August 25, 2006
1.0 Issues
Resolved in Support Pack 2
2.0 Issues
Resolved in Maintenance Update 1
3.0 Changed
Files
4.0 Downloading and Installing an
iManager Support Pack
5.0 iManager 2.6 Support Pack 2 does not show
up as an update under Available Plug-in Modules
6.0 Using different IP
addresses for NCP and LDAP interfaces
7.0 "HideLoginFailReason" setting for iManager 2.6
Support Pack 2
8.0 Tomcat crashes after
installing Support Pack 2 on Linux
9.0 Error
installing the Support Pack on HP-UX
10.0 Legal
Notices
Note: As of iManager 2.6 Support
Pack 2, we will no longer be calling updates to iManager "Maintenance
Updates". They will be referred to as "Support Packs".
The following issues were resolved in Support Pack 2:
Fix (Integer-syntax IS-PRESENT) filter in Advanced Selection.
Handle big filter in Advanced Selection.
Do not interpret * as a wild card character in contextless
login. Security issue.
Add security option in config.xml to hide specific reason for
login failure. (Authenticate.Form.HideLoginFailReason. See
Section 7.0 for more details)
Allow auxiliary classes on a template object to be inherited.
Display object name to be deleted in the confirmation message.
Fix display of read-only radio buttons.
Fix handling of multi-valued read-only string. Prevent
editing in IE.
Add support for eDir 8.8.1 feature allowing different NDAP and
LDAP IP addresses. (See Section 6.0 for more details)
Fix "shift-click" message truncation
in Multi-Object Selector
The following issues were resolved in Maintenance Update 1:
Fix bug causing Object Class to display blank in the Other page.
Fix handling corrupted rank cookie.
Fix View Objects problem with Firefox 1.5.
Fix reset intruder detection counter when lockout is cleared for users.
Fix custom roles and tasks not being sorted in the "Roles and Tasks" view.
Fix web module update code to compare npm versions correctly so all updates appear.
Fix npm install message for Japanese.
Fix bug in DClient where connections build up and are not released.
Fix problem where login with expired password does not prompt for new password.
Fix long delay when setting a password that violates password policy.
The following files have been changed in this support Pack.
NOTE: File
paths are relative to the ".../Tomcat/webapps/nps/"
directory.
/WEB-INF/lib/eMFrame.jar.20060825
/WEB-INF/lib/iManagerBase.jar.20060825
/WEB-INF/lib/jclient.jar.20060825
/portal/modules/dev/javascripts/exchanger.js.20060825
/portal/modules/fw/javascripts/ObjectView.js.20060825
/portal/modules/fw/skins/default/devices/default/About.jsp.20060825
/portal/modules/fw/skins/default/devices/default/AsyncProgress.jsp.20060825
/portal/modules/base/skins/default/devices/default/pShared_IntruderLockout.jsp.20060825
/WEB-INF/bin/windows/jclient.dll.20060825
/WEB-INF/bin/windows/dclient.dll.20060825
/WEB-INF/bin/windows/sal.dll.20060825
/WEB-INF/bin/windows/spmdclnt.dll.20060825
/WEB-INF/bin/linux/libJClient.so.1.0.0.20060825
/WEB-INF/bin/linux/libndssdk.so.1.0.0.20060825
/WEB-INF/bin/linux/libsal.so.1.0.0.20060825
/WEB-INF/bin/linux/libsch.so.1.0.0.20060825
/WEB-INF/bin/linux/libspmclnt.so.20060825
/WEB-INF/bin/solaris/libJClient.so.1.0.0.20060825
/WEB-INF/bin/solaris/libndssdk.so.1.0.0.20060825
/WEB-INF/bin/solaris/libsal.so.1.0.0.20060825
/WEB-INF/bin/solaris/libsal_psr.so.1.0.0.20060825
/WEB-INF/bin/solaris/libsch.so.1.0.0.20060825
/WEB-INF/bin/solaris/libspmclnt.so.20060825
/WEB-INF/bin/hpux/libJClient.sl.1.0.20060825
/WEB-INF/bin/hpux/libndssdk.sl.1.0.20060825
/WEB-INF/bin/hpux/libsal.sl.1.0.20060825
/WEB-INF/bin/hpux/libsch.sl.1.0.20060825
/WEB-INF/bin/hpux/libspmclnt.sl.20060825
/portal/modules/dev/javascripts/TC.js.20060825
/portal/modules/dev/skins/default/devices/default/TCFull_inc.jsp
/portal/modules/dev/skins/default/devices/default/MVStringEditor_inc.jsp
/WEB-INF/lib/AdminNamespace.jar.20060825
/portal/modules/fw/skins/default/devices/default/DelObject.jsp.20060825
/portal/modules/fw/skins/default/devices/default/MoveObject.jsp.20060825
/portal/modules/fw/skins/default/devices/browser/OS/BrowseResultsTitleMS.jsp.20060825
/portal/modules/fw/skins/default/devices/browser/OS/SearchResultsTitleMS.jsp.20060825
/portal/modules/fw/skins/default/devices/default/InstalledNPM.jsp.20060825
/portal/modules/fw/skins/default/devices/default/ModulesToInstall.jsp.20060825
/portal/modules/fw/skins/default/devices/default/MVStringEditorOrderDlg.jsp.20060825
/portal/modules/base/help/en/crtuseracct.html
/portal/modules/base/help/en/pshared_passwordrestrictions.html
/portal/modules/base/help/en/schemacreate_attr_wizard_name.html
/portal/modules/base/help/en/schemacreate_class_wizard_name.html
IMPORTANT: Various files in the ".../Tomcat/work/standalone/localhost/nps/" folder will be changed due to the application of the support pack, including many of the compiled JSPs. If you want to restore your system back to the pre-support pack state, do one of the following:
1) Backup the ".../Tomcat/work/standalone/localhost/nps/" folder before installing the support pack and restore it when removing the support pack.
