Identity Manager Designer 4.5 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forums, our community Web site that also includes product notifications, blogs, and product user groups.
You can upgrade to Designer 4.5 from Designer 4.0.1 or later, or perform a new installation. Designer 4.5 includes all fixes and features addressed in Designer 4.0.2 Auto Update releases. For information about what’s new in previous releases, see the “Previous Releases” section in the Identity Manager Documentation Web site.
The documentation for this product and the latest release notes are available on the NetIQ Web site on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site.
To download this product, see the Identity Manager Product Web site.
The following outline the key features and functions provided by this version, as well as what have changed in this release:
Designer 4.5 works natively on 64-bit systems. The Designer Installer installs the appropriate versions (32 bit or 64 bit) depending on the platform.
Designer 4.5 now uses Eclipse 4.3.
These policy sets are visible for drivers with engine version 4.0.2 Patch 3 or later.
Designer now sets up necessary rights for running a job during job deploys.
However, you can still import icons into Designer.
This option is available only for Filter attributes on the subscriber channel. It allows you to assign a higher priority to the selected attribute and have it processed before the other attributes that are in the queue.
For more information about the Option, refer to Changing the Filter Settings in the NetIQ Identity Manager Policies in Designer Guide.
You can also create resource sub-containers while importing resources from a CSV file.
This includes: move package deprecation as the 1st point.
Package Deprecation Capability: Designer now supports deprecating packages. Designer polls for list of deprecated packages during online package updates, and notifies the users of the deprecations in all package manager operations, as required.
You can now view package readme during package upgrades.
Designer now prompts for migrating linkages at startup for older projects.
Designer now supports creating and deploying schema attributes with syntax "Integer 64".
Designer now automatically updates the eDirectory schema during deploy operations when required. For example, it adds the DirXML-pkgLinkages attribute is to the eDirectory schema if it is not present while deploying.
For information about prerequisites, computer requirements, installation, upgrade or migration, see Considerations and Prerequisites for Installation in the NetIQ Identity Manager Setup Guide.
After you purchased Identity Manager 4.5, log in to the Identity Manager Product Web site and follow the link that allows you to download the software. The following files are available:
Table 1 Identity Manager ISO Images
|
ISO |
Platform |
Description |
|---|---|---|
|
Identity_Manager_4.5_Windows.iso |
Windows |
Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, Identity Reporting Module, and Identity Applications. |
|
Identity_Manager_4.5_Linux.iso |
Linux |
Contains the DVD image for Identity Manager server, Designer, iManager, Analyzer, Identity Reporting Module, and Identity Applications. |
You can install Designer using the product installer or through integrated installation program that bundles the latest versions of all necessary components for Identity Manager. For more information about prerequisites, computer requirements, installation, or upgrade, see Installing Designer in the NetIQ Identity Manager Setup Guide.
To download the installation kits, see the NetIQ Downloads Web Site.
You can upgrade to Designer 4.5 from Designer 4.0.2 or 4.0.1 using the Designer installation program. For the supported upgrade paths for 4.5, see Preparing to Upgrade Identity Manager in the NetIQ Identity Manager Setup Guide.
You cannot use the integrated installation process to upgrade an existing installation of Designer. For more information, see Upgrading Identity Manager in the NetIQ Identity Manager Setup Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
When you are installing on a path where there are double-byte characters and if your operating system is running the English version of Windows with the East Asian Language Packs installed, the install package throws an error, saying that it cannot extract the compressed file. There are known issues with using double-byte character sets (DBCS) in Windows file paths that come from the operating system (OS) vendor or the install framework vendor. Alternatively, you can install to DBCS paths, when you are installing to a localized version of the operating system.
The following warning messages appear on the SUSE Linux Enterprise Desktop ( SLED 11) platform:
Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: cannot open shared object file: No such file or directory
Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directory
It is safe to ignore these messages. (492755, 494258)
Issue: This issue occurs because a previous version of NICI might not have uninstalled properly and might have some residual files left on the file system. (542862)
Workaround: To work around the issue, remove all the NICI files from the system and reinstall Designer.
