Novell is now a part of Micro Focus

Cool Solutions


Contact vscheuber
Member since 1/3/2007


No author bio information

User Points

1475 points earned on legacy (former) Cool Solutions site
0 points earned on this site

Author Archives

securing designer projects


November 27, 2006 11:25 am



security As we extend designer’s offline capabilities, people will be storing more and more sensitive data in their designer projects. Many consultants are taking their customer’s data – stored in designer projects – out of the protected networks and buildings. Business logic, processes, passwords, IP addresses, administrator phone numbers, email addresses and more. how is designer going to protect your and your customer’s data?We are investigating for our Designer 2.1 release how we can better protect sensitive information in Designer projects. Sensitive information is not only passwords but also business logic and address and contact information that you may have stored in Designer. So far on our list of data that needs enhanced protection are:

  • Passwords
  • IP addresses
  • Contact information
  • Password protect a complete project

In your mind, what other information do we need to (better) protect in order to serve you best?

+read more

size matters?


September 29, 2006 3:21 pm



i remember, in my high school days, once spending most of my money that i earned during a school break period on a new 20MB hard disk for my PS2 computer. since then the world has dramatically changed as far as storage capacity is concerned. but still i keep asking my self: does size really not matter anymore? our current designer build is >400MB in size! please help me understand how this affects your usage of designer.i would like to know whether:

– you don’t care because you have a broadband internet access and assume the rest of the world has it, too

– you think it’s pretty big but you still download it whenever you need it, even once a day if necessary

– you don’t download as often as you used to when it was less than 200mb in size

we want the designer community to keep downloading the latest nightly and milestone builds so that we get the necessary feedback to improve our product. if the size keeps you from following us from milestone to milestone, this is a serious problem for our development model which relies on you downloading our latest builds.

please provide us honest feedback and, if you want, ideas how to improve.

+read more

data analysis and compliance – hype or trend?


September 25, 2006 10:15 pm



why should it be important to an enterprise it department to have full control and certainty over the state of identity and access related data in the company? what kind of data analysis do you need to gain control and certainty over the state of your company’s data? is this all a big hype to warm up the market or are we facing a real problem here? what – by the way – is “compliance”?i think i stated earlier in this blog that i spend my first five years at novell in consulting and delivered tens of identity management projects. one thing that always amazed me was how quickly user experience was put over security. i guess everybody has realized by now that security has its price and it usually does not only come in the national currency for software licenses and service fees but also in the form of opportunity costs from more complicated user interfaces, processes and hardware.

i also found that larger corporations were more security sensitive than smaller corporations and the same is for richer versus less rich corporations. i got the impression that security is a luxury good that not all companies could or wanted to afford. an article in the costco connection made it very clear where this can lead to: universities very often don’t have the same budget as larger corporations and therefore have become a – or i should say THE – preferred target for hackers around the globe. identity theft starts with any kind of identity information being stolen. it’s not just your records at your bank that have to be protected. hackers get what they need from numerous sources.

ok, that was a lot of blabla you heard a hundred times already. if you heard it already for a hundred times, i would like to pick your brain and learn from you what actions you have taken to secure your data and you monitor that your actions are effective. i leave it up to you to hope it was only a hype or to believe it is a trend.

usually people associate the word compliance with government regulations like Sarbanes Oxley, HIPAA or 508. but compliance starts long before that. compliance starts where you want it to start. you define rules and strategies how your data should look like to serve its purpose (security related or other). monitoring your data and detecting rule violations is what allows you to find out whether your data is in compliance with your own regulations. if your data and processes can’t follow your own rules, how can it be expected to follow the rules of a complex regulation?

last year at brainshare we showed you a new tool to gain control over your data. six months later, the develpment team releases milestone 0 of a new product called enforcer for novell identity manager. read more about enforcer 1.0m0. m0 is only the first step in enforcers developmen cycle. help us identify whether we are on track and give us your feedback.

