What's New in Oracle Identity Manager Connector for Novell eDirectory?

This chapter provides an overview of the updates made to the software and documentation for the Novell eDirectory connector in release 9.0.4.14.

Note:

Release 9.0.4.14 of the connector comes after release 9.0.4.12. Release number 9.0.4.13 has not been used.

The updates discussed in this chapter are divided into the following categories:

Software Updates

The following sections discuss software updates:

Software Updates in Release 9.0.4.14

The following are resolved issues in release 9.0.4.14:

Bug Number Issue Resolution
13253177 The connector revoked all net addresses restrictions of a user during provisioning operations. This issue has been resolved.
9824698 When attempting to disable or modify a user, the updates were not made in Novell eDirectory due to LDAP error code. This issue has been resolved.
10199421 When a provisioned attribute value is set to empty string in Oracle Identity Manager, the attribute value was also nullified on the target system.

There was no option to remove the attribute from the user on the target system.

This issue has been resolved.
10357910 If the eDirectory Organization Lookup Reconciliation Task scheduled task was run, the task was indicated as success without any error/exception. However, the result was empty, it was not populating any entries. This issue has been resolved.
16484995 Provisioning groups in LDAP containing large number of users took a very long time to complete. This issue has been resolved.
16623193 When attempting to revoke an account from an eDirectory configured with Org DN prefix "o", the operation failed with an error. This issue has been resolved.
9258623 You specify the port number of the target system host computer as the value of the Port IT resource parameter. The following issues were related to this feature:
  • The connector did not work if a port other than 389 was specified as the value of the Port parameter.

  • In a high-availability environment, if the primary server fails, then the connector automatically switches to a secondary server based on the entry in the Lookup.EDIR.BackupServers lookup definition. However, the connector failed if the port for connector operations on the secondary server was not the same as the port specified in the IT resource.

Both issues have been resolved:
  • You can now specify any port as the value of the Port parameter.

  • In the Lookup.EDIR.BackupServers lookup definition, you now specify the port for connector operations for each secondary server.

9667788 and 9772198 The Move User provisioning operation did not work correctly. This issue has been resolved. The Move User provisioning operation now works as expected.
9504505 The Add User to Group and Remove User from Group provisioning operations failed if the domain name was in the format shown in the following example:

o=ts-bec,st=qc,c=ca

The operation did not fail if the domain name was in a format such as the following:

o=Company

This issue has been resolved. The Add User to Group and Remove User from Group provisioning operations work for both formats of the domain name.
9675680 The AttrTask attribute of the scheduled tasks for lookup field synchronization is used to hold the naming attribute of the object on the target system.

During lookup field synchronization, a NullPointerException was encountered if the object (specified as the value of the AttrTask attribute) was not present in the target system.

This issue has been resolved.

Software Updates in Release 9.0.4.12

The following are the software updates in release 9.0.4.12:

Support for New Oracle Identity Manager Release

From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.

See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.

Support for Request-Based Provisioning

From this release onward, the connector provides support for request-based provisioning on Oracle Identity Manager 11g release 1 (11.1.1).

See Section 3.6.1.2, "Request-Based Provisioning" for more information.

Software Updates in Release 9.0.4.5

The following are software updates in release 9.0.4.5:

Addition to the List of Certified Target System Versions

From this release onward, Novell eDirectory 8.8 has been added to the list of certified target system versions. This version is mentioned in Section 1.1, "Certified Components."

Change in the Minimum Oracle Identity Manager Release Requirement

In earlier releases, the minimum Oracle Identity Manager release requirement was release 8.5.3.1. From this release onward, the minimum requirement is Oracle Identity Manager release 9.0.3.2. This change has been made in Section 1.1, "Certified Components."

Support for Reconciliation and Provisioning of Groups and Roles

From this release onward, the connector supports reconciliation and provisioning of groups and roles from the target system. This is in addition to support for single-valued and multivalued user attributes.

See the following sections for information about the group and role object attributes that are mapped by the connector:

Support for Reconciliation and Provisioning of Custom Single-valued and Multivalued Attributes of Users, Groups, and Roles

In earlier releases, the connector supported reconciliation and provisioning of only standard single-valued and multivalued user attributes. From this release onward, the connector can be configured to reconcile from and provision to custom single-valued and multivalued attributes of users, groups, and roles.

See Chapter 4, "Extending the Functionality of the Connector" for more information.

Separate Scheduled Tasks for User, Group and Role Reconciliation and Lookup Field Synchronization

Separate scheduled tasks have been introduced for lookup field synchronization and user, group, and role reconciliation. See the following sections for more information:

Support for High Availability Target System Environments

From this release onward, the connector can be configured to work with high-availability target system environments.

See Section 1.4.10, "Support for High-Availability Configuration of the Target System" for more information.