Issue: Sometimes, if the path of the Designer executable is too long, the following error message appears while installing Designer:
Error Executing the Specific Program
C:\Users\Administrator\AppData\Local\Temp\pftE915~tmp\Disk1\Setup.exe -s -f1C:\Users\Administrator\Desktop\designer_cdimage_win\linux\final\designer_win32\designer_install\components\nici\wcniciu0.iss -f2C:\Users\Administrator\AppData\Local\Temp\designerNici.log
Though this error message is displayed, Designer installation completes successfully, however NICI fails to install. (633185)
Workaround: To work around this issue, manually install NICI by running the <Designer Install Location>\components\nici\wcniciu0.exe command.
If you install Designer 4.5 on an openSUSE server in a non-English environment, the installer does not create a Designer shortcut icon on the desktop. (751561)
Issue: If you convert Designer 3.5 project to Designer 4.5 after mounting the Designer 3.5 workspace in the local computer where Designer 4.5 is installed, the Project Converter does not convert the Designer 3.5 project. (658159)
Workaround: Copy the Designer 3.5 workspace to the local computer where Designer 4.5 is installed, and then run the Project Converter.
Issue: The internal Web browser does not work as expected because of XULRunner issues. (612438)
Workaround: Navigate to the external browser from . This brings up the iManager URL through the system default Web browser, such as Mozilla Firefox or Microsoft Internet Explorer.
Issue: When you create a project after importing it from a live system in Designer, Designer does not set the ports correctly in the Identity Vault Properties view. (680745)
Workaround: Change the LDAP ports in the Identity Vault Properties view before deploying the imported project.
Designer does not support using job parameters of the dn-ref type as package prompts. If you are required to add a dn-ref job parameter as a package prompt, use a dn job parameter as a package prompt, instead. (806651, 777509)
In the Policy Builder, when you create a new rule and use a Query token in an action within the rule, you can only use the Argument Builder to specify a single attribute for the query to read. If you add more than one attribute, Designer uses only the most recently added attribute in the query.
If you must add multiple attributes to a Query token, you can either add attributes in Policy Builder without opening the Argument Builder or modify the XML to include the attributes you want to add.
To add attributes in Policy Builder, click the plus icon for each attribute you want to add and specify the attribute values you want to add into the fields. Do not click the icon. Click , and Policy Builder appends the attributes to the expression rather than replacing the existing attribute.
To add attributes in the XML, open the policy in Policy Builder, click the XML Source tab, and manually add the additional attributes as new token-text elements within the token-query element. (828001, 809728, 676701)
If you previously upgraded your Designer installation to Designer 4.5 and then used the Argument Builder to remove an argument from one of the several types of actions and add a new argument, the Argument Builder may not remove the previous argument from the action. With the duplicate argument, the action cannot function properly.
This issue affects the following actions:
append XML text (do-append-xml-text)
rename destination object (do-rename-dest-object)
rename source object (do-rename-src-object)
set operation class name (do-set-op-class-name)
set operation property (do-set-op-property)
set XML attribute (do-set-xml-attr)
status (do-status)
trace message (do-trace-message)
If you upgraded to 4.5 and modified one of the above actions in a policy rule, reopen the policy in Policy Builder, click the XML Source tab, and manually remove any duplicated arguments in the rule XML.
To avoid this issue, NetIQ Corporation recommends that you immediately upgrade your Designer environment to Designer 4.5 while modifying any of the above actions. (810407, 809428)
Issue: If you create a non-base package for a User Application driver in Designer and then upgrade to Designer version 4.5 AU3, Designer does not display the package in the Available Packages list when you install the User Application driver. (827294, 789499)
Workaround: To install the package, clear , select the appropriate package, and then click .
If you install a driver in Designer that includes at least one global configuration value (GCV) and then try to import a second version of the driver that has a modified version of the existing GCV, Designer displays a message saying the global variables could not be merged.
Designer does not currently support merging existing GCVs during the driver import process, irrespective of whether the conflicting GCVs are located on the driver, in the driver set, or in any GCV resource objects. (838471, 841105)
Issue: If you create a role or resource subcontainer in the Provisioning view Role Catalog, add a role or resource to that subcontainer, export the Role Catalog to an XML file, then delete the subcontainer and role or resource and attempt to recover the role or resource by importing from the XML file, the import does not recreate the role or resource. (846134, 846604)
Workaround: To import Role Catalog subcontainers and objects from an XML file, you must create a new User Application driver and import the XML file into that driver’s Role Catalog.
