Novell

This is Your Open EnterpriseTM

IDM 3.6.1-3.5.1 Bi-Directional Top Secret Driver Version 3.5.9 Patch 2

This document (5069640) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
idm360bidirtopsecretir1.tar.gzIdentity Manager 3.5.1ObsoleteIDM 3.6.0/3.5.1 Bi-Directional Top Secret Driver Patch 1 20090109
idm361bidirtopsecretir1.tar.gzIdentity Manager 3.6ActiveIDM 3.6.1 Bi-Directional Top Secret Driver Patch 1 3.5.8
idm361bidirtopsecretir1.tar.gzIdentity Manager 3.6.1ActiveIDM 3.6.1 Bi-Directional Top Secret Driver Patch 1 3.5.8
idm361bidirtopsecretir1.tar.gzIdentity Manager 3.5.1ActiveIDM 3.6.1 Bi-Directional Top Secret Driver Patch 1 3.5.8

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: No
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=On__rt5ghbE~

document

Revision: 1
Document ID: 5069640
Creation Date: 2010-02-24 16:17:02

technical support

This Field Test File is supported by Novell Technical Services.

abstract

IDM 3.6.1 Bi-Directional Top Secret Driver Patch 2. This patch covers the Novell Identity Manager 3.6.1, 3.6.0 and Identity Manager 3.5.1 Driver for Top Secret (Bi-directional) and the Novell Identity Manager Integration Modules for Mainframes 3.6.1, 3.6.0 or 3.5.1. This is a roll-up patch and includes all the fixes from prior patches.

details

Overview: Novell Identity Manager Driver for Top Secret

System Requirements: Novell Identity Manager 3.5.1or later and the Bi-Directional driver from one of those versions of IDM

Installation Instructions

1. Stop the driver and driver shim started tasks, if they are already running.

2. Install the patched .XMT files to your zOS Top Secret system
a. FTP the IDMLOAD.XMT, SAMPLIB.XMT and TSSEXEC.XMT files in binary mode:

C:\temp>ftp mainframe
Connected to mainframe.
220-FTPD1 IBM FTP CS V1R6 at mainframe, 17:37:05 on 2006-12-11.
220 Connection will close if idle for more than 5 minutes.
User (mainframe:(none)): user1
331 Send password please.
Password:
230 USER1 is logged on. Working directory is "USER1.".
ftp> bin
200 Representation type is Image
ftp> quote site lrecl=80 recfm=fb
200-BLOCKSIZE must be a multiple of LRECL for RECFM FB
200-BLOCKSIZE being set to 6160
200 SITE command was accepted
ftp> put idmload.xmt 'idmload.new.xmt'
200 Port request OK.
125 Storing data set IDMLOAD.NEW.XMT
250 Transfer completed successfully.
ftp> put samplib.xmt 'samplib.new.xmt'
200 Port request OK.
125 Storing data set SAMPLIB.NEW.XMT
250 Transfer completed successfully.
ftp> put tssexec.xmt 'exec.new.xmt'
200 Port request OK.
125 Storing data set EXEC.NEW.XMT
250 Transfer completed successfully.
ftp> bye
221 Quit command received. Goodbye.

b. Restore the library, using the RECEIVE command.

READY
receive inda('idmload.new.xmt')
INMR901I Dataset SYSTEMS.LOAD from USER1 on NODENAME
INMR154I The incoming data set is a 'PROGRAM LIBRARY'.
INMR906A Enter restore parameters or 'DELETE' or 'END' +
da('idm.load')
IEBCOPY MESSAGES AND CONTROL STATEMENT
S PAGE 1
IEB1135I IEBCOPY FMID HDZ11H0 SERVICE LEVEL UA13496 DATED 20040901 DFSMS 01.
06.00 z/OS 01.06.00 HBB7709 CPU 1247
IEB1035I USER1 SYSPROC SYSISPF 12:44:06 MON 11 DEC 2006 PARM=''
COPY INDD=((SYS00220,R)),OUTDD=SYS00218
IEB1013I COPYING FROM PDSU INDD=SYS00220 VOL=STG00B DSN=SYS06345.T124405.RA000
.USER1.R0158436
IEB1014I TO PDSE OUTDD=SYS00218 VOL=STG00C DSN=IDM.LOAD
IGW01551I MEMBER SRVFIOS HAS BEEN LOADED
.
.
.
IEB147I END OF JOB - 0 WAS HIGHEST SEVERITY CODE
INMR001I Restore successful to dataset 'IDM.LOAD'
READY


3. Start the Driver Shim Started Tasks on the Mainframe, TSDRV and LDXLOGRP.

4. Start the driver in iManager.

Technical Support Information:

Issues fixed in this patch:

- Significant improvements were made to both CPU and I/O consumption on the TSDRV started task.