2) Delete or rename
this folder when removing the support pack, which will force
the .JSPs to be compiled as needed.
IMPORTANT: iManager support packs do not make a backup of files replaced. The only way to roll back to a previous state is to backup all modified files before applying the support pack and then manually restoring the backed up files.
Also, iManager support packs must be installed on all iManager servers in your environment. Support packs do not automatically replicate to other iManager servers in your tree. To see if the support pack has been installed on the server, view the iManager information page by clicking on the words "Novell iManager" in the upper-left corner of the iManager application window.
NOTE: After you install the iManager support pack,
iManager will be non-functional until you restart Tomcat.
Do not install this support pack if you are unable to restart
Tomcat at the same time.
To download and install an iManager support pack:
EXTRACT THE FILE
For Windows and
Netware servers use a windows decompression utility that supports
tgz, (i.e. WinZip) to extract iman26sp2.tgz to a temporary directory
either on the workstation or on the server.
For Unix servers,
use gzip and tar to decompress and extract the tarball to a temporary
directory on which the patch will be applied.
(i.e. gzip -d -c
iman26sp2.tgz | tar xvf - ). Linux users can use tar -zxvf
iman26sp2.tgz.
NOTE: Support pack files, like plug-ins,
are packaged in modules (NPMs). Those
modules are capable of containing one or more support packs.
This Support Pack is a cumulative patch and includes
all fixes from previous Support Packs.
Log in to iManager.
Click the Configure button.
Click Plug-in Installation > Available Novell Plug-in Modules
Click Add and browse to the sp_iman26.npm file, then click OK.
Verify that the Module is sp_iman26.npm and the Description reads "Support Pack 2 for iManager 2.6"
Select the checkbox next to the support pack file sp_iman26.npm and click Install.
This install may take a few minutes.
NOTE: Internet
Explorer may append a .ZIP extension to the .NPM when it is downloaded.
IE may actually remove the .npm extension and
replaces it with .zip. The extension must be .npm or the install
will refuse to upload the
file.
Click Close and Restart Tomcat.
NOTE: Tomcat sometimes requires several minutes to fully initialize. Wait a few minutes before trying to log into iManager after restarting Tomcat.
PLATFORM |
RESTART COMMAND |
NetWare® 6.5 |
Enter TC4STOP. Wait at least 1 minute, then enter TOMCAT4 to start the service again. |
Windows* |
Stop and start the Tomcat service. |
Solaris* |
As root enter /var/opt/novell/tomcat4/bin/shutdown.sh, then enter /var/opt/novell/tomcat4/bin/startup.sh. |
HP-UX* |
As root enter /opt/hpws/tomcat/bin/shutdown.sh, then enter /opt/hpws/tomcat/bin/startup.sh. |
Linux |
Enter /etc/init.d/novell-tomcat4 stop, then enter /etc/init.d/novell-tomcat4 start. |
Mobile iManager |
Close Mobile iManager and re-open Mobile iManager |
Verify that the new support pack has been installed.
This can be done by checking the log file located in the webapps/nps/WEB-INF/changelog directory or by viewing the list located on the iManager information screen (click "Novell iManager" in the upper-left corner of the application window).