If you modify the order of linkages within a package, Designer does not recognize the package as being customized. Subsequently, if you update the package, Designer overwrites the modified linkage order with the linkage order specified in the updated package. (845207)
Issue: If you delete a container or subcontainer that contains roles and then attempt to deploy it, deployment fails. This is because, by design, a container or subconatainer that contains roles cannot be deleted. (846814, 846359)
Workaround:
Delete the roles contained in the container or subcontainer.
Deploy the container or subcontainer and wait for the Roles driver to delete the roles.
After the roles are deleted, delete the container or subcontainer.
Deploy the container containing the subcontainer that you deleted.
When you edit a notification template in the E-Mail Template Editor, an error message is displayed in the Error tab. For example, if you open an HTML e-mail template, such as the link and enter some text in the body tag, an error notification is displayed in the Error tab. (879626)
Issue: When you import provisioning objects (from XML files) from Resources in the Provisioning view, the containers and the objects inside them are neither imported successfully nor displayed in the Provisioning view, as expected. Instead, the containers are missing and only the resources are displayed. (847299)
Workaround: Import the provisioning objects (XML files) by right-clicking Role Catalog and not Resource. This ensures that the resource and resource containers are imported and displayed in the Provisioning view.
When you create two User Application drivers with the same name and perform an Update operation, a version control error is thrown. This is because of a conflict that occurs when one user commits the changes made to the project and at the same time, another user updates the same project.
For more information about managing packages in version control, refer to “Managing Packages Best Practices” in the NetIQ Designer for Identity Manager Administration Guide. (881818)
To work around this issue, follow the instructions mentioned in this Web site: http://blog.nanthrax.net/2012/07/change-tab-font-in-eclipse-juno/. (889167)
When you compare a newly created empty roles or resource sub-container (by clicking in Provisioning View), the Designer/eDir Object Compare window does not show the compare status as unequal. Instead, it shows equal. (890543)
NetIQ Corporation recommends that you do not run Designer with the gtk-qt-engine RPM installed, because it causes crashes and Designer theme issues. This RPM package is installed with SUSE Linux and some other Linux distributions.
If you must use the gtk-qt-engine RPM package, obtain the latest version that you can download from the KDE-Look Web site. Note that even with the latest version of the package, the Designer theme functionality might not be present.
To determine whether you have the gtk-qt-engine RPM package installed, enter:
rpm -qa|grep gtk-qt
If gtk-qt-engine appears in the list, run the following command as the root user to remove the package:
rpm -e gtk-qt-engine
To launch Designer, you must add the appropriate version of XULRunner to the Designer.ini file using the following steps:
Check the XULRunner version in the /usr/lib directory.
Open the Designer.ini file from the Designer installation directory.
If you are running SLED 10.3, add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.8.1.21/
If you are running SLED 11, add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
Save the Designer.ini file, then launch Designer. (617010)
Issue: If the 32-bit version of XULRunner is installed on a 64-bit Linux distribution, the JVM might crash when you launch Designer, when the Welcome Page displays, or when you view a Help topic. (748277, 749437)
Workaround:
Open the Designer.ini file located in the Designer installation directory.
Add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
Save the Designer.ini file, then launch Designer.
Issue: If the Welcome page is not displayed correctly on Linux, it is probably because your version of XULRunner is not compatible with Eclipse. Designer uses the embedded browser that XULRunner provides in a few places, including the Welcome page and the Help system.
Workaround: To download a compatible version of XULRunner:
Download the XULRunner installer for Linux from the Mozilla FTP site.
Unregister your current version of XULRunner by running the following command as root:
xulrunner --unregister-global
Follow the instructions to install XULRunner.
Restart Designer, then confirm that the Welcome page is working, as expected.
Issue: When you browse the Help content on the openSUSE 11.2 platform, it throws an exception. This is probably because your version of XULRunner is not compatible with Eclipse. (609379)
Workaround:
Download the xulrunner-1.8.1.3.en-US.linux-i686.tar file and install it on openSUSE 11.2.
