For the latest information about Novell® NsureTM Identity Manager 2, refer to the documentation located at the Novell Product Documentation site.
You can view the documentation online in HTML or download a copy in PDF format.
The latest Readme file is also available online at the same location.
If you choose to install the iManager plug-ins for DirXML®, you must provide valid authentication credentials to your iManager server. If authentication fails, you can return to the previous screen, deselect the plug-ins, and continue the installation.
You might also see this error if your iManager server is not running properly. Ensure you can log into the iManager server (http://<host-or-ip address>/nps/iManager.html). If you can log into iManager, try installing the DirXML plug-ins again.
When upgrading from Novell eDirectoryTM 8.6.2 to 8.7.1, an older version of dxevent.dll gets installed. When you try to start a driver, you will encounter the following error, "Unable to start the driver. com.novell.admin.common.exceptions.UniqueSPIException: (Error -783) The DirXML Interface Module(VRDIM) is not currently loaded into NetWare or into DHost."
To fix this problem on Windows, copy dxevent.dll from the NT\DirXML\Engine directory on the CD image to the c:\novell\nds directory on the server.
To fix this problem on NetWare, copy dxevent.nlm from the NW\DirXML\Engine\System directory on the DirXML 2.0 CD image to the SYS:SYSTEM directory on the server.
When upgrading from eDirectory 8.6.2 to 8.7.1, an older version of the dxevent package is installed. The installation begins to copy files, but fails with the following error:
"file /usr/lib/nds-modules/libdxevent.la from install of NDSdxevnt-1.1.1-1 conflicts with file from package novell-DXMLevent-2.0.0-14
file /usr/lib/nds-modules/libdxevent.so from install of NDSdxevnt-1.1.1-1 conflicts with file from package novell-DXMLevent-2.0.0-14
%% Unable to install NDSdxevnt, Exiting..."
To fix this problem, complete the following procedure.
Before running the eDirectory 8.7.1 installer, go to the eDirectory Linux/Setup directory.
Enter rpm -ivh --force NDSdxevnt-1.1.1-1.i386.rpm to do a forced install of the NDSdxevent package. Run the eDirectory nds-install script to remove or replace the eDirectory packages, and perform the upgrade from eDirectory 8.6.2 to 8.7.1.When the eDirectory installation is complete, reinstall DirXML 2.0.
If you upgrade eDirectory on your Novell Nsure Identity Manager server, you might see the following error: "UniqueSPIException error -783:" To resolve this issue, you should log into iManager, in the DirXML Overview remove the server listed for the Driver object, and then re-associate the server to the Driver object.
If you are installing DirXML on NetWare® and do not have JVM 1.4.1 installed, you might see an error stating, "A fatal error has occurred. This program will terminate. You may check sys:\ni\data\ni.log for more details after you dismiss this dialog. Tree not initialized yet..."
You should upgrade to JVM* 1.4.1 to resolve this issue. The JVM is available from Novell Product Downloads.
To uninstall the product, enter <user's home directory>/DirXML/UninstallerData/Uninstall_DirXML. (On Solaris, this directory might be directly off the root partition.)
When you are creating a driver set or shortly after DirXML loads, the ndsd (eDirectory) process shuts down unexpectedly without a core dump. The /var/nds/ndsd.log contains the following message, "Exception java.lang.OutOfMemoryError: requested -569704448 bytes for char in /export1/jdk/jdk1.4.2/hotspot/src/os/solaris/vm/os_solaris.cpp. Out of swap space?" (The exact number may vary.)
To fix this problem, complete the following procedure.
This error might also disappear if you add more memory to the computer hosting eDirectory.
If you manage remote DirXML trees, and use iManager to log in to the other trees, you might encounter errors if you use the server name instead of the IP address of the remote server.
Other considerations:
If you are installing Apollo in a multi-server environment, and use some of the Password Management plug-ins in iManager, you might see an error that begins with "NMAS LDAP Transport Error."
One common cause of this error is that the PortalServlet.properties file is pointing to an LDAP server that does not have the NMASTM extensions that are needed for Apollo. Open the PortalServlet.properties file and make sure the address for the LDAP server is the same server where you installed Apollo.
Other possible causes:
If you are encountering problems with the iManager Set Universal Password task, you need to make sure that the "TLS is required for Simple Bind" setting has been enabled. You set this option by editing the LDAP server object properties in iManager.
This is a requirement only for this task. The portal content builds this SSL connection upon request, but iManager requires it to be done at login.
If you use the Set Universal Password task to set a user's password and you create a password that does not comply with the rules displayed, a warning appears about displaying nonsecure data. If you answer Yes in this dialog box, the page expires and you must refresh the page and resubmit your data.
