Novell

This is Your Open EnterpriseTM

IDM 3.6.1-3.5.1LDAP Driver Version 3.5.11 Patch 3

This document (5073470) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
idm360ldapir3.tar.gzIdentity Manager 3.6ObsoleteIDM 3.6.0/3.5.1 LDAP Driver Version 3.5.7 Patch 3 20090202
idm361ldapir1.tar.gzIdentity Manager 3.6ObsoleteIDM 3.6.1 LDAP Driver Version 3.5.9 Patch 1 20090731
idm361ldapir2.tar.gzIdentity Manager 3.5.1ObsoleteIDM 3.6.1-3.5.1LDAP Driver Version 3.5.10 Patch 2
idm361ldapir2.tar.gzIdentity Manager 3.6.1ObsoleteIDM 3.6.1-3.5.1LDAP Driver Version 3.5.10 Patch 2

patches that supersede this patch

ProductStatusNext Superceded ByLast Superceded By
Novell Identity Manager 3.6.1ObsoleteIDM 4.0.1-3.5.1 LDAP Driver Version 3.5.14 Patch 1IDM 4.0.1-3.5.1 LDAP Driver Version 3.5.14 Patch 1
Novell Identity Manager 3.5.1ObsoleteIDM 4.0.1-3.5.1 LDAP Driver Version 3.5.14 Patch 1IDM 4.0.1-3.5.1 LDAP Driver Version 3.5.14 Patch 1

patch attributes

Security patch: No
Priority: Recommended
Distribution Type: Public

document

Revision: 3
Document ID: 5073470
Creation Date: 2010-04-15 19:12:58
Modified Date: 2011-08-29 08:25:02

abstract

Patch for the LDAP driver that ships with IDM 3.6.1, IDM 3.6.0 or IDM 3.5.1. This brings the version of the driver to 3.5.11. This driver updates the one that shipped with both 3.6.0 and 3.5.1 because the LDAP 3.6.1 drivers are compatible with IDM 3.6.0 back to IDM 3.5.1.

details

Overview: Patch for the LDAP driver that ships with IDM 3.6.1, 3.6.0 or 3.5.1

System Requirements: Novell Identity Manager 3.5.1or later with the LDAP driver from one of those versions.

Installation of driver patch:

1. Stop all drivers.

2. Copy the patched jar files to one of the following directories:
- Windows - \novell\nds\lib
- Unix/Linux eDir 8.7.3 or older - /usr/lib/dirxml/classes
- Unix/Linux eDir 8.8 or newer - /opt/novell/eDirectory/lib/dirxml/classes
- Non Root - $NDS_HOME/opt/novell/eDirectory/lib/dirxml/classes
- Netware - sys:system\lib

If the driver is configured to use the remote loader, copy the files to one of the following directories:
- Windows - \Novell\remoteloader\lib
- Unix/Linux eDir 8.7.3 or older - /usr/lib/dirxml/classes
- Unix/Linux eDir 8.8 or newer - /opt/novell/eDirectory/lib/dirxml/classes
- Non Root - $NDS_HOME/opt/novell/eDirectory/lib/dirxml/classes

3. Add the optional driver parameter if needed.
4. Cycle IDM (to do this, restart eDirectory) and or the remote loader service
NOTE: If you are running the driver locally and more than one driver exists, you must stop all the drivers before cycling eDirectory.

5. Start the driver(s)

Optional Driver Parameter to implement the fix for bug 545640. In order to implement the change, the following driver parameter will need to be added.

<definition display-name="Ignore empty components for Postal Address" id="109" name="subIgnoreEmptyComponentOption" type="enum"> <description>The LDAP Driver introduces a space " " between $$ if the value of any postalAddress components are missing. Turning on this parameter will discard trailing valueless components. Default selection is "No".</.</description> <enum-choice display-name="Yes">yes</enum-choice> <enum-choice display-name="No">no</enum-choice> <value>no</value> </definition>

The new definition should be added under subscriber-options-->configuration-values-->definitions.
On your LDAP driver object. Click "Edit Properties", "Driver Parameters", "Edit XML" Then add
the definition above. The new parameter will instruct the driver to ignore empty values in the
postal address attribute when set to "yes". The default value is "no" which will cause the driver to operate as it has in the past.


Installation of updated Sun Password Plugin:

How to install the IDM 3.6.1 FP2 Sun Password Plugin Patch:
1. Locate the correct plugin binary file.
2. Copy the plugin file to the correct place in your Sun Java System Directory installation.
3. Restart the Sun directory.