Open the Designer.ini file from the Designer installation directory, then add the following line at the end:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner
Save the Designer.ini file, then restart Designer.
Issue: When you install Designer on an openSUSE 11.4 server, Designer does not display the Welcome page correctly. (754029)
Workaround: Install XULRunner 1.9.2 on the openSUSE server:
Open the Designer.ini file located in the Designer installation directory.
Add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9.2/
Save the Designer.ini file, then launch Designer.
Issue: When you perform a live import in Designer 4.5 that is running on eDirectory 8.8 SP7, Designer crashes. This is caused by a NICI library mismatch because Designer 4.5 is designed to work on eDirectory 8.8 SP8 that has NICI 2.7.7, whereas eDirectory 8.8 SP7 uses NICI 2.7.6. (872479)
Workaround: Either upgrade to eDirectory 8.8 SP8 or use the following procedure:
Stop Designer.
Execute the following command:
export LD_LIBRARY_PATH=/opt/novell/lib64/:/opt/novell/eDirectory/lib64/:/opt/novell/eDirectory/lib64/nds-modules/
Start Designer using the ./Designer command.
Do not use the StartDesigner.sh command.
Issue: Under the Resources List in the Role Editor, a read-only list of the associated resources is available along with the role. The information in this list is obtained and updated for all the roles when the Role Catalog is imported from eDirectory. You can see new resource associations but not the resource associations that have been removed in the User Application. (516730)
Workaround: Ensure that the deleted resource associations are removed from the Resources List:
Before performing a Live Import from the Role Catalog, go to the Navigator View, then navigate to the \MyProject\Model\Provisioning\AppConfig\RoleConfig\ResourceAssociations folder.
Remove all the files in the folder except the ResourceAssociations.digest file.
From the Provisioning View, select the Role Catalog object, then run the Live Import to import all of the resource associations again and to provide the updated correct information.
Issue: If you create a role or resource subcontainer, add one or more objects to the subcontainer, deploy the Role Catalog, and then delete the subcontainer and try to re-deploy the Catalog, Designer throws a java.lang.NullPointerException error message.
This issue occurs because Designer does not immediately delete role or resource objects when you delete those objects in the Role Catalog. Instead, Designer marks the objects for deletion by the Role and Resource Service Driver when the driver deploys the Catalog to the Identity Vault. (846814)
Workaround: Complete the following steps:
In the Provisioning view, right-click the role or resource object located in the subcontainer you want to delete and select .
Select , then click .
Right-click and select .
Click , then click .
To verify the Role and Resource Service Driver has deleted the role, log into iManager.
In iManager, click .
In the Tree, navigate to your User Application driver and expand .
Click the container where the role was previously stored. If the role is still in the container in the Identity Vault, refresh until the Role and Resource Service Driver removes the role.
In the Provisioning View in Designer, right-click the subcontainer you want to remove and select , then click .
Right-click and select .
Click , then click .
Issue: Designer currently displays deployment status incorrectly when you delete a role from the Role Catalog in Designer and then deploy the Catalog to the Identity Vault. In some instances, when the Role and Resource Service Driver successfully deletes a role from the Identity Vault, Designer incorrectly displays a failure message. At the same time, if the Role and Resource Driver is stopped, Designer incorrectly displays a success message. (846029, 847047)
Workaround: To verify that the Role and Resource Driver removed the role you deleted from the Identity Vault, complete the following steps:
Log in to iManager and click .
In the Tree, navigate to your User Application driver and expand .
Click the container where the role was previously stored.
When finished, close iManager.
Issue: If you install Designer 4.5 in your environment, import or create the User Application driver, and then upgrade or downgrade any of the User Application driver packages, Designer creates duplicate objects in the DAL, including objects in the User, Provisioning, Role, and Resource categories. Because of the duplicate objects, Designer does not deploy the driver to the live environment, and the driver does not function, as expected. (855670, 857475, 826765)
Workaround: Complete the following steps:
Start Designer.
When prompted to check for Designer updates, select and click .
Update your Designer installation to the 4.5 AU4 version.
Delete the existing User Application driver.