+read more

heads down


September 1, 2006 10:05 am



howdy! the designer crew has been quite busy getting ready for m4. here is what you can expect to see next week:the 2.0m4 release is focused on quality. changes and improvements have been made in the following areas:

  • application framework
    • access user application from modeler tools menu
    • there is now a new preference page to gather imanager url information
    • Lots of fixes to documentation with content, broken links, etc.
    • Included driver config for Legacy Workflow
    • Fixed issues with installing Designer on servers that have eDirectory 8.8
    • bug fixes
  • configuration management
    • we have added two additional fields on the general driver properties page: configuration file and supported dn format
    • the html editor inside email template editor now offers a context menu that allows you to quickly edit and format the content
    • bug fixes
  • document generator (docgen)
    • the xml editor inside document generator style editor now provides code validation, code completion and context menu actions
    • work has been done to make the rtf document more readble. this includes a cleaned-up table of contents, better table formatting, and fixed indentation problems
    • when generating documentation on a identity vault, driver, driverset or application, the default name for the document will be the name of the item you have selected
    • bug fixes
  • enterprise modeler
    • the following drivers and driver configs have been added:
      • LinuxUnix – this is the default for AIX, Debian, FreeBSD, HP-UX, Linux, RedHat, Solaris, and SUSE.
      • i5OS – this replaces IBM’s OS400 driver and driver config.
    • all the applications under the operating system folder will default to using remote loader when you drop them in the modeler without running the driver config wizard. this just gives a better default configuration.
    • bug fixes
  • Enterprise Modeler Outline View
    • bug fixes
  • import/deploy
    • bug fixes
  • policy view and simulation
    • bug fixes
  • policy builder
    • bug fixes
  • project view
    • you can now open the files under the resources folder using various supported editors. right-click on the file and choose the “open with” sub-menu to see which editors are supported
    • bug fixes
  • provisioning view
    • bug fixes
  • provisioning request definition (=workflow) editor
    • a new general purpose mapping activity can now be added into the workflow. this mapping activity is used to transform data in between activities to make the flow more maintainable instead of having all data transformation within other activities
    • users can create loops for more complex workflows
    • we now include a zoom control to manage size of the objects on the canvas as well as a scale control to manage placement
    • we now show icons on links to more easily grasp the details of a workflow
    • bug fixes
  • direcory abstraction layer
    • bug fixes
  • xml editor
    • the xml editor is now built on the Eclipse Web Standard Tools (WST) project architecture. as a result, the ui has changed significantly and several additional and/or improved features are available.
      In general, this change allows us to provide a more feature rich and better tested xml editor since we can leverage the work of the WST project and don’t have to re-implement everything ourselves.
    • the source editor supports the following features:
      • syntax highlighting
      • context-sensitive code-completion based on DTD and/or xml schema. The code completion is based on the existing content of the xml document if no DTD or xml schema is associated with the xml document. For example, when code completion is activated and the XML document contains once you type the second , the editor suggests that you add b as a child of the a element
      • as-you-type validation. If the xml is invalid (for example, the > is removed from a tag), the editor indicates the error
      • code folding
      • formatting of entire document or selected elements
      • general text editing operations such as undo, redo, cut, copy, paste, select all
    • the tree editor supports direct editing of attribute values, comments, text nodes, CDATA, etc. as well as insertion and deletion using the right mouse menu.
    • the new xml wizard allow you to create either an empty xml file or a file containing skeleton data based on a DTD or xml schema
    • several new preference pages are available for the XML editor

a complete list of changes can be retrieved from subversion.