Details for each step
STEP 1: Locate the correct plugin binary file, The patched file is located in directories representing the supported platforms. For example, if your Sun directory runs on AIX, look in the AIX directory. The plugin filename is novl-idm-pswd.so on all platforms except Windows, where the filename is novl-idm-pswd.dll.

STEP 2: Copy the binary plugin file to the lib directory in your Sun Java System Directory installation location. For example, on Windows the default installation location for Sun Java System Directory is C:\Program Files\Sun\MPS and inside that directory is a lib directory. Put novl-idm-pswd.dll in the lib directory. On other platforms, the default installation location is often /var/Sun/mps. You'll need to locate the Sun Java System Directory installation location on your system, and put the plugin file inside the lib directory.
NOTE: On Solaris SPARC computers, the Sun Java System Directory installation will include two versions of the library: a 32-bit version and a 64-bit version. The 32 bit version (by default) are found at /var/Sun/mps/lib and the 64 bit version is found at /var/Sun/mps/lib/64. Both a 32 bit and a 64 bit version of the plugin are provided. You should copy both versions to their respective locations on your Solaris installation. At runtime, the Sun Java System Directory determines which version is the approprate version to load.

STEP 3: Restart Sun Java System Directory so your changes will take affect and the plugin will start. Note any errors that may appear on the console for troubleshooting purposes.

Technical Support Information:

Current Fixes:
- Fixed an issue that happened when adding a multi-line description. Bug 574190

- Fixed an issue where special Characters in the CN attribute would get incorrectly encrypted coming in on the LDAP driver Publisher Channel. Bug 574890

- Fixed an issue where line folding was not working properly on LDAP driver. This problem was introduced with version 3.5.8 of the driver. Bug 569622


Previous fixes in IDM 3.6.1 LDAP Driver Version 3.5.10 Patch 2

- Fixed a problem where specific changelog events would cause a modify with remove-all-values for each attribute. Bug 545760

- Fixed a problem with a possible LDAP Shim memory leak. Bug 507559

- Fixed a problem where the Sun password plugin for LDAP driver would crash Sunone 5.2 when an existing password is cleared. Bug 535532

- Fixed a problem where the postalAddress would get padded with extra white lines. Bug 545640


Previous fixes in IDM 3.6.1 LDAP Driver Version 3.5.9 Patch 1 20090731

- Fixed a problem with the LDAP Driver going in a continous loop. Bug 524525

- LDAP Driver doesn't report an error when duplicate value is added to multi-valued sn attribute. Bug 411360

- The comparisons done by the LDAP driver for or are no longer case sensitive. Bug 509437

-Leading white-spaces are no longer removed from a value on the Publisher channel. Bug 506371

- The LDAP driver will no longer perform an optimize modify on the subscriber channel. This makes the driver function the way it did before 3.6.0. Bug 503732

- The LDAP driver can now rename the rdn in an Ldap environment to match the uid once it is populated in the Identity vault. Bug 473535

- LDAP driver no longer does base64 encoding on string attributes. Bug 503730

- Fixed an IllegalArgumentException caused by doing a compare operation when a "description" attribute value was not available. Bug 527041

- Fixed a connection storm caused by using anonymous binds and LDAP search. Bug 502882


Previous fixes in IDM 3.6.1

- Fixed a problem with prior fix Bug 460470. Fix added for this defect causes a remove all but no replace. Bug 496790

- Fixed issue where the Subscriber option disable support of Binary Attributes was not working. Bug 489475

- Fixed issue where LDAP driver was case sensitive for remove-values operations. Bug 474794

- Fixed issue where the driver treats attributes that span multiple lines incorrectly. Bug 474783

- Added support for anonymous bind. Bug 467253

- Fixed issue where homePostalAddress was not handled correctly. Bug 460735

- Fixed issue where the LDAP driver was publishing passwords when configured not to publish them. Bug 457907

- Fixed issue where LDAP driver is processing events on first startup when the driver parameter states only new events. Bug 457833

- Made the LDAP Driver 500 transaction bind limit to be configurable.
New Driver Option:
Specify the number of LDAP operations after which driver reconnects to the LDAP server. Change the default value to a large value if you see driver doing frequent binds. Bug 457503

- Fixed LDAPPublisher.processModifyValue() nextToken Line 1 Error: java.util.NoSuchElementException. Bug Bug 444474

- Fixed an IDM Password Plugin error when changing a password more than once. Bug 362787

- Fixed an IDM Password Plugin Error when adding object without password to Sun ONE Directory Server. Bug 362782

- Added ability for the driver to filter on individual attributes for different classes. Bug 278291


Some of the new features in the 3.6.1 shipping driver

- Added ability for the driver to filter on individual attributes for different classes. This feature is only for LDAP-search publication method in publisher channel.
In search pub method, the LDAP driver uses only the objectclass as the search filter in the search, like (objectclass=inetorgperson). At every poll, it does 'n' such searches where 'n' is number of objectclasses in driver filter.