Support for Paged Reconciliation

From this release onward, you can use the PageSize entry in the Lookup.EDIR.Configuration lookup definition to implement paged reconciliation.

See Section 1.4.4, "Support for Paged Reconciliation" for more information.

Support for Transformation of Data During Reconciliation

From this release onward, you can configure transformation of data during reconciliation.

See Section 1.4.8, "Support for Transformation of Data During Reconciliation" for more information.

Support for Reconciliation and Provisioning of Home Directories

From this release onward, the connector supports reconciliation and provisioning of Home directories for users. The procedure to enable and use this feature is optional.

See Section 1.4.9, "Support for Reconciliation and Provisioning of Home Directories" for more information.

Introduction of New Lookup Definitions

New lookup definitions have been introduced in this release. These lookup definitions are described in Section 1.5, "Lookup Definitions Used During Reconciliation and Provisioning."

Enhanced Logging

The logging feature has been enhanced in this release.

See Section 2.3.6, "Enabling Logging" for information about this feature.

Addition of the GUID to the Standard Set of User, Group, and Role Attributes

From this release onward, the GUID attribute has been added to the standard set of user, group, and role attributes. This attribute is used to uniquely identify a user, group, or role record during reconciliation and provisioning operations.

See Section 1.5, "Connector Objects Used During Reconciliation and Provisioning" for information about attribute mappings.

Inclusion of Javadocs in the Connector Deployment Package

To facilitate reuse and customization of some parts of the connector code, Javadocs are included in the connector deployment package.

Resolved Issues

The following are issues resolved in release 9.0.4.5:

Bug Number Issue Resolution
8495610 and 8687094 During a provisioning operation, a user's home directory could not be created on a computer running Novell Netware. This issue has been resolved. A user's home directory can be created on a computer running Novell Netware.

Note: In the Home Directory Name field on the Administrative and User Console, you can enter either the name of the home directory or the full path and name of the home directory. The directory path that you specify must exist on the target system.

The following are sample values for the Home Directory Name field:

jdoe_home

accounts/north_east/jdoe_home

8602804 The Disable User operation did not work as expected. This issue has been resolved. Provisioning and reconciliation of user status data now works as expected.
8608914 In earlier releases, the reconciliation query that you set as the value of the CustomizedReconQuery parameter of the IT resource was not correctly applied. This issue has been resolved. The CustomizedReconQuery parameter of the IT resource has been replaced by the SearchFilter attribute of the scheduled task.

See Section 3.3.2, "Limited Reconciliation" for information about the SearchFilter attribute.

8686335 The full DN was not provided for selection of the OU while setting or modifying an access policy. The outcome was that users were sometimes provisioned to an OU different from the one selected in the access policy. This issue has been resolved. The full DN is displayed for selection of the OU while setting or modifying access policies. The OU you select is the OU that is used for the provisioning operation.
8703234 The Create User provisioning operation failed if you tried to provision users in an organization object. The operation was successful if you created users in an organizational unit object. This issue has been resolved. Through Create User provisioning operations, you can create users in both organizations and organizational units.
8864051 A Create User provisioning operation could not be performed if you were also trying to assign the user to a group that had the backslash (\) character in its name. This issue has been resolved. You can now assign users to groups that contain the backslash character in their names.

Software Updates in Release 9.0.4.4

The following are software updates in release 9.0.4.4:

Support for Provisioning Organizational Units, Groups, and Roles Using Multiple Object Classes

By default, newly created organization units, groups, and roles on the target system are assigned to organization unit, group, and role object classes, respectively.

From this release onward, organization units, groups, and roles can be provisioned using multiple object classes.

See the "Adding Custom Object Classes for Provisioning" section for more information.

Support for Adding Custom Attributes for Trusted Source Reconciliation

By default, during trusted source reconciliation, the connector reconciles only the attributes listed in the "Reconciled Xellerate User (OIM User) Fields" section. From this release onward, the connector enables you to add custom attributes for trusted source reconciliation.

See the "Adding New Attributes for Trusted Source Reconciliation" section for more information.

Resolved Issues

The following are issues resolved in release 9.0.4.4:

Bug Number Issue Resolution
5695644 During a Create eDirectory Group provisioning operation, in the Organization Unit process form field, if you entered an organization unit that did not exist in the target system, then an error message was displayed that did not provide sufficient details to identify the cause of the error. This issue has been resolved. During a Create eDirectory Group provisioning operation, if you do not specify an organization unit that does not exist in the target system, then the following error message is displayed:

Organization unit for new group does not exist in the target system

8583836 A case-sensitive check was performed on the ReconMode attribute in the Code Key column of the Lookup.EDIR.Organization and Lookup.EDIR.UserGroup lookup definitions. If the case (uppercase or lowercase) of the ReconMode attribute did not match the case of the attribute name on the target system, then group and organization lookup reconciliation failed. This issue has been resolved. A case-sensitive check is not performed on the ReconMode attribute in the Code Key column of the Lookup.EDIR.Organization and Lookup.EDIR.UserGroup lookup definitions.
8583865 By default, during the Create User provisioning operation, the Organization DN process form field displayed the Regular value. If you continued with the provisioning operation without specifying the correct value in the Organization DN field, then the provisioning operation failed. The invalid naming exception was thrown. This issue has been resolved. The Organization DN field on the process form displays no value. Therefore, an appropriate value must be specified to proceed with provisioning operation. If no value is specified for this field, then the following error message is displayed:

Insufficient user information provided

8586122 The status of the Delete User task was Rejected when the connector was configured for identity reconciliation (trusted source) mode. In addition, the status of the user remained at provisioned even after the corresponding OIM User was deleted. This issue has been resolved. After the Delete User operation, the status of the user changes to Revoked and Delete User task changes to Completed.
8590100 When the password of the OIM User was changed, the Update Password task was not triggered. This issue has been resolved. The Update Password task is triggered when you change the password of an OIM User.
8597067 A naming exception was encountered if the User ID field contained a special character that was not supported by the target system. This exception did not provide sufficient details to identity the cause of the error. This issue has been resolved. The following error message is displayed if the User ID field contains a special characters that are not supported by the target system:

The naming attribute contains special characters that are not supported by target


Software Updates in Release 9.0.4.3

The following are issues resolved in release 9.0.4.3:

Bug Number Issue Resolution
8433456 During trusted source reconciliation, two reconciliation events were created for each user record fetched from the target system. This issue has been resolved. Only a single reconciliation event is created for each user record fetched from the target system.

The Last Recon Target TimeStamp and Last Recon Trusted TimeStamp parameters have been added in the IT resource.

The Last Recon TimeStamp parameter has been removed from the IT resource.

See the section on configuring the IT resource for more information.

The TargetResourceObjectName and TrustedResourceObjectName attributes have been added in the scheduled task.

See "User Reconciliation Scheduled Task" for more information.


Software Updates in Release 9.0.4.2

The following are software updates in release 9.0.4.2:

Using the Connector Installer

From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.

See "Installing the Connector on Oracle Identity Manager Release 9.1.0.x and Release 11.1.x" for details.

Software Updates in Release 9.0.4.1

The following are software updates in release 9.0.4.1:

Changes in the Directory Structure of the Connector Files on the Installation Media

The eDirProv.jar file has been split into two files, eDirProv.jar and eDirRecon.jar. Corresponding changes have been made in the following sections:

  • Files and Directories On the Installation Media on page 1-6

  • Determining the Release Number of the Connector on page 1-7

  • Using External Code Files on page 2-2

  • Running Test Cases on page 5-1

Documentation-Specific Updates

The following sections discuss documentation-specific updates:

Documentation-Specific Updates in Release 9.0.4.14

The following documentation-specific update has been made in revision "14" of release 9.0.4.14:

The names of properties listed in Step 12 of Section 2.3.1.1, "Tagging Form Fields" have been modified.

The following documentation-specific update has been made in revision "13" of release 9.0.4.14:

In Table 1-1, "Certified Components" the "Oracle Identity Manager" row has been modified.

The following are documentation-specific updates in revision "12" of release 9.0.4.14:

The following are documentation-specific updates in revision "11" of release 9.0.4.14:

The following are documentation-specific updates in earlier revisions of release 9.0.4.14:

Documentation-Specific Updates in Release 9.0.4.12

The following documentation-specific updates have been made in release 9.0.4.12:

Documentation-Specific Updates in Release 9.0.4.5

Major changes have been made in the structure of the guide. The objective of these changes is to improve the usability of the guide.

Documentation-Specific Updates in Release 9.0.4.4

The following documentation-specific updates have been made in release 9.0.4.4:

Documentation-Specific Updates in Release 9.0.4.3

The following documentation-specific updates have been made in release 9.0.4.3:

Documentation-Specific Updates in Releases 9.0.4.1 and 9.0.4.2

The following documentation-specific updates have been made in releases 9.0.4.1 and 9.0.4.2:

  • In "Lookup Fields Reconciliation Scheduled Task" on page 4-5, the description of the CodeKeyLTrimStr attribute has been modified.

  • In the "Configuring the Connector for Multiple Installations of the Target System" section, UD_EDIR_OU, UD_EDIR_RL, and UD_EDIR_GR have been added to the list of process forms that are created when you import the connector XML file.

  • There are no known issues associated with this release of the connector. Points that were earlier listed in the "Known Issues" chapter have been moved to "Guidelines to Be Applied While Using the Connector" on page 3-14.