+read more

news from the identity management front


August 10, 2006 8:07 pm



high tech

i’m all excited about two new features that we have started r&d on for designer 2.0.

two weeks ago we started active r&d on snapshotting and staging. both are enterprise-class features that will greatly help everyone working with novell identity manager.

snapshotting will allow the user to take snapshots from a designer project either locally or, if she/he works in a project team, on a snapshot server. this will provide two main benefits: it will team-enable designer and will provide sophisticated backup and restore capabilities. i know that many users have begged for this and now i can say: we’re working on it.

staging will support the user or a whole project team to take a solution from one stage to the next. all projects operate at least on two stages: test environment and production. some even take a three stage approach and devide development and test into two environments. the challenge has always been how to manage to get a finished and tested solution from the development and/or test servers into production without forgetting a switch here and a flag there and how to do it fast and efficient. staging will address this issue.

if you feel strongly about any of these two features, get a discussion going!

i almost forget to mention: we posted TID3351724 which contains the official list of fixes that were rolled into idm 3.0.1.

+read more

the important things in life


August 10, 2006 7:50 pm




it’s been a while since my last post. i’ve been pretty busy working on some new exciting stuff to come in the near future and took care of some things that really matter in and a half weeks ago, it was a sunday afternoon, a terrible accident happend in eastern utah. a young family was washed away in their ford bronco when a twenty feet flash flood rolled down a wash near price. two of the three little kids died in the flood, the mother was able to save their three year old daughter. a five year and a one year old boy were called from this world that day. the five year old was stuck in the car and the one year old was washed away and is still missing.

i am deeply touched and feel so sorry for this family and their little loved ones. when i went down to price with a couple of neighbors to help search for the missing baby last sunday, i was again touched by the many voluntary helpers who had followed the same call. a very professionally organized rescue operation was taking place there for over a week. in that time two other flash floods came down that wash and heavily complicated the operation.

down there i remembered what really matters in life: family, fellowship and a strong faith.

+read more

changes in idm 3.0.1 (idm sp1)


July 26, 2006 10:10 pm



magnifier you asked me to give a little more details on what 3.0.1 really is. here you go with an as complete list as possible:

the main purpose of sp1 was to get localization and fixes out. there is only one new feature that was introduced with sp1. a published list of what’s new can be found in our documentation. the list that i put together here shows some more details and will be published as a TID, soon.

new feature – credential provisioning

the new credential provisioning allows you to provision credentials into Novell’s Secret Store or an external credential repository. using credential provisioning you will be able to 100% provision a new user including all its passwords for numerous applications. then you pass the new user his main password to login to his workstation and that’s it. because you have provisioned his credentials into the Secret Store, the new user can now seamlessly access Group Wise, Lotus Notes, web pages, whatever you have set up for him, through Novell Secure Login (or another single/seamless-sign on application).


the designer part is much easier for me because we have our bugzilla database open to the public. this way you can easily create a changelog for yourself by running the appropriate query. to get all the bugs (remember that bugs are not always bugs) we fixed for 1.2 run this query.

the key benefits are:

  • Full support for Credentials Provisioning
    • Create Credential Repository
    • Create new Credential Provisioning Application
    • New actions in Policy Builder (these are in the iManager plug-ins, too)
      • clear SSO credential
      • set SSO credential
      • set SSO passphrase
  • Live browse, view, and edit any eDirectory object
  • Provisioning work flow Editor creates new custom work flow topologies
  • Generate doc in editable RTF format
  • Generate doc on just selected items
  • Remote control desktops where applications are running
  • New project checks
    • Check for local variables in policies
    • Filter and Schema Map Check
    • Public and Private Key should not be in the filter with npsmDistributionPassword at the same time
    • Check if all the classes and attributes in schema map exist in eDirectory schema
    • Make sure the Authentication Method for the AD Driver is set to “gotiate” when synchronizing passwords
    • Check if the syntax of container names in the AD driver policies is valid
  • Discovery and modeling of AD Domain Controllers
  • Start, stop, and status all drivers on driver sets and vaults
  • Deploy certificates for eDir-to-eDir drivers
  • Lots of new main menus and simplified context menus
  • Built-in HTML viewer/editor for Notification Templates