This feature is to enable the driver to use a search filter with attributes also. The search will be faster if we want to use synchronize only those objects which have some attributes with the desired values.

An example could be, if we want to synchronize only those users who have 'ou=test' then we can specify the search filter (&(objectclass=inetorgperson)(ou=test)) in the provided driver parameter. This synchronizes only those users who have that value. The search time would be faster in this case.

If this parameter is left empty, then the driver would behave the normal way.

New Publisher Option:
Specify the LDAP Search filters to filter on individual attributes for different classes which are in Driver filter. If this is left empty, the search will be done only based on the objectclassses in the Driver filter like "objectclass=inetorgperson". If there are 'n' classes in the Driver filter, then you can specify a maximum of 'n' LDAP search filters separated by space, one for each class in the driver filter. An example of a search filter can be
(&(objectclass=inetorgperson)(cn=test))

Previous Fixes in IDM 3.6.0/3.5.1 LDAP Driver Version 3.5.7 Patch 3 20090202

- Fixed issue where adding a member to a group resulted in entire group membership being replaced. Bug 460470

- Resolved issue where LDAP driver is not synchronizing userCertificate attribute. Bug 446334

- Resolved issue where LDAP driver is not properly handling unassociated group members. Bug 457321

- Resolved issue where LDAP driver did not clean up tmp files on Netware with the IDM 3.5.1 LDAP driver. Bug 353619



Previous Fixes in IDM 3.6.0

- Driver-LDAP optimize-modify failing on LDAP driver loginDisabled attribute. Bug 407633

- Driver-LDAP IDM 3.6 LDAP Configuration files :- LDAP driver does not start with IDM 3.6 LDAP driver configuration. Bug 407029

- Driver-LDAP LDAP Driver config :- LDAP driver looks for 'use-mutual-auth' paramter even though Driver not configured for mutual authentication. Bug 404592

- Driver-LDAP LDAP Driver config :- Search Base DN of Publisher setting does not hold value given by IDM admin. Bug 404588

- Driver-LDAP Doc: SunOne Password plugin missing runtime symbols. Bug 394937

- Driver-LDAP SunOne 5.2 slapd not starting with password plugin errors. Bug 394936

- Driver-LDAP LDAP Driver does not handle Facsimile telephone number syntax during a migrate. Bug 392044

- Driver-LDAP Subordinate scope query without a search class is failing. Bug 389732

- Driver-LDAP LDAP Driver Trace log should display the LDAP search request for no such object exceptions. Bug 368608

- Driver-LDAP Changes on multiple attributes with merge authority cause errors for unassociated objects. Bug 356991

- Driver-LDAP Use of LDAPPublisher.searchForClassName() can cause events to be dropped. Bug 309624

Previous Fixes in IDM 3.5.1 LDAP driver Patch 2

- Fixed a problem handling multiple search-class values on queries.

- Fixed a problem with remembering the correct location in the changelog when the driver was restarted.

- Fixed a problem with Base64 decoding of attributes from the changelog.

- Fixed a problem with the preferred object class list being case sensitive.

- Driver tried to process one more change then was present in the change log.

file contents

Compressed File Name: idm361ldapir3.tar.gz

Files IncludedSizeDate
idm361ldapir3/ldapfp/LDAPUtil.jar13.6 KB (13974)2010-04-15 14:40:53
idm361ldapir3/ldapfp/LDAPShim.jar168.7 KB (172842)2010-04-15 14:40:53
idm361ldapir3/sun_password_plugin/aix/novl-idm-pswd.so820.2 KB (839971)2010-04-15 14:40:53
idm361ldapir3/sun_password_plugin/linux/novl-idm-pswd.so592.8 KB (607104)2010-04-15 14:40:53
idm361ldapir3/sun_password_plugin/win32/novl-idm-pswd.dll380.0 KB (389120)2010-04-15 14:40:53
idm361ldapir3/sun_password_plugin/solaris/64/novl-idm-pswd.so1.2 MB (1357504)2010-04-15 14:40:53
idm361ldapir3/sun_password_plugin/solaris/novl-idm-pswd.so955.3 KB (978328)2010-04-15 14:40:53
readme_5073470.htmlN/A2011-08-29 08:25:03

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.