If you are trying
to download support pack 2 for iManager 2.6 from the Internet and
iManager 2.6 Maintenance Update 1 is NOT installed, the iManager 2.6
Support Pack 2 plug-in will not show up as an update. It will
only show up as a new plug-in. You must have the option to "Show
every available Novell Plug-in Module (NPM)" checked on the Plug-in
Download tab of the Configure iManager task under the iManager Server
role on the Configuration page for Support Pack 2 to show.
iManager 2.6
Support Pack 2 adds support for using different IP addresses for a
server's NCP and LDAP interfaces. When iManager creates an LDAP
connection to eDirectory, it reads the "ldapServer" attribute of the
NCP Server object to get the name of the LDAP Server object. Then
it reads the "ldapInterfaces" attribute of the object to get the IP
address that is used for the LDAP connection. However there is a
problem in eDirectory 8.8 and 8.8 SP1 where the ldapInterfaces
attribute is created with an invalid empty value. In other words,
the value is present but empty, which should not happen.
iManager's architecture cannot represent such values. Consequently, you
cannot delete the value directly.
As a workaround, you can edit the value on the Other tab/page, replacing it with any string. With valid data it may be deleted or modified just like any other attribute.
In versions of iManager prior to iManager 2.6
Support Pack 2 there was a potential security risk of giving away too
much information during a login failure. Examples of this
information are:
- Invalid Username (-601)
- Incorrect password (-669)
- Expired password or disabled account (-220)
In iManager 2.6 Support Pack 2 we can now configure to catch each of
these errors and simply output "Login Failure". Any error other
than these three will still display the same as before, including any
server connection-type problems.
By default, the setting is turned off meaning that the errors will
be displayed as shown above. To enable the setting and "hide" the
error messages, you will need to modify the CONFIG.XML file located in
the webapps/nps/WEB-INF directory and add the following setting.
The location of this setting in the CONFIG.XML file is not critical.
<setting>
<name><![CDATA[Authenticate.Form.HideLoginFailReason]]></name>
<value><![CDATA[true]]></value>
<setting>
One the CONFIG.XML file has been modified, Tomcat will need to be
restarted for the changes to take effect. Follow the procedures
to restart Tomcat in Section 4.0 above.
After installing iManager 2.6 Support
Pack 2 on Linux, Tomcat may crash while attempting to close and log out of iManager or it will display java exception
errors during the shutdown of Tomcat. Since restarting Tomcat is a required step after installing the Support Pack, this does not affect the
installation of the Support Pack and Tomcat will start up just fine
afterwards and the Support Pack will be fully functional.
If you install the support pack on
iManager 2.6 running on HP-UX, you will get a message that states the
installation completed, but the sp_iman26.npm stays in the
list of Available Plug-in Modules. If you look in catalina.out it
will report:
installing iMan26.npm...
launchExec command: /opt/java1.4/jre/bin/java -Djava.awt.headless=true
-jar
/opt/hpws/tomcat/webapps/nps/WEB-INF/bin/iManagerModuleInstall.jar -f
/opt/hpws/tomcat/webapps/nps/WEB-INF/bin/install.properties -i silent
Error occurred during initialization of VM
java.lang.Error: Properties init: Could not determine current working
directory.
launchExec: /opt/java1.4/jre/bin/java -Djava.awt.headless=true -jar
/opt/hpws/tomcat/webapps/nps/WEB-INF/bin/iManagerModuleInstall.jar -f
/opt/hpws/tomcat/webapps/nps/WEB-INF/bin/install.properties -i silent
failed.
Return code = 1
To get around this issue, do the following:
1. Shutdown Tomcat
su root
/opt/hpws/tomcat/bin/shutdown.sh
2. Delete the portal directory located in
/opt/hpws/tomcat/work/Standalone/localhost/nps/portal/
su root
rm -r /opt/hpws/tomcat/work/Standalone/localhost/nps/portal
3. Start Tomcat as the www user
su www /opt/hpws/tomcat/bin/startup.sh
4. Login to iManager 2.6 and follow the normal steps to install the
sp_iman26.npm module.
5. After the patch is installed. Shutdown Tomcat.
su root
/opt/hpws/tomcat/bin/shutdown.sh
6. Unzip the sp_iman26.npm file to a temporary directory
of choice.
unzip sp_iman26.npm
7. Copy the <temporary_directory>/currentwebapp/WEB-INF/bin/hpux
directory to /opt/hpws/tomcat/webapps/nps/WEB-INF/bin/
cp -Rp <temporary_directory>/currentwebapp/WEB-INF/bin/hpux
/opt/hpws/tomcat/webapps/nps/WEB-INF/bin/
8. Change the ownership and permissions of the copied files.
chown www:other /opt/hpws/tomcat/webapps/nps/WEB-INF/bin/hpux/*
chmod +x /opt/hpws/tomcat/webapps/nps/WEB-INF/bin/hpux/*
9. Start Tomcat
su www /opt/hpws/tomcat/bin/startup.sh
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
All third-party trademarks (*) are the property of their respective owners.