  • Installation: added Japanese
  • Meta Directory Engine: added Japanese
  • iManager Plug-Ins: added Chinese Simplified, Chinese Traditional, Japanese
  • Administration Guide: added Chinese Simplified, Chinese Traditional, Japanese
  • Driver Guides:
    • Active Directory: Chinese Simplified, Chinese Traditional, Japanese
    • Delimited Text: Chinese Simplified, Chinese Traditional, Japanese
    • eDirectory: Chinese Simplified, Chinese Traditional, Japanese
    • Exchange 5.5: Chinese Simplified, Chinese Traditional
    • GroupWise: Chinese Simplified, Chinese Traditional
    • JDBC: Chinese Simplified, Chinese Traditional, Japanese
    • LDAP: Chinese Simplified, Chinese Traditional, Japanese
    • Lotus Notes: Chinese Simplified, Chinese Traditional, Japanese
    • SOAP: Chinese Simplified, Chinese Traditional

meta directory engine

  • If the driver parameters XML references a named password and the named password has not been defined for the driver, then the driver should receive a blank password at startup. Prior to this fix, the driver received the name of the named password instead.
  • The Identity Manager Engine and Remote Loader can now be used with key pair files generated by Novell Audit’s audcgen utility.
  • When many drivers are all set to auto start on a single server there was the possibility that one or more of the drivers wouldn’t start due to resource contention. Now drivers are started one at a time, with the Identity Manager Engine waiting until a driver has reported that it is started before starting another driver.
  • When a driver has been stopped for a long time the driver cache data can build up to a large size. Previously, when 1 MB of data had been processed from the cache the data would be physically purged. The purge process is potentially expensive because it involves physical disk writes. The purge algorithm has been changed such that up to half the cache data will be processed before the cache is physically purged.
  • When an eDirectory move replicated to an IDM server that did not previously contain a replica or at least an external reference to the moved object, the IDM engine would not generate any events on the publisher channel. Changed so that at least a sync event will be generated.
  • A modify-password command submitted to the subscriber channel would perform a verify password operation to verify that the password was really different in order to avoid loopback problems and extra events. This caused two problems: a verify password operation that fails causes a) a 3 second delay (a huge performance hit); and b) the intruder lockout count to be incremented. Changed algorithm so that password verification happens by comparing against current value of nspmDistributionPassword instead.
  • Conversion of a 1.x style rule that contained non-standard elements to a DirXML Script policy caused those non-standard elements to be copied verbatim to the policy, causing it to be unusable.
  • Added do-set-sso-credential, do-set-sso-passphrase, and do-clear-sso-credential actions to DirXML Script to support integration with NSL and SecretStore.
  • Removed restriction disallowing moving of an eDirectory object from a partition with a replica on the IDM server to a partition with no replica on the IDM server.
  • The DirXML Script processor was getting confused by an input element being embedded somewhere underneath an output element. This was a problem in particular for the JDBC driver, which embeds the complete input document inside the corresponding status element it returns in the the output document.
  • Filtering out of notify attributes is now working when applied to the result of a merge.
  • Added new engine control that controls the setting of creatorsName attribute for objects being created on the Publisher channel. This was done because of the performance penalty. If the control is is set to true, then the creatorsName will be forced to the DN of the driver. If set to false, then the createorsName will be the DN of the server object hosting the driver. Default for the control is false, whereas the old behavior was true. The change was made because setting creatorsName has to be done in a separate eDirectory transaction which can cut publisher channel add performance in half.
  • IDM reported a -603 when it goes remote for home directory creation because the connection to the remote server was not authenticated.
  • Auxiliary classes that are inherit from Top were not added automatically to an add operation because the mandatory attribute Object Class is not usually explicitly present in the add operation.
  • Documentation
    • Added documentation for Credential Provisioning policies.
    • Updated IDM 3 Entitlements documentation
    • Updated documentation to cover install of IDM on non-root install of eDirectory.
    • Updated Documentation with instructions how to upgrade from 1.1a to IDM3
    • Updated readme on NMAS Method Install FAILING on Solaris/AIX/Linux with eDirectory 8.7.3
  • Fixed the issue where the Novell Audit event definition file for Identity Manager caused an error when the Novell Audit 2.0 plugin for iManager was used to browse the Identity Manager Log Application object.
  • Addressed installer issues on AIX
  • Addressed installer issues when installing Secret Store
  • Role-Based Entitlements
    • DirXML-EntitlementResult attributes should be cleaned up automatically
    • Driver now handles static includes/excludes
    • Corrected mispelled attr name excludedMember (was exludedMember).
    • Non-user classes were not allowed in the Role-based Entitlements plug-in for iManager. If you entered the class manually, a warning appeared. This has been corrected by adding non-user classes to the subscriber filter list in the plug-in. The warning no longer appears.
    • The RBE plug-ins no longer require that a driver have a manifest to be considered for entitlements.
    • Non user classes are now automatically added to the Entitlement Service Driver’s subscriber filter.
  • iManager Plug-Ins
    • The User Profile pages no longer generate unexpected ClassCastException errors.
    • The driver wizard now creates default engine control values on new drivers.
    • The hint at the bottom of the New Policy task now shows the correct Role and Task names for the IDM Overview.
    • The filter generated for the Entitlement Service Driver by the RBE plug-ins now include the DirXML-SharedProfile class and Member and excludeMember attributes. This change allows for proper handling of changes to an RBE profile’s static or dynamic membership list.
    • Role-Based Entitlements: Re-evaluate membership – warning if driver is stopped
    • Pressing the “Close” button in the “Edit eMail Templates” page when it is invoked from the “Forgotten Password” property page does not close the “Edit eMail Templates” page.
    • If an error occurs assigning a password policy to a container an error message is now displayed to the user.
    • In the “Password Policy Summary” property page, the value displayed for some of the password policy options is now correct.
    • The provisioning plug-ins now correctly handle localized strings that use both a language and country code.

