| Oracle® Identity Manager Connector Guide for UNIX Telnet Release 9.0.4 Part Number E10448-06 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for UNIX Telnet Release 9.0.4 Part Number E10448-06 |
|
|
View PDF |
This chapter provides an overview of the updates made to the software and documentation for the UNIX Telnet connector in release 9.0.4.7.
See Also:
The earlier release of this guide for information about updates that were new for that releaseThe updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss software updates made from release 9.0.4 to the current release of the connector:
The following are software updates in release 9.0.4.2:
In the "Testing and Troubleshooting" chapter, the following attributes have been added to the list of testing utility attributes:
passwdMirrorFilePath: This parameter is used to specify the passwd mirror file path for reconciliation.
shadowMirrorFilePath: This parameter is used to specify the shadow mirror file path for reconciliation.
targetDateFormat: This parameter is used to specify the date format of the target UNIX computer.
The action attribute now supports additional parameters. The values can be any one of the following:
CONNECT
CREATE
CHANGEPASSWORD
MODIFY
DELETE
DISABLE
ENABLE
ENABLETRUSTED (only for HP-UX trusted mode)
Corresponding changes have been made in the following sections:
The following are the other software changes made in this release:
In the "Enabling Logging" section, the name of the adapter for this connector has been changed from ADAPTERS.TELNETSSH to OIMCP.TELNETSSH.
In the "Compiling Adapters" section, the SSH updateHomeDir adapter has been added to the list of adapters.
In the IT resource definition, the following parameters have been removed:
Login Prompt
Password Prompt
Target Locale
Supported Character Encoding (en_US) – Target
The following scheduled task attributes have been converted into IT resource parameters:
Passwd Mirror File/User Mirror File
Shadow Mirror File
Target Date Format
The following table lists issues resolved from release 9.0.4.1 to this release of the connector:
| Bug Number | Issue | Resolution |
|---|---|---|
| 6375896 | Target resource reconciliation threw exceptions when users were reconciled from Linux using a SUDO admin user. | Target resource reconciliation issues related to Linux used in the SUDO mode have been resolved. |
| 6609731 | The Supported Character Encoding and Target Locale IT resource parameters were not used by the connector. |
The Supported Character Encoding and Target Locale IT resource parameters have been removed. |
| 6642345 | The connection retry feature of the connector was not working correctly. | Issues related to the connection retry feature have been resolved. |
| 6680047 | If a connection retry attempt was made, then previous sessions were not released and new sessions were established each time. | Connectivity issues related to session leakage have been resolved. |
| 6728741 | An incorrect response was received from the connector if the username value was greater than 8 characters and the Create Home directory check box was selected. | The responses received from the connector have been corrected. |
| 6742869 | A user could not be provisioned if there were spaces in value of the GECOS field. | Spaces are now allowed in the GECOS field. |
| 6766705 and 6801405 | The status of the resource object stayed at Provisioned even when provisioning tasks were rejected. |
Issues related to the resource object status and response during provisioning have been resolved. |
| 6786399 | The connector was unable to handle responses from target systems running a non-English locale. | Responses from target systems running a non-English locale are now handled correctly. |
| 6801537 | During reconciliation, temporary files were created in the /etc directory. |
During reconciliation, temporary files are now created in the /tmp folder. |
| 6837471 | A user could not be provisioned with spaces in the values of any of the user attributes. | Spaces are now allowed in many of the user attributes. |
| 5180204 | On AIX computers, the connector was not able to reconcile a large number of records. | Issues related to the reconciliation of a large number of users on AIX have been resolved. |
| 5502324 | Date format parsing errors were encountered during reconciliation. | The date format parsing error that was encountered during the user reconciliation has been resolved. |
| 5503100 | The message displayed when the user name had multibyte characters during a Create User provisioning operation was incorrect. | The message displayed when the user name has multibyte characters during a Create User provisioning operation has been modified. |
| 5647992 | On Linux, Solaris, and AIX computers, the Home Directory attribute could not be updated. | The Home Directory attribute is updated correctly on Linux, Solaris, and AIX targets. |
| 5180227 | The IT Resources contained two redundant parameters, Login Prompt and Password Prompt. |
The Login Prompt and Password Prompt IT resource parameters have been deleted. |
| 6604117 | The Password and Confirm Password fields on the process form were not encrypted. | The Password and Confirm Password fields have been modified to accept encrypted values. |
| 6310073 | During provisioning, if user creation on the target system failed at some stage, then the user was not cleaned up from the target system although the status of the resource was Provisioning. When this happened, another user with the same name could not be provisioned. |
During provisioning, if the user is not created properly on the target, then the user is deleted from the target system and the resource object status is set to Provisioning. |
The following updates have been made in release 9.0.4.3:
The Primary Group Name field on the process form has been converted into a lookup field. During a provisioning operation, you can now select a primary group instead of entering the name of the group. The TelnetSSHGroupLookupReconTask scheduled task has been added to reconcile (synchronize) the values in the lookup definition with primary group names in the target system.
