Sun[TM] Identity Manager 8.0 Release Notes |
Installation and Update Notes
This section provides information related to installing or updating Identity Manager, and the information is organized as follows:
Note
For Known Issues related to the installation and upgrade process, please refer to the Install and Update section of this document.
Installation NotesThe following information relates to the product installation process:
- You must manually install Identity Manager on HP-UX.
- The Identity Manager installation utility can now install or update to any installation directory name. You must create this directory prior to starting the installation process, or select to create the directory from the setup panel.
- Running the Sun Identity Manager Gateway on a Windows system requires the Microsoft Active Directory Client extension. The DSClient can be found at the following location:
Upgrade NotesThis section contains information and known issues related to upgrading Identity Manager from version 6.0 or version 7.0 to version 8.0.
The information in this section is organized as follows:
Before You Begin
You must be aware of the following information before starting the upgrade process:
- Identity Manager 8.0 dedicates some new tables for Roles objects. You must use the sample scripts provided in the db_scripts directory to make the schema changes, create the new table structures, and move your existing data.
- If you are upgrading to Identity Manager 8.0, and have any custom code that calls UserUIConfig#getRepoIndexAttributes(), you must remove the code or change it to call Type.USER#getInlineAttributeNames().
Importing update.xml converts the values from the UserUIConfig RepoIndexAttrs into values of XML attributes on the TypeDataStore element for Type.USER within the RepositoryConfiguration object. The update.xml file includes the UserUIConfigUpdater.xml file, which contains an Import command that invokes UserUIConfigUpdater to convert RepoIndexAttrs. Conversion also sets a flag in SystemConfiguration that inhibits reconversion.
Any future changes to the inline attributes for Type.USER should be made by editing the RepositoryConfiguration object. If you change the inline attributes for Type.USER, you generally must refresh all Type.USER objects.
- Be sure to use only one Identity Manager server to import update.xml and that only one Identity Manager server is running during the upgrade. If you start any other Identity Manager servers during the upgrade, you must stop and restart those servers before making them available.
- Be careful when you edit the super role field in the Role form because the super role itself may be a nested role. The super roles and subroles fields indicate a nesting of roles and their associated resources or resource groups. When applied to a user, the super role includes the resources associated with any designated subrole. The super role field is displayed to indicate the roles that include the displayed role.
- During the upgrade process, Identity Manager analyzes all roles on the system and then updates any missing subroles and super roles links using the RoleUpdater class.
To check and upgrade roles outside of the upgrade process, you can import the new RoleUpdater configuration object that is provided in sample/forms/RoleUpdater.xml.
For example:
Where:
- verbose: Provides verbose output when updating roles. Specify false to enable a silent update of roles.
- noupdate: Determines whether the roles are updated. Specify false to get a report that only lists which roles will be updated.
- nofixsubrolelinks: Determines whether super roles are updated with missing subrole links. This value is set to false by default and links will be repaired.
- Administrators who need to view or edit the Identity Manager schema for Users or Roles must be in the IDM Schema Configuration AdminGroup and must have the IDM Schema Configuration capability.
- The SPML 2.0 implementation in Identity Manager has changed in Identity Manager 8.0. In previous releases, the SPML objectclass attribute used in SPML messages was mapped directly to the objectclass attribute of Identity Manager User objects. The objectclass attribute is now mapped internally to the spml2ObjectClass attribute and is used internally for other purposes.
During the upgrade process the objectclass attribute value is automatically renamed for existing users. If your SPML 2.0 configuration contains forms that reference the objectclass attribute, you must manually change those references to spml2ObjectClass.
Identity Manager does not replace the sample spml2.xml configuration file during an upgrade. If you used the spml2.xml configuration file as a starting point, be aware that this file contains a form with references to objectclass that you must change to spml2ObjectClass. Change the objectclass attribute in forms (where it is used internally), but do not change the objectclass attribute in the target schema (where the attribute is exposed externally).
Upgrade Issues
bin/winnt/nspr4.dll
bin/winnt/jdic.dll
bin/winnt/MozEmbed.exe
bin/winnt/IeEmbed.exe
bin/winnt/AceApi.dll
bin/winnt/DominoAPIWrapper.dll
bin/winnt/DotNetWrapper.dll
bin/winnt/gateway.exe
bin/winnt/lhpwic.dll
bin/winnt/msems.inf
bin/winnt/pwicsvc.exe
bin/winnt/remedy.dll
bin/solaris/libjdic.so
bin/solaris/mozembed-solaris-gtk2
bin/linux/librfccm.so
bin/linux/libsapjcorfc.so
bin/linux/libjdic.so
bin/linux/mozembed-linux-gtk2
An attribute condition that refers to a multi-valued extended attribute will evaluate correctly for a user object only after that user object has been re-serialized. If you want such an attribute condition to evaluate correctly for all user objects, then you must re-serialize all user objects. See Refreshing User Objects for instructions.