(Conditional) If the Identity Vault contains a previous version of the User Application driver, complete the following steps:
In the Modeler, right-click the driver set and select .
Click .
Select the User Application driver in your Identity Vault and click , then click .
Click to confirm.
Click , then click when finished.
(Conditional) If you have a previous backup of the User Application driver, complete the following steps:
In the Modeler, right-click the driver set and select .
Click , then navigate to the location of the backed-up User Application driver configuration file.
Select the XML file and click , then click again.
Provide the requested information for the imported driver and click .
Click when finished.
In the Modeler, right-click the User Application driver and select .
Click .
Perform any necessary upgrade or downgrade procedures, then click .
Right-click the driver and select , then follow the steps in the Deployment Summary.
Designer 4.5 does not generate documentation for roles-based entitlement policies or roles-based provisioning module resources. For more information about generating documentation for projects, see “Documenting Projects” in the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide. (480369)
In Designer projects with more than 40 drivers installed or very large roles-based provisioning module deployments, the Document Generator fails with an out-of-memory error.
This error occurs due to limitations in the Apache FOP print formatter that Designer uses to generate documentation. For information on the memory-usage limitations of the FOP formatter and suggestions for improving memory usage, see “Memory Usage” on the Apache FOP Project page . (796616, 520231)
Issue: When you generate a document in Designer, it is not listed in the Generated folder in the project, though it (the generated PDF document) opens without any errors. (879625)
Workaround: Refresh the Generated folder to make the generated document available in the list.
Designer 2.1.1 workspaces are not compatible with Designer 4.5. Designer stores projects and configuration information in a workspace. These workspaces are not compatible from one version of Designer to another. You must point Designer 4.5 to a new workspace and not to a workspace that was used by a previous version of Designer.
To work around this issue, convert the older projects to Designer 3.0.1, then import them into Designer 3.5. (531135)
Designer 3.5 and later is a full-fledged RCP application. It does not support upgrades from versions of Designer prior to 3.5. If you import a Designer 3.0.1 project into the latest release of Designer, Designer automatically converts the project to version 4.5 so that the project can be used in the latest Designer release. (531690)
Issue: If you create a project using a previous version of Designer and then upgrade your environment to Designer 4.5, you must manually update and deploy the schema to be able to work with the project.
In addition, if you create a project using a previous version of Designer and then import that project into a Designer 4.5 environment, you must also perform the schema update and deploy the updated schema. (845210)
Workaround: To modify and deploy Designer 4.5 schema changes, complete the following steps:
In the Modeler, right-click the Identity Vault and select .
In the Classes list, select .
In the Attributes window for the DirXML-PkgItemAux class, click the icon.
In the Select Optional Attribute window, select and click .
Click .
Save your Designer project.
Right-click the Identity Vault and select .
Click the drop-down menu and select .
Expand and select .
If the Compare Status is Unequal, select .
Expand and select .
If the Compare Status is Unequal, select .
Click , then click .
Click when finished.
To migrate your Package Catalog to the new linkage structure, complete the following steps:
(Conditional) If you have not already imported your project into Designer 4.5, click and follow the steps in the Import Wizard.
(Conditional) If you want to update an existing project, we recommend you back up your project:
Click .
In the Export Project window, select the project.
Select .
(Conditional) Click either or , as appropriate for your environment.
Click and navigate to where you want to save the backup file.
In the Outline view, right-click and select .
Click to confirm you have already backed up your project.
Click .
This procedure is applicable for projects that were created using any version prior to Designer 4.5 and for projects imported from the Identity Vault. (847441)
If you create a User Application driver package using Designer 3.0 and then upgrade to Designer 4.5, the property of the User Application base package that is installed, is shown as Customized. (889949)
Issue: This error occurs because the upgrade program does not delete the org.eclipse.osgi container. (886559)
Workaround: Delete the container from <designer_install_location>\configuration\ and start Designer.
When you run the installer to uninstall Designer from a Windows server, the installer might not remove all folders created during the installation process. In some environments, the installer does not remove the packages or plugins folders from the Designer installation folder. (748541)
After you have uninstalled Designer on Linux, the UninstallDesigner folder is not removed. (891926)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.