This chapter provides an overview of the updates made to the software and documentation for the Novell eDirectory connector in release 9.0.4.14.
Note:
Release 9.0.4.14 of the connector comes after release 9.0.4.12. Release number 9.0.4.13 has not been used.The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss software updates:
The following are resolved issues in release 9.0.4.14:
| Bug Number | Issue | Resolution |
|---|---|---|
| 13253177 | The connector revoked all net addresses restrictions of a user during provisioning operations. | This issue has been resolved. |
| 9824698 | When attempting to disable or modify a user, the updates were not made in Novell eDirectory due to LDAP error code. | This issue has been resolved. |
| 10199421 | When a provisioned attribute value is set to empty string in Oracle Identity Manager, the attribute value was also nullified on the target system.
There was no option to remove the attribute from the user on the target system. |
This issue has been resolved. |
| 10357910 | If the eDirectory Organization Lookup Reconciliation Task scheduled task was run, the task was indicated as success without any error/exception. However, the result was empty, it was not populating any entries. | This issue has been resolved. |
| 16484995 | Provisioning groups in LDAP containing large number of users took a very long time to complete. | This issue has been resolved. |
| 16623193 | When attempting to revoke an account from an eDirectory configured with Org DN prefix "o", the operation failed with an error. | This issue has been resolved. |
| 9258623 | You specify the port number of the target system host computer as the value of the Port IT resource parameter. The following issues were related to this feature:
|
Both issues have been resolved:
|
| 9667788 and 9772198 | The Move User provisioning operation did not work correctly. | This issue has been resolved. The Move User provisioning operation now works as expected. |
| 9504505 | The Add User to Group and Remove User from Group provisioning operations failed if the domain name was in the format shown in the following example:
The operation did not fail if the domain name was in a format such as the following:
|
This issue has been resolved. The Add User to Group and Remove User from Group provisioning operations work for both formats of the domain name. |
| 9675680 | The AttrTask attribute of the scheduled tasks for lookup field synchronization is used to hold the naming attribute of the object on the target system.
During lookup field synchronization, a NullPointerException was encountered if the object (specified as the value of the AttrTask attribute) was not present in the target system. |
This issue has been resolved. |
The following are the software updates in release 9.0.4.12:
From this release onward, the connector can be installed and used on Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.
See Section 1.1, "Certified Components" for the full list of certified Oracle Identity Manager releases.
From this release onward, the connector provides support for request-based provisioning on Oracle Identity Manager 11g release 1 (11.1.1).
See Section 3.6.1.2, "Request-Based Provisioning" for more information.
The following are software updates in release 9.0.4.5:
Change in the Minimum Oracle Identity Manager Release Requirement
Support for Reconciliation and Provisioning of Groups and Roles
Separate Scheduled Tasks for User, Group and Role Reconciliation and Lookup Field Synchronization
Support for Reconciliation and Provisioning of Home Directories
Addition of the GUID to the Standard Set of User, Group, and Role Attributes
From this release onward, Novell eDirectory 8.8 has been added to the list of certified target system versions. This version is mentioned in Section 1.1, "Certified Components."
In earlier releases, the minimum Oracle Identity Manager release requirement was release 8.5.3.1. From this release onward, the minimum requirement is Oracle Identity Manager release 9.0.3.2. This change has been made in Section 1.1, "Certified Components."
From this release onward, the connector supports reconciliation and provisioning of groups and roles from the target system. This is in addition to support for single-valued and multivalued user attributes.
See the following sections for information about the group and role object attributes that are mapped by the connector:
In earlier releases, the connector supported reconciliation and provisioning of only standard single-valued and multivalued user attributes. From this release onward, the connector can be configured to reconcile from and provision to custom single-valued and multivalued attributes of users, groups, and roles.
See Chapter 4, "Extending the Functionality of the Connector" for more information.
Separate scheduled tasks have been introduced for lookup field synchronization and user, group, and role reconciliation. See the following sections for more information:
From this release onward, the connector can be configured to work with high-availability target system environments.
See Section 1.4.10, "Support for High-Availability Configuration of the Target System" for more information.
From this release onward, you can use the PageSize entry in the Lookup.EDIR.Configuration lookup definition to implement paged reconciliation.
See Section 1.4.4, "Support for Paged Reconciliation" for more information.
From this release onward, you can configure transformation of data during reconciliation.
See Section 1.4.8, "Support for Transformation of Data During Reconciliation" for more information.
From this release onward, the connector supports reconciliation and provisioning of Home directories for users. The procedure to enable and use this feature is optional.
See Section 1.4.9, "Support for Reconciliation and Provisioning of Home Directories" for more information.
New lookup definitions have been introduced in this release. These lookup definitions are described in Section 1.5, "Lookup Definitions Used During Reconciliation and Provisioning."
The logging feature has been enhanced in this release.
See Section 2.3.6, "Enabling Logging" for information about this feature.
From this release onward, the GUID attribute has been added to the standard set of user, group, and role attributes. This attribute is used to uniquely identify a user, group, or role record during reconciliation and provisioning operations.
See Section 1.5, "Connector Objects Used During Reconciliation and Provisioning" for information about attribute mappings.
To facilitate reuse and customization of some parts of the connector code, Javadocs are included in the connector deployment package.
The following are issues resolved in release 9.0.4.5:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8495610 and 8687094 | During a provisioning operation, a user's home directory could not be created on a computer running Novell Netware. | This issue has been resolved. A user's home directory can be created on a computer running Novell Netware.
Note: In the Home Directory Name field on the Administrative and User Console, you can enter either the name of the home directory or the full path and name of the home directory. The directory path that you specify must exist on the target system. The following are sample values for the Home Directory Name field:
|
| 8602804 | The Disable User operation did not work as expected. | This issue has been resolved. Provisioning and reconciliation of user status data now works as expected. |
| 8608914 | In earlier releases, the reconciliation query that you set as the value of the CustomizedReconQuery parameter of the IT resource was not correctly applied. | This issue has been resolved. The CustomizedReconQuery parameter of the IT resource has been replaced by the SearchFilter attribute of the scheduled task.
See Section 3.3.2, "Limited Reconciliation" for information about the SearchFilter attribute. |
| 8686335 | The full DN was not provided for selection of the OU while setting or modifying an access policy. The outcome was that users were sometimes provisioned to an OU different from the one selected in the access policy. | This issue has been resolved. The full DN is displayed for selection of the OU while setting or modifying access policies. The OU you select is the OU that is used for the provisioning operation. |
| 8703234 | The Create User provisioning operation failed if you tried to provision users in an organization object. The operation was successful if you created users in an organizational unit object. | This issue has been resolved. Through Create User provisioning operations, you can create users in both organizations and organizational units. |
| 8864051 | A Create User provisioning operation could not be performed if you were also trying to assign the user to a group that had the backslash (\) character in its name. | This issue has been resolved. You can now assign users to groups that contain the backslash character in their names. |
The following are software updates in release 9.0.4.4:
Support for Provisioning Organizational Units, Groups, and Roles Using Multiple Object Classes
Support for Adding Custom Attributes for Trusted Source Reconciliation
By default, newly created organization units, groups, and roles on the target system are assigned to organization unit, group, and role object classes, respectively.
From this release onward, organization units, groups, and roles can be provisioned using multiple object classes.
See the "Adding Custom Object Classes for Provisioning" section for more information.
By default, during trusted source reconciliation, the connector reconciles only the attributes listed in the "Reconciled Xellerate User (OIM User) Fields" section. From this release onward, the connector enables you to add custom attributes for trusted source reconciliation.
See the "Adding New Attributes for Trusted Source Reconciliation" section for more information.
The following are issues resolved in release 9.0.4.4:
| Bug Number | Issue | Resolution |
|---|---|---|
| 5695644 | During a Create eDirectory Group provisioning operation, in the Organization Unit process form field, if you entered an organization unit that did not exist in the target system, then an error message was displayed that did not provide sufficient details to identify the cause of the error. | This issue has been resolved. During a Create eDirectory Group provisioning operation, if you do not specify an organization unit that does not exist in the target system, then the following error message is displayed:
|
| 8583836 | A case-sensitive check was performed on the ReconMode attribute in the Code Key column of the Lookup.EDIR.Organization and Lookup.EDIR.UserGroup lookup definitions. If the case (uppercase or lowercase) of the ReconMode attribute did not match the case of the attribute name on the target system, then group and organization lookup reconciliation failed. | This issue has been resolved. A case-sensitive check is not performed on the ReconMode attribute in the Code Key column of the Lookup.EDIR.Organization and Lookup.EDIR.UserGroup lookup definitions. |
| 8583865 | By default, during the Create User provisioning operation, the Organization DN process form field displayed the Regular value. If you continued with the provisioning operation without specifying the correct value in the Organization DN field, then the provisioning operation failed. The invalid naming exception was thrown. |
This issue has been resolved. The Organization DN field on the process form displays no value. Therefore, an appropriate value must be specified to proceed with provisioning operation. If no value is specified for this field, then the following error message is displayed:
|
| 8586122 | The status of the Delete User task was Rejected when the connector was configured for identity reconciliation (trusted source) mode. In addition, the status of the user remained at provisioned even after the corresponding OIM User was deleted. |
This issue has been resolved. After the Delete User operation, the status of the user changes to Revoked and Delete User task changes to Completed. |
| 8590100 | When the password of the OIM User was changed, the Update Password task was not triggered. | This issue has been resolved. The Update Password task is triggered when you change the password of an OIM User. |
| 8597067 | A naming exception was encountered if the User ID field contained a special character that was not supported by the target system. This exception did not provide sufficient details to identity the cause of the error. | This issue has been resolved. The following error message is displayed if the User ID field contains a special characters that are not supported by the target system:
|
The following are issues resolved in release 9.0.4.3:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8433456 | During trusted source reconciliation, two reconciliation events were created for each user record fetched from the target system. | This issue has been resolved. Only a single reconciliation event is created for each user record fetched from the target system.
The Last Recon Target TimeStamp and Last Recon Trusted TimeStamp parameters have been added in the IT resource. The Last Recon TimeStamp parameter has been removed from the IT resource. See the section on configuring the IT resource for more information. The TargetResourceObjectName and TrustedResourceObjectName attributes have been added in the scheduled task. See "User Reconciliation Scheduled Task" for more information. |
The following are software updates in release 9.0.4.2:
From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.
See "Installing the Connector on Oracle Identity Manager Release 9.1.0.x and Release 11.1.x" for details.
The following are software updates in release 9.0.4.1:
The eDirProv.jar file has been split into two files, eDirProv.jar and eDirRecon.jar. Corresponding changes have been made in the following sections:
Files and Directories On the Installation Media on page 1-6
Determining the Release Number of the Connector on page 1-7
Using External Code Files on page 2-2
Running Test Cases on page 5-1
The following sections discuss documentation-specific updates:
The following documentation-specific update has been made in revision "14" of release 9.0.4.14:
The names of properties listed in Step 12 of Section 2.3.1.1, "Tagging Form Fields" have been modified.
The following documentation-specific update has been made in revision "13" of release 9.0.4.14:
In Table 1-1, "Certified Components" the "Oracle Identity Manager" row has been modified.
The following are documentation-specific updates in revision "12" of release 9.0.4.14:
Information regarding logger name has been updated in Section 2.3.6.2, "Enabling Logging on Oracle Identity Manager Release 11.1.x"
The Destination Directory path to import XML files for trusted source reconciliation has been updated in Section 2.3.10, "Configuring Trusted Source Reconciliation"
Information about the attributes that are added when a user is assigned a role has been updated in Section 1.6.1, "User Attributes for Target Resource Reconciliation and Provisioning"
The following are documentation-specific updates in revision "11" of release 9.0.4.14:
The "Oracle Identity Manager" row in Table 1-1, "Certified Components" has been modified.
The following sections have been added:
Instructions specific to Oracle Identity Manager release 11.1.2.x have been added in the following sections:
The following are documentation-specific updates in earlier revisions of release 9.0.4.14:
The structure of Section 2.1, "Preinstallation" has been changed to include Section 2.1.1, "Preinstallation on Oracle Identity Manager" and Section 2.1.2, "Preinstallation on the Target System." In addition, Section 2.1.2.1, "Installing Role Based Services" has been added.
In Section 3.3.1, "Full Reconciliation vs. Incremental Reconciliation," the value to be set to the time-stamp parameter to perform full reconciliation has been changed.
In Chapter 6, "Known Issues," issues tracked by bugs 11802703 and 11821981 have been added.
The following documentation-specific updates have been made in release 9.0.4.12:
The "Description" column has been removed from Table 1-9, "Provisioning Functions".
Section 3.4.1, "Configuring Scheduled Tasks on Oracle Identity Manager Release 9.0.1 through 9.0.3.2" has been added.
Major changes have been made in the structure of the guide. The objective of these changes is to improve the usability of the guide.
The following documentation-specific updates have been made in release 9.0.4.4:
A note has been added in the "Provisioning Functions" section.
In the "Enabling Logging" section, all instances of the log4j.logger.XL_INTG.eDirectory= entry have been replaced with log4j.logger.XL_INTG.EDIRECTORY=.
The following sections have been added:
In the "Delete User Errors" section, text in the Solution column has been modified.
The following documentation-specific updates have been made in release 9.0.4.3:
The "Configuring the Connector for Multiple Installations of the Target System" section has been removed from the "Extending the Functionality of the Connector" chapter.
The following documentation-specific updates have been made in releases 9.0.4.1 and 9.0.4.2:
In "Lookup Fields Reconciliation Scheduled Task" on page 4-5, the description of the CodeKeyLTrimStr attribute has been modified.
In the "Configuring the Connector for Multiple Installations of the Target System" section, UD_EDIR_OU, UD_EDIR_RL, and UD_EDIR_GR have been added to the list of process forms that are created when you import the connector XML file.
There are no known issues associated with this release of the connector. Points that were earlier listed in the "Known Issues" chapter have been moved to "Guidelines to Be Applied While Using the Connector" on page 3-14.