab and change the Dynamic Group Search Type to DynamicGroupObjects&AuxClasses.
When this occurs, the following message appears: “Unknown meaning for error number - 6016; Please call a Novell support provider" but the value is saved. When you access Dynamic Groups, another error message appears: “The system encountered an unknown error. Please contact Novell Support." Workaround: Give the Timeout setting an adequate and reasonable value.
If you create a group, add members, and then later convert the group to a dynamic group, the static members added to the group before it was converted will not display the Role assignment made. Static members added after the group was converted to be dynamic do show the Role assignement. After the conversion to a dynamic group, any users that are listed in the 'Security Equal To Me' list for the group do not display the Role from the assignment made. If you remove them from this list, but keep them in the static list, the Role assignment appears.
When you use Dynamic Groups with base dn values or search filter values that contain spaces or extended characters, after you save the Member Query page and modify the Dynamic Group again, you might see incomplete values or corrupt characters in these fields. Although they display as corrupt or incomplete values, the values are saved correctly.
If you switch to another property book page on the Dynamic Group and return to the Member Query page, the base dn is reset to the root of the tree. If you save the page with the root of the tree in the base dn, it will overwrite the previous entry. If you want to keep the base dn that had spaces or extended characters, you must select it again before saving.
Using Firefox 1.0 that ships with iManager 2.5 returns 404 errors. You can successfully log in to iManager and see all the Roles and Tasks available, but selecting them returns an error.
The problem is in Firefox.You can monitor this bug at the Mozilla bug tracking system.
If you find yourself in this state (which happens with iManager plug-ins that utilize the clipboard), you must edit the javascript file by doing the following:
Close the Firefox browser.
In a folder below the Mozilla/Profiles folder, located in your account’s Application Data folder, find your browser profile’s prefs.js file and delete the following two lines:
user_pref(“capability.principal.codebase.pX.denied”, “UniversalXPConnect”); user_pref("capability.principal.codebase.pX.id”, “<iManager URL Root>”);
where
“<iManager URL Root>” is the root of the URL of the version of iManager you are using; and “X” in the “...pX...” of the two settings match
Restart the browser.
The Internet Security window will continue to annoy you; just select to Allow and do not ever select the Remember this Decision check box.
iManager 2.5 and ZENworks™ for Servers 6.5 (or later) installed on the same server might cause an abend.
Workaround: unload Java before you install iManager 2.5.
Using iManager 2.5 on a NetWare 6.5 SP2 server which was previously running iManager 2.0 and Virtual Office, NetIdentity clients see a NetIdentity style login pop-up when attempting to connect to iManager 2.5. When you enter your user name and password here, the iManager login form appears. The NetIdentity login does not work because of the new iManager login requirement to enter a Tree name or address.
If you create a collection with a ” %” in the name, you cannot delete it from the RBS configuration page. Rename the collection, then go to RBS configuration to delete the collection containing the “%” in its name.
When any field on this page is left blank and then saved, the page says that the changes have being saved and then the fields that were left blank are populated with the default values. Workaround: Do not leave any of these fields blank.
The following scenario illustrates this state:
Using two different browsers (any two), log in as the same user in iManager.
In the first instance, add some object to the history list, such as Modify Object.
In the second instance, check the history; the object does not appear. This is the defect, everything after this is narrowing down the problem.
With the second instance, log off and back in; object still does not appear in the history list.
With the first instance, log off and log back in; object still does not appear in the history list of the second instance.
Now log off and back in to the second instance, and the object will appear. The object only appears after logging off the first instance, and logging off and back in with the second instance.
Under SuSE, using two instances of the same browser (two Firefox or two Mozilla, but not two IE) avoids the issue; the history book seems to be shared by the two instances.
Log in as Admin and expand “Particion y replicas” in the left hand pane. Click “Ver la informacion de la particion,” then Object selector button. Click context link, and then click “Acceptar.” The wrong (US instead ESP) date/time format in the 'Last successful sync' appears. (Ultima sincronizacion satisfactoria) and 'Last attempted sync' (Ultimo intento de sincronizacion) rows.
Do not uninstall Identity Manager modules. This breaks iManager, and you will have to re-install.
