IDM 3.5.1 Bi-Directional Top Secret Driver Patch 1 20071003

This document (5006643) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

Product	Status	Next Superceded By	Last Superceded By
Novell Identity Manager 3.5.1	Obsolete	IDM 3.5.1 Bi-Directional Top Secret Driver Patch 2 20071214	IDM 3.5.1 Bi-Directional Top Secret Driver Patch 2 20071214

patch attributes

Security patch: No

Priority: Recommended

Distribution Type: Public

http://download.novell.com/Download?buildid=EmvlwqZHuQE~

document

Revision: 9

Document ID: 5006643

Creation Date: 2007-10-17 09:24:50

Modified Date: 2008-05-14 14:54:28

abstract

Novell Identity Manager Driver for Top Secret 3.5.1 Novell Identity Manager Integration Modules for Mainframes 3.5 Field patch for TopSecret.xml, zOS.jar, IDMLOAD.XMT, SAMPLIB.XMT, TSSEXEC.XMT

details

Overview: This patch is for the Bi-directional Top Secret driver that shipped with IDM 3.5.1

Installation Instructions

1. Stop the driver and driver shim started tasks, if they are already running.

2. Import the new TopSecret.xml, if necessary
a. If you have already installed the driver, make sure to update all policies to apply fixes corrected by this configuration file

b. This configuration adds one schema mapping policy since the release of 3.5.1. This policy transforms data needed for synchronizing the PROFILE field in Top Secret.

3. Install the new zOS.jar:
a. Copy zOS.jar to your IDM class library location
i. /usr/lib/dirxml/classes for eDir 8.7
ii. /opt/novell/eDirectory/lib/dirxml/classes for eDir 8.8
b. Restart eDirectory to refresh the classpath for IDM
i. /etc/init.d/ndsd restart

4. Install the patched .XMT files to your zOS Top Secret system
a. FTP the .XMT files in binary mode
b. Restore the libraries. Here is an example using ftp:

----From Workstation------

C:\temp>dir *.xmt
Volume in drive C is Windows C Drive
Volume Serial Number is F0F9-3F51

Directory of C:\temp

06/19/2007 11:28 AM 6,285,520 IDMLOAD.XMT
06/19/2007 11:28 AM 83,040 SAMPLIB.XMT
06/19/2007 11:28 AM 175,520 TSSEXEC.XMT
3 File(s) 6,544,080 bytes

C:\temp>ftp mainframe
Connected to mainframe.
220-FTPD1 IBM FTP CS V1R6 at mainframe, 17:37:05 on 2006-12-11.
220 Connection will close if idle for more than 5 minutes.
User (mainframe:(none)): user1
331 Send password please.
Password:
230 USER1 is logged on. Working directory is "USER1.".
ftp> bin
200 Representation type is Image
ftp> quote site lrecl=80 recfm=fb
200-BLOCKSIZE must be a multiple of LRECL for RECFM FB
200-BLOCKSIZE being set to 6160
200 SITE command was accepted
ftp> put idmload.xmt 'idmload.new.xmt'
200 Port request OK.
125 Storing data set IDMLOAD.NEW.XMT
250 Transfer completed successfully.
ftp> put samplib.xmt 'samplib.new.xmt'
200 Port request OK.
125 Storing data set SAMPLIB.NEW.XMT
250 Transfer completed successfully.
ftp> put tssexec.xmt 'exec.new.xmt'
200 Port request OK.
125 Storing data set EXEC.NEW.XMT
250 Transfer completed successfully.
ftp> bye
221 Quit command received. Goodbye.

----From Mainframe TSO-----

READY
receive inda('idmload.new.xmt')
INMR901I Dataset SYSTEMS.ASCDEV.LOAD from USER1 on NODENAME
INMR154I The incoming data set is a 'PROGRAM LIBRARY'.
INMR906A Enter restore parameters or 'DELETE' or 'END' +
da('idm.load')
IEBCOPY MESSAGES AND CONTROL STATEMENT
S PAGE 1
IEB1135I IEBCOPY FMID HDZ11H0 SERVICE LEVEL UA13496 DATED 20040901 DFSMS 01.
06.00 z/OS 01.06.00 HBB7709 CPU 1247
IEB1035I USER1 SYSPROC SYSISPF 12:44:06 MON 11 DEC 2006 PARM=''
COPY INDD=((SYS00220,R)),OUTDD=SYS00218
IEB1013I COPYING FROM PDSU INDD=SYS00220 VOL=STG00B DSN=SYS06345.T124405.RA000
.USER1.R0158436
IEB1014I TO PDSE OUTDD=SYS00218 VOL=STG00C DSN=IDM.LOAD
IGW01551I MEMBER SRVFIOS HAS BEEN LOADED
.
.
.
IEB147I END OF JOB - 0 WAS HIGHEST SEVERITY CODE
INMR001I Restore successful to dataset 'IDM.LOAD'
READY

-------------

5. Start the Driver Shim Started Tasks on the Mainframe, TSDRV and LDXLOGRP.

6. Start the driver in iManager.

Current Issues fixed since the 3.5.1 release:

- Fixed mishandling of unicode characters which could result in an ABEND or hung driver shim.

- Added BEFORE to the application schema [SAMPLIB(SCHEMDEF)].

- Changed IDMADDU and IDMMODU Rexx scripts to explicitly handle the PROFILE field along with FIRST/BEFORE/AFTER specifiers.

- Fixed IDMADDU and IDMMODU to execute multi-valued attributes in separate TSS commands, to respect operands with max capacity restrictions.

- Added an "Ordered List Mapping" schema transformation (XSLT) to translate the DirXML-TSS-PROFILE in eDirectory with the ordered PROFILE field in Top Secret. Translation of the FIRST, AFTER and BEFORE keywords are now performed accordingly.

- Adjusted memory management to more efficiently handle events with large amounts of data.

- Fixed IDMQUERY script to request NOREADATTRS when all the specified read-attr elements were not within the scope of SAF.

- Fixed network timeout that sometimes restarted the driver shim's connection with the IDM engine.

- Fixed network error that would sometimes occur when sending large amounts of data to the IDM engine. For example, during a large migration.

Previous Issues fixed between the 3.5.0 release and the 3.5.1 release

- Fixed problem with the publisher channel accessing changelog while subscriber is executing authorized TSO commands. This can cause the driver shim to hang.

- Fixed memory leak in the driver shim.

- Fixed IDMADDU script to handle the USING field properly.

- Fixed IDMADDU script to not specify TYPE(USER); instead accept the default.

- Fixed TopSecret.xml to default the Password Expiration Interval to 30 days.

- Fixed TopSecret.xml to properly transform the FOR field to an UNTIL field

- Fixed OC4 abend in SAFQUERY if SAF returns zero-length field.

file contents

Compressed File Name: idm351bidirtopsecretir1.tar.gz

Files Included	Size	Date
readme_5006643.html	N/A	2008-05-14 14:54:29

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.