This is fixed in iManager 2.0.2
If you see an error saying that a Password Policy is not assigned to a user from the Set Universal Password task, and you know that the user does have a Password Policy assigned, SSL might be the issue. Make sure that SSL is configured correctly between the Web server running iManager and the primary tree. To help confirm that SSL configuration is the problem, use the View Policy Assignment task to check the policy for that user. If the View Policy Assignment task displays an NMAS Transport error, this also can be an indicator that SSL is not configured properly.
The following error appears in the Tomcat log file when you authenticate to iManager after installing DirXML 2.0:com.novell.security.nmas.mgmt.NMASPwdException
at com.novell.security.nmas.mgmt.PwdLdapTransport.getPwdPolicyDN(Unknown Source)
at com.novell.security.nmas.mgmt.NMASPwdMgr.getPwdPolicyDN(Unknown Source)
at com.novell.forgotpassword.PostAuthentication.getPostAuthServiceDelegates
(PostAuthentication.java:65)
at com.novell.nps.authentication.AuthenticationManager.processPostAuthenticationServices
(AuthenticationManager.java:366)
at com.novell.nps.authentication.AuthenticationManager.beginPortalLogin
(AuthenticationManager.java:330)This error occurs if an NMAS policy has not been configured and assigned to the user.
The Check Password Status task lets you see whether a user's password in DirXML is synchronized with the password on connected systems.
If you are using the DirXML Driver for eDirectory, and the Password Policy for a user specifies in the Configuration Options tab that the NDS Password should not be updated when the Universal Password is updated, then the Check Password Status task for that user will always show that the password is not synchronized. The password status will be shown as not synchronized, even if the DirXML password and the password on the connected system are in fact the same.
This is because the eDirectory check password functionality is checking the NDS password at this time, instead of going through NMAS to refer to the Universal Password.
If you select the option to update the NDS Password when the Universal Password is updated in the Password Policy (this is the setting by default), then Check Password Status should be accurate for the eDirectory connected system.
If you are upgrading DirXML and the eDirectory driver, you might encounter data synchronization errors if your certificates have expired (or if one of the two certificates has expired.)
If you create a user on the server holding a valid certificate, the user will not be synchronized to the server containing the invalid certificate. You might also see the following error in DSTrace:
SSL handshake failed, X509_V_CERT_HAS_EXPIRED
If you create a user on the server holding an expired certificate, the user will still be synchronized to the server containing a valid certificate. You might also see the following error in DSTrace:
SSL handshake failed, SSL_ERROR_ZERO_RETURN,
Error: 14094415: SSL Routines: SSL_READ_BYTES: sslv3 alert certificate expired.
To fix this issue, create new certificates if the previous certificates expire.
The DirXML script action DoSendEmailFromTemplate does not work on UNIX platforms unless a replica containing the e-mail templates is located on the same server where the DirXML engine is running. These e-mail templates are the ones used in the Notification Configuration task in iManager. The e-mail template objects are located in the Security container at the root of the tree.
If you create a driver entitlement name that includes a space (for example, "Email Account"), that entitlement is not granted to members of an Entitlement Policy.
To view help files, your browser language must be set to English. Otherwise, you might encounter an "HTTP Status 404" error.
If you have previously configured Nsure Audit on your server, and the loghost parameter in logevent.cfg is set to localhost, this configuration is overwritten during install and logging is turned off.
If you have specified an IP address in the loghost parameter, your logging configuration is unaffected.
To re-enable logging, open logevent.cfg and set the loghost parameter to the IP address of your logging server.
The following list contains the default location of logevent.cfg for each supported platform:
Operating System |
Path |
NetWare |
sys:\etc\logevent.cfg |
Windows |
windows_directory\logevent.cfg |
Linux\Solaris |
/etc/logevent.conf |
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
U.S. Patent Nos. 5,349,642; 5,608,903; 5,671,414; 5,677,851; 5,758,344; 5,784,560; 5,818,936; 5,828,882; 5,832,275; 5,832,483; 5,832,487; 5,870,561; 5,870,739; 5,873,079; 5,878,415; 5,884,304; 5,919,257; 5,933,503; 5,933,826; 5,946,467; 5,956,718; 6,016,499; 6,065,017; 6,105,062; 6,105,132; 6,108,649; 6,167,393; 6,286,010; 6,308,181; 6,345,266; 6,424,976; 6,516,325; 6,519,610; 6,539,381; 6,578,035; 6,615,350; 6,629,132. Patents Pending.
DirXML, NetWare, and Novell are registered trademarks of Novell, Inc. in the United States and other countries.
eDirectory, NMAS, and Nsure are trademarks of Novell, Inc. in the United States and other countries.
All third-party trademarks are the property of their respective owners.