integration modules

  • Active Directory
    • Documented the effects of restoring any AD objects and what happens to the associated Identity Manager objects.
    • Document changes for 1.1a to 3.0 upgrade on the AD Driver
    • Added documentation about how Active Directory accounts expire and how it differs from how Identity Vault accounts expire.
    • Fixed Broken links in AD doc
    • Preconfiguration does now have DirXML-ADAliasName mapped for Group
    • Preconfigured Driver no longer attempts to set illegal attribute
    • Subscriber matching rule no longer fails on non-user objects.
    • Subscriber create rule no longer fails due to the application attributes not being available.
    • Subscriber transform rule “map fullname” no longer fails due to an extraneous “CN=” being appended.
    • Subscriber matching rule “Match Users Based on Full Name” no longer does an incorrect query.
    • Ability to totally disable the password sync portion of the driver. This allows multiple instances of the ADDriver to exist on the same computer when one instance is configured for synchronizing passwords.
    • Fixed bad variable comparison in default publisher event transformation policy
  • Lotus Notes
    • The Notes Driver can add Replication entries to newly created mailfiles (Windows platform only).
    • The Notes Driver publisher channel now honors different format selections for publishing src-dn and old-src-dn attributes. Options are: NOTES_TYPED, NOTES, SLASH_TYPED, LDAP_TYPED, LDAP, DOT_TYPED, DOT
    • child element of command is now honored for setting the HTTPPassword field for non-registered (non-certified) user’s.
    • Fixed erroneous retry loop caused when element was processed under certain circumstances.
    • Improved mailfile filename creation and collision detection logic.
    • NotesDriverShim now appropriately handles HTTPPassword creation when a password value contains special characters such as double-quote (“).
    • NotesDriverShim query processor now appropriately handles search values containing special characters such as backslash (‘\’).
    • NotesDriverShim no longer displays httpPassword values in clear text.
    • Updated the sample Notes dirver configuration file (Notes.xml) to reflect the appropriate typcase for attribute “Internet EMail Address” instead of the inappropriate typecase of “Internet Email Address”
  • JDBC
    • Fixed JDBC Connector Child Table Insert Error
    • JDBC, Spec. V3, fixed auto-generated primary keys problem
    • Fixed JDBC Triggerless Publisher Sending Extraneous Delete Events which may result in data loss.
    • Fixed Triggered publisher not closing batch statements resulting in Oracle cursor exhaustion.
    • Subscriber channel is no longer disabled when filter is empty.
  • Avaya
    • Help for the Avaya PBX Audix Subscriber plug-ins
    • iManager Plugins: A PBX site or workorder container can now include the tree name as part of the slash format DN.
  • User Application
    • Fixed a problem where the User Application Driver would not start
  • Delimited Text
    • Some characters can not be synchronized with DelimitedText Driver in RHEL3 Server.
  • SAP HR
    • When the driver is given permission to “Read” from the SAP HR system on the Publisher channel, previous versions of the driver attempt to validate the effective dates of future-dated events when the future-dated IDocs are processed. This is done by reading the current data instances and comparing the beginning and ending validity dates of the current data with the validity dates for that data in the future-dated IDoc. The driver now contains a “Future-dated Event Validity Checking Option” which enables the Administrator to perform or not perform the validity check.
  • LDAP
    • Parameters were added to the sample LDAP driver configuration that allow the user to define startup behavior when using the LDAP-Search publication method. For example, it is now possible to choose whether the very first poll result will be synchronized if there is no previous poll result to compare with.
    • Queries to the LDAP driver rely on the “namingcontexts” attribute on the LDAP server’s rootDSE being set properly. It often isn’t in early version of Oracle Internet Directory (OID). A driver workaround was made to allow queries and the “Migrate into Identity Vault” option to work properly in those cases.
  • SOAP
    • A configurable subscriber option was added to the sample configurations for the SOAP driver that allow the user to specify HTTP result codes that will return a “retry” status and result in the command being tried again.

