Quantcast
Channel: Micro Focus Forums
Viewing all 11924 articles
Browse latest View live

Best Place to Start?

August 8, 2017, 12:42 pm
$
0
0
I started to read the documentation and attempted to configure some of the Asset Management setup. I am really unsure whether I am actually getting this done correctly. I have one product reporting back on license but it doesn't look correct.

Is there a better place to get started or some training that I can go through on this product. I would love to get this setup for the school to stay ahead of our software renewals and compliance. I have been licensed for this for several years and just started to look into it deeper.

Thanks

Richard
Search

Error "Kerberos/GSS No valid credentials provided"

August 8, 2017, 1:29 pm
$
0
0
Hi all

I'm trying to setup Kerberos and OSP log find the error "Could not initialize Kerberos/GSS No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)"

Enviroment
Portal server
> RHEL 7.3 64 bits (GUI)
> Tomcat 7.0.55
> IDMProv 4.5.6 (43710)
> landing 4.5.6 (1014)
> OSP 6.0.0 r5
IDM server
> RHEL 7.3 64 bits (GUI)
> eDirectory 9.0 SP3 Patch 1 (40005.13)
> IDM 4.5.6.0
AD Server
> Windows Server 2008


I followed the documentation

AD Server:
Service Account for Kerberos in AD: user.kerberos

Code:
setspn -S HTTP/portal.domain.net user.kerberos
Code:
ktpass /out c:\user.kerberos.keytab /mapuser tiam.kerberos@DOMAIN.NET /princ tiam.kerberos@DOMAIN.NET /pass ***** /crypto All /kvno 0 -ptype KRB5_NT_PRINCIPAL
UA Server:

>> krb5.conf (/opt/netiq/idm/apps/tomcat/conf/)
Code:
[libdefaults]
default_realm = DOMAIN.NET
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true
 
[realms]
DOMAIN.NET = {
 kdc = server-dc2.domain.net:88
}
 
[domain_realm]
.domain.net = DOMAIN.NET
domain.net = DOMAIN.NET
>> Kerberos_login.config (/opt/netiq/idm/apps/tomcat/kerberos/)
Code:
com.sun.security.jgss.krb5.accept {
        com.sun.security.auth.module.Krb5LoginModule required
        doNotPrompt="true"
        principal="user.kerberos@DOMAIN.NET"
        useKeyTab="true"
        keyTab="/opt/netiq/idm/apps/kerberos/user.kerberos.keytab"
        storeKey="true";
};
>> java.security (/opt/netiq/idm/apps/jre/lib/security/)
Code:
login.config.url.1=file:/opt/netiq/idm/apps/tomcat/kerberos/Kerberos_login.config
>> configupdate.sh (/opt/netiq/idm/apps/UserApplication)
  • 2) Authentication
  • 77) Show advanced Options
  • 3) Authentication Method
  • 2) Kerberos
  • 3) SSO Clientes
  • all OAuth redirect url http://portal.domain.net:8080/....


With another application, it was proved that the url works correctly with kerberos, but when pointing it to the IDMProv, it gives the errors that are observed in the log of the OSP.

osp-idm.2017-08-08.zip

Thanks a lot.

Regards.
Attached Files

Roaming profiles - Startmenu problem under Windows 10

August 8, 2017, 2:52 pm
$
0
0
Hello,

we start to do a complete roll out of windows 10 with Zenworks.
Therefore we used this very nice best practices:
https://www.novell.com/communities/c...ces-using-zcm/

If you are using roaming profiles with Novell on non-Windows shares, you have to do some special settings.
For example you have to copy a default profile and move it in the user profile folder - as descripted here:
https://www.novell.com/documentation...a/bvkn1rh.html
It you don’t do this roaming profile will not work correctly.

Now to my problem.
If I logon to the computer with this default profile the Windows 10 start