- If you are upgrading from an Identity Manager version 6.x installation to version 7.x to version 8.0, and you want to start using the new Identity Manager end-user pages, you must manually change the system configuration ui.web.user.showMenu to true for the horizontal navigation bar to display. (ID-14901)
Also, if you want the new end user dashboard to display on the end-user home page, you must manually change the end user form mapping for Form Type 'endUserMenu'. Go to Configure > Form and Process Mapping > for Form Type 'endUserMenu' change the Form Name Mapped To to be 'End User Dashboard'.
You should also update the mapping for Form Type 'endUserWorkItemListExt'. Change the Form Name Mapped To to be 'End User Approvals List'.
- If you are upgrading from version 6.0 or 7.0 to version 7.1 or version 8.0, and using LocalFiles, you must export all of your data before upgrading and then re-import the data after doing a clean installation of 7.1 or 8.0. (ID-15366)
- If your installation contains a Remedy resource, you must place Remedy API libraries in the directory where the Gateway is installed. These libraries can be found on the Remedy server.
Table 1 Remedy API Libraries
Remedy 4.x and 5.x
Remedy 6.3
Remedy 7.0
where XX matches the version of Remedy.
For example, arapi45.dll on Remedy 4.5.- Upgrading to Identity Manager 8.0 automatically converts the User Extended Attributes object and QueryableAttrNames and SummaryAttrNames elements of the UserUIConfig object into the IDM Schema Configuration object. (ID-17784) The sample update.xml script contains an import command that invokes IDMSchemaConfigurationUpdater to convert legacy user schema configuration objects. Successful conversion of legacy user schema configuration objects performs the following:
- Creates within IDM Schema Configuration an IDMObjectClassAttribute element for each extended attribute name from User Extended Attributes.
- Flags as ‘summary’ any IDMObjectClassAttribute that corresponds to each value from the SummaryAttrNames element within UserUIConfig.
- Flags as ‘queryable’ any IDMObjectClassAttribute that corresponds to each value from the QueryableAttrNames element within UserUIConfig.
- Empties the SummaryAttrNames element within UserUIConfig.
- Empties the QueryableAttrNames element within UserUIConfig.
- Renames any extended attribute named objectClass to spml2ObjectClass. Legacy attributes named objectClass conflict with a core attribute in the Identity Manager 8.0 schema.
- When you are upgrading to Identity Manager 8.0, and have any custom code that calls UserUIConfig#getRepoIndexAttributes(), you must remove the code or change it to call Type.USER#getInlineAttributeNames(). (ID-18051)
Importing update.xml converts the values from the UserUIConfig RepoIndexAttrs into values of XML attributes on the TypeDataStore element for Type.USER within the RepositoryConfiguration object. The update.xml file includes the UserUIConfigUpdater.xml file, which contains an import command that invokes UserUIConfigUpdater to convert RepoIndexAttrs. Conversion also sets a flag in SystemConfiguration that inhibits reconversion.
Any future changes to the inline attributes for Type.USER should be made by editing the RepositoryConfiguration object. If you change the inline attributes for Type.USER, you generally must refresh all Type.USER objects.
- When upgrading to Identity Manager 8.0 from any Identity Manager release prior to Identity Manager 7.1, there might be ItemNotFound Exceptions in the upgrade log due to Identity Manager Service Provider Edition (SPE) objects being renamed to Identity Manager Service Provider within Identity Manager 8.0. (ID-18860)
Deprecated Features
- Identity Manager 8.0 changed the display method of charts and graphs in reports. Reports created prior to Identity Manager 8.0 will display as expected in the Identity Manger 8.0 release; however, reports will not display as expected in subsequent major releases and patches. For example, a report created in Identity Manager 7.1 will display as expected in Identity Manager 8.0 and Identity Manager 8.0 Patch 1, but not in Identity Manager 9.0. (ID-17636)
Refreshing User Objects
Certain types of changes require an administrator to refresh all User objects. For example, you must refresh all User objects when you change the inline attributes for Type.USER in RepositoryConfiguration. Whenever you mark an attribute as queryable or summary in the IDMSchemaConfiguration object, you must refresh all User objects for the change to affect older, unmodified objects. The same logic applies when a new version of Identity Manager adds a new attribute, or when a new version of Identity Manager changes the values of an existing attribute — the upgrade process or an administrator must refresh all User objects for the change to affect older, unmodified objects.
There are three ways to reserialize existing users:
- Use the Deferred Task Scanner.
Note
Before running the Deferred Task Scanner process, you must edit the System Configuration object using the Identity Manager Integrated Development Environment (Identity Manager IDE) or some other method.
Search for 'refreshOfType' and remove the attributes for '2005Q4M3refreshOfTypeUserIsComplete' and '2005Q4M3refreshOfTypeUserUpperBound'.
After editing the System Configuration object, you must import that object to repository for your changes to be present.