user application

still working on this list.

rolled-in patches

  • Active Directory Driver
    • Subscriber “match everything else” Rule configuration was incorrect
    • ADDriver continues to accumulate ldap connections without freeing them.
    • IDM Password sync filter blocks other applications during password changes. This is manifested when high volumes of passwords are being changed through a script while at the same time attempting to change a password through an application such as MMC.
  • JDBC Driver
    • jdbc driver connecting to mssql 2000 not dropping dbaccounts
    • When a JDBC connection goes bad, all other JDBC traffic is stopped. 3 JDBC connectors, 2 Oracle Instances
    • 2.0 driver optimizes out type 1,2 events when type 6 event is present.
  • LDAP Driver
    • Fixed a problem with driver initialization that occurred if it tried to read a schema definition that claims inheritance from a non-existant class. This problem was rare, but occurred with some Oracle Interent Directory classes, such as orclUniqueConfig.
    • A new LDAP SDK is included with SP1 which fixes a problem with LDAP move operations being formed incorrectly at the protocol level. This affected subscriber move commands in the LDAP driver.
    • Character encoding issues have been fixed and improved in the LDAP driver. The problems fixed occurred primarily when interfacing with Oracle Internet Directory (OID).
  • SAP HR Driver
    • The driver allows all Relationships infotype data (Infotype 1001 and all AD extensions) to be obtained on the Publisher channel via two methods: 1) If the field data is in the Publisher filter, all data will be synchronized as the IDoc is processed. 2) The data may be obtained via the RELATIONSHIPS and RELATIONSHIPS-PADxx pseudo-object queries which can be sent from Publisher channel policies.
  • GroupWise Driver
    • GroupWise Driver updated to support GroupWise 7 and GroupWise 7sp1
    • GroupWise sample configuration file (GroupWise.xml) modfied to remove options for mounted file system support when running on Linux
  • SOAP Driver
    • The SOAP driver would sometimes strip SOAP error content from the return, if an error was also set at the HTTP level. The driver has been updated to return both the approprate error code and also the error content if available.
  • Avaya Driver
    • Fix for the issue where eDirectory shuts down and does not restart during Avaya Driver installation on eDir 8.8
  • iManager Plug-Ins
    • In the “Filter” property page if you double click on a class or attribute in the filter the right side of the page does not slide in all the way to the left.
    • In the “Password Policy Summary” property page, the value displayed for some of the password policy options was not correct.
    • The “Check Password Status” task takes a long time when the user you are checking the password status for has pending associations.
    • Null pointer exception when you leave the Password Sync property page when there is not a server associated with the driverset.
    • Unlocalized buttons in the “Edit eMail Template” property page.
    • The “Add Tag” popup is partially hidden when it is displayed in the “Edit eMail Templage” property page.
    • In the “Edit Migration Criteria” dialog there was an unneeded link.
    • In the “Edit eMail Template” property page the “Add Tag” popup is partially hidden by the select control that holds the list of tags.
    • In the GCV property page if the type is dn and the dn format is ldap the ldap name is not created correctly.
  • Documentation
    • PassSync 1.0 will not work by simply adding the policy PassSync(Pub)-Command Transform Policies. Added more documentation on how to make PassSync 1.0 work in and IDM 3.x environment.
    • DirXML 1.1a is not supported on Solaris 9. Documentation says Solaris 7 and up is supported.
    • IDM3 driver doc for remedy is missing most information.
    • Chaptes 6.0 Understanding the Default Driver Configuration
    • Need better information on differences between Bundle Edition and IDM Standard
    • IDM 201 Documentation refers to TID 2969825, but this TID does not exist
    • (DirXML)Password set on AD driver using IDM 3.0 plugin fails with -683 on IDM 2.x engine
  • Regarding password self-service… If a challenge-response question is greater than 128 characters an error would occur in the UserApplication when the user is prompted to enter a response. This was fixed by limiting the length of questions to no more than 128.
  • An error occurs when attempting to create a Driver activity report. Driver Activity is one of the Novell Audit pre-canned reports.

+read more

Identity Manager 3.0.1 and Designer for IDM 1.2 Available


July 19, 2006 10:47 am



smiles in the hassle of getting identity manager 3.0.1 (SP1) and designer 1.2 out, i completely forgot to let you guys know. by now you may have heard through different official channels. in case you haven’t:

  • Identity Manager 3.0.1 is available for download
  • Designer for Identity Manager 1.2 is available for download (and included in the 3.0.1 download)

+read more

the father


July 17, 2006 10:01 am



nick nikols Nick Nikols is taking the position of Vice President of Product Management over the Identity and Security Management business unit.

Before leaving Novell for Burton Group, Nick led the Novell engineering team that delivered Novell’s Identity Management and Provisioning offering (formerly known as DirXML). He was one of the principal inventors of Novell’s DirXML technology and he also invented Novell’s eDirectory Filtered Replication technology.

As a senior analyst with Burton Group’s Identity and Privacy Strategies service for the past 3 years, Nick is recognized as an industry expert in identity and security management. He has published many reports including: Preparing for Directory and Identity Management Deployments, Directory Market Landscape, Windows Server 2003 Active Directory, Identity Integration, Provisioning, Virtual Directory Services, Identity Governance, and Fine-grained Authorization.

Welcome back, Nick!

+read more

the return of the father


July 16, 2006 11:39 pm



jedi the idea of doing automated account life-cycle management and synchronization as a novell product was born about 10 years ago in the father’s head. years before dirxml 1.0 shipped as a consulting only release in 2000. long before provisioning and identity management became industry buzz words. a small team, led by the father, worked on a piece of software that one day would explode in the market with the highest revenue growth rate a novell product ever had before.

novell identity manager 3.0.1, the current flag ship release of novell’s identity management product offerings is the fruit of a brilliant vision, an ingenious and solid base architecture and the hard work of a team of some of the industry’s best developers.

the father left novell a couple of years ago and became a well-known and respected analyst in the identity management industry. today, he is returning. my words cannot express how happy i am to welcome him back here at novell. stay tuned…

+read more


© Micro Focus