If you install iManager on a Linux operating system in a language other than English, run the install.sh file to start installation. Use either an X-Windows console or a console that can display your preferred language.
When the Search identity is changed to a non-admin user and Test Filter is clicked (Entitlement Policy Wizard > Entitlement Policy List > New > Test Filter), the user is prompted for a password but is unable to authenticate. A login failure message appears instead.
You must import your own certificate. Use the instructions at http://www.novell.com/documentation/imanager20/imanager20/data/am4ajce.html and refer to following default locations for your platform:
NetWare: sys:java\lib\security\cacerts
Linux: /opt/novell/java/jre/lib/security/cacerts
Windows: C:\Program Files\Novell\jre\lib\security\cacerts
Solaris: /opt/novell/jre/lib/security/cacerts
HP-UX: /opt/java1.4/jre/lib/security/
The iManager authentication does not work using contextless login with alias objects for the username. You must use the full context to the alias object for the username. For example, alias of admin.novell.
If you are using Linux User Management (LUM), when you rename an eDirectory user object, you must also change the uniqueID attribute of that user object so that LUM continues to function with the renamed user object in eDirectory.
You cannot add third party VPN servers to a site-to-site VPN network if you are runnng the BorderManager 3.8 SP3 plug-ins on an iManager 2.5 server.
iManager’s session timeout is controlled by the Tomcat session timeout setting. If you want to change this, see theTomcat documentation.
After an install on a Solaris 9 server (all defaults), launching the /etc/init.d/imgr start (which really launches the /var/opt/novell/httpd/bin/apachectl startssl), the following message appears:
starting Apache2 for iManager...[Thu Feb 17 12:33:59 2005] [crit] [Thu Feb 17 12:33:59 2005] file vhost.c, line 189, assertion "rv == APR_SUCCESS" failedAbort - core dumped
For more information on this issue seeiManager TID #10096267.
You might receive error messages while installing iManager 2.5 remotely from a Microsoft Windows workstation to a NetWare 6.5 SP3 Overlay server or NetWare 6.5 OES Overlay server.
On the server logger screen, you might see that INSTPROX.NLM is not found, and an error message from the remote install on the Windows workstation saying that an error has occurred connecting to the target server.
To remedy this problem, find INSTPROX.NLM on the server (probably in sys:\ni\nis30\bin) and copy it to the install directory located in the extracted iManager 2.5 installation directory. Restart the iManager 2.5 installation.
If iManager 2.5 is installed before eDirectory, the iManager login might fail and Tomcat might crash.
Workaround: delete the following directory and restart tomcat.
Linux: /var/novell/nici/100/
Solaris: /var/novell/nici/60001/
HP-UX: /var/novell/nici/30/
To restart Tomcat:
Linux: /etc/init.d/novell-tomcat4 start
Solaris: /etc/init.d/imgr start
HP-UX: JAVA_HOME=/opt/java1.4 su www /opt/hpws/tomcat/bin/startup.sh
Before you install iManager 2.5, download JVM 1.4. The iManager installer detects JVMs on your machine and selects JVM 1.5 by default, if it’s there. However, this version won’t compile JSPs on iManager 2.5.
During the install process, when the Detection Summary appears, select JVM 1.4.
If JSPs won’t compile on iManager 2.5, it might be using JVM 1.5. If it is, you must replace this version with JVM 1.4 and reinstall iManager. Although iManager automatically selects JVM 1.5 during the install process if it detects JVM 1.5 on the server, this particular version won’t compile JSPs on iManager.
During the upgrade process, the iManager 2.5 installer removes the Tomcat4 directory if it cannot detect that Tomcat is already installed. The 2.0.2 installer installs enough Apache files for the 2.5 installer to determine that Apache is installed, so that it does not try to reinstall Tomcat.
The upgrade is seamless in that the Tomcat setup from 2.0.2 remains the same: Tomcat functions as both Web server and servlet container. The installation displays Apache as being installed on the detection summary screen, when, in fact, it is not. Simply ignore this and continue through the installation.
114862
After upgrading to eDirectory 8.8 on NetWare, you cannot log in to a remote tree through iManager. Workaround: add the following to the beginning of sys:\system\Autoexec.ncf:
env NDSD_TRY_NMASLOGIN_FIRST=true
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.