- Rexx member IDMQUERY has been modified to return the DEPARTMENT, GROUP and PROFILE fields on entry-level queries for User objects.

- SAFQUERY now returns new fields available in SAF:

ACCDATE ACCTIME PWVCNT NETVCTL NETVMSGR NETVNGMF OEFILEP
MMAPAREA THREADS PROCUSER TSOLSIZE TSOMSIZE TSOOPT TSOUDATA

- Added "-pollingInterval" and "-heartbeatInterval" as DRVCONF options to provide the shim with the ability to override engine options.

- Operator command:

MODIFY TSDRV,APPL=STATUS

Now reports connection status along with event statistics.

- Added option to disable HTTP port for TSDRV ("-nohttpport").

- Non-handled commands on the publisher channel were often mistranslated into invalid XDS documents.

- Added startup LOG message to identify product version and build information.

- Added iconv() support for TSDRV. To specify a language translation CCSID for TSDRV, add the following line at the top of the TSDRV JCL:

// SET ENV='ENVAR("LC_CTYPE=IBM-1047")'

Where 'IBM-1047' is the CCSID codepage specifier for your language.

- Fixed ALL_READ_ATTRS never sent to Rexx script IDMQUERY on query events.

- Added XSUSPEND and VSUSPEND to default IDMMODU script.

Issues fixed in prior 3.6.1 patches:

- Fixed a memory leaks in the IDMSETV/SAFQUERY utilities.

- Fixed memory leaks in TSDRV during publishing.

- Fixed a hang in driver shim that could occur due to improper locking method on property cleanup.


Issues fixed since the 3.6 release:

- Fixed IDMMODU to properly handle the PSUSPEND attribute.

- Upgraded OpenSSL to 0.9.8h.

- Added error handling for Name/Token service call failures.

- Fixed a memory leak when a status document was returned from heartbeat.

- Fixed a memory leak in network code.

- Fixed a race condition that can occur when two drivers are configured for a connected system, resulting in both shims incorrectly instantiated.


Issues fixed since the 3.5.1 release:

- Fixed mishandling of unicode characters which could result in an ABEND or hung driver shim.

- Added BEFORE to the application schema [SAMPLIB(SCHEMDEF)].

- Changed IDMADDU and IDMMODU Rexx scripts to explicitly handle the PROFILE field along with FIRST/BEFORE/AFTER specifiers.

- Fixed IDMADDU and IDMMODU to execute multi-valued attributes in separate TSS commands, to respect operands with max capacity restrictions.

- Added an "Ordered List Mapping" schema transformation (XSLT) to translate the DirXML-TSS-PROFILE in eDirectory with the ordered PROFILE field in Top Secret. Translation of the FIRST, AFTER and BEFORE keywords are now performed accordingly.

- Adjusted memory management to more efficiently handle events with large amounts of data.

- Fixed IDMQUERY script to request NOREADATTRS when all the specified read-attr elements were not within the scope of SAF.

- Fixed network timeout that sometimes restarted the driver shim's connection with the IDM engine.

- Fixed network error that would sometimes occur when sending large amounts of data to the IDM engine. For example, during a large migration.

- Fixed Error loading remote loader password files for certain combinations of passwords.

- Fixed IDMMODU improper handling of the FIRST field

- Fixed build date improperly displayed on operator STATUS command.

- Fixed "is-sensitive" elements not being suppressed in trace output.

- When non-TSO users changed their passwords using TELNET on Top Secret release 12, the event incorrectly reported a password change for 'OMVSKERN' (or whichever ACID owns the OMVS STC) instead of the user.

Issues fixed since the 3.5.0 release:

- Fixed problem with the publisher channel accessing changelog while subscriber is executing authorized TSO commands. This can cause the driver shim to hang.

- Fixed memory leak in the driver shim.

- Fixed IDMADDU script to handle the USING field properly.

- Fixed IDMADDU script to not specify TYPE(USER); instead accept the default.

- Fixed TopSecret.xml to default the Password Expiration Interval to 30 days.

- Fixed TopSecret.xml to properly transform the FOR field to an UNTIL field

- Fixed OC4 abend in SAFQUERY if SAF returns zero-length field.

file contents

Compressed File Name: idm361bidirtopsecretir2.tar.gz

Files IncludedSizeDate
idm361bidirtopsecretir2/TSSEXEC.XMT197.8 KB (202640)2010-02-24 15:38:35
idm361bidirtopsecretir2/SAMPLIB.XMT87.5 KB (89680)2010-02-24 15:38:35
idm361bidirtopsecretir2/IDMLOAD.XMT8.2 MB (8630240)2010-02-24 15:38:35
readme_5069640.htmlN/A2010-02-24 16:21:03
readme.htmlN/A2010-02-24 16:21:03

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.