The name of the target resource reconciliation scheduled task has been changed from Telnet User Non Trusted Reconciliation task to Telnet Target Resource User Reconciliation Task.
The level of detail has been increased for data logged when you set the log level to DEBUG. With this log level, it is now easier to track down the cause of an error recorded in the log file.
In the "Known Issues" chapter, the following point has been added:
Bug 7172629
For a particular provisioning operation or reconciliation run, if the connector fails to establish a connection with the target system, then subsequent retries to establish a connection would fail. The number of retries is determined by the value specified for the MaxRetry IT resource parameter.
After the cause of the connection failure is corrected, the connection attempt is successful for the next provisioning operation or reconciliation run.
The following table lists issues resolved from release 9.0.4.1 to this release of the connector:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7121688 | On AIX 5.3, the TELNET_USERUID_SIZE_FAIL or TELNET_USER_FAIL exception was thrown if you tried to update the User Login attribute through a provisioning operation. |
This issue has been resolved. You can now update the User Login attribute through a provisioning operation.
Note: The Update User Login provisioning operation is not supported by default on AIX 4.x and 5.1. However, if you upgrade these versions of AIX to support the useradd, usermod, and userdel commands, then you can perform the Update User Login provisioning operation. |
| 7143486 | If a reconciliation run ended in an exception, then the connection with the target system was not closed. | This issue has been resolved. The connection with the target system is closed even if a reconciliation run ends in an exception. |
The following is a software update in release 9.0.4.4:
From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.
See "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later" for details.
The following are software updates in release 9.0.4.5:
In the IT resource, the Whether SUDO Admin Mode parameter has been renamed to Sudo Or RBAC.
See the "Deploying the Connector" chapter for information about these parameters.
The following table lists issues resolved in release 9.0.4.5:
| Bug Number | Issue | Resolution |
|---|---|---|
| 5503263 | The "Create Home Directory" field is a check box on the Administrative and User Console. If you selected this check box, the numeral 1 was displayed on the page that summarizes input you provide during provisioning operations. | The check box has been changed to a radio button. If you select the "Create Home Directory" option, then the word "Yes" is displayed on the page that summarizes input. If you do not select the option, then the word "No" is displayed. |
| 7172629 | The Max Retries parameter of the IT resource was not used when the connection between Oracle Identity Manager and the target system failed. |
If the connection fails, then the connector attempts to reestablish a connection up to the number of times specified by the Max Retries parameter. |
| 7210292 | The home directory of a Telnet account was not deleted when you revoked the account. | The home directory of a Telnet account is deleted when you revoke the account. |
| 7225692 | To stop a scheduled task, you use the Stop Execution option in the Design Console. This option did not work in earlier releases. | You can now use the Stop Execution option to stop scheduled tasks.
Note: When you stop a batched reconciliation run, reconciliation stops at the end of the current batch. |
| 7237286 | A Telnet account could not be provisioned on the Linux target system. | You can now provision Telnet accounts on the Linux target system. |
The following table lists issues resolved in release 9.0.4.6:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7503701 | The target system does not allow you to delete a user who is logged in to the system. This is expected behavior. However, even when the target system did not allow the deletion of a user, the status of the user (resource) on Oracle Identity Manager was changed to Deleted (Revoked). | This issue has been resolved. If the target system does not allow the deletion of a user, then an appropriate message is displayed as the outcome of the Delete User provisioning operation.
The item describing this issue has been removed from the "Known Issues" chapter. |
The following are software updates in release 9.0.4.7:
From this release onward, the connector adds supports for Oracle Enterprise Linux 5.2 as a target system.
This target system version is mentioned in "Verifying Deployment Requirements".
The following table lists issues resolved in release 9.0.4.7:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7520249 | During reconciliation, you could not transform values of the target system field before they were stored in Oracle Identity Manager. | This issue has been resolved. You can now transform the values of the target system fields before they are stored in Oracle Identity Manager.
See the "Transforming Data Reconciled Into Oracle Identity Manager" section in the connector guide for more information. |
| 7563415 | During reconciliation, the Group Name field was reconciled as a number and not as the exact name because it was stored directly as the group ID in the target system. | This issue has been resolved. During reconciliation, the exact name of the Group Name field is reconciled. |
| 8396795 | During connector deployment, the lib/xliTenet.jar file on the installation media was not automatically copied into the OIM_HOME/xellerate/ScheduleTask directory. | This issue has been resolved. The lib/xliTelnet.jar file is now automatically copied to the OIM_HOME/xellerate/ScheduleTask directory. |
The following sections discuss documentation-specific updates made from release 9.0.4 to the current release of the connector:
The following documentation-specific updates have been made in releases 9.0.4.1 through 9.0.4.4:
In the "Configuration Steps for AIX" section, the command to create a user mirror file on the server has been changed.
In the "Configuration Steps for HP-UX" section, the procedure has been modified.
In the "Compiling Adapters" section, the list of adapters has been updated.
Changes have been made in the following sections:
In the "Known Issues" chapter, the following items have been added:
A reconciliation run stops if the scheduled task code encounters target system user data containing the character or characters that are same as the shell prompt of the target system.
From the "Known Issues" chapter, the following item has been removed:
When you configure an IT resource for a Telnet user account and then directly provision it to a user, the Create User Task function is rejected. The user account is not created on the target system. The following message is displayed:
"TELNET_USERCREATION_NOTCONNECTED_FAIL not able to connect successfully to the Target System Server".
The following are documentation-specific updates in release 9.0.4.5:
In the "Deploying the Connector" chapter, the Protocol parameter has been added in the table that describes the IT resource parameters.
In the "Known Issues" chapter:
Bug numbers have been added for all the known issues.
The following guidelines have been moved from the "Known Issues" chapter to other parts of this guide:
This connector does not support logins that differ by case only. It also requires all logins to be distinct considering that their values are automatically converted to uppercase by Oracle Identity Manager.
For example, the user logins jdoe and JDOE would be considered different on a UNIX server. However, from Oracle Identity Manager, the input would always be passed as JDOE, because user ID values are stored only in uppercase in Oracle Identity Manager.
During provisioning, the maximum permitted date value for account expiry is 31/12/2099.
The following point has been removed from the "Known Issues" chapter:
The Update Secondary Group Names and Update User Login functions do not work simultaneously.
At some places in this guide, corrections have been made to address some documentation issues.
The following are documentation-specific updates in release 9.0.4.7:
Changes have been made in the following sections:
Section 3.4, "Transforming Data Reconciled Into Oracle Identity Manager" has been added.
The following point has been removed from the "Known Issues" chapter:
During reconciliation, the Group Name field is reconciled as a number and not as the exact name because it is stored directly as the group ID in the target system.
The following appendixes have been added:
Appendix B, "Privileges Required for Performing Provisioning and Reconciliation"
In the "Verifying Deployment Requirements" section, changes have been made in the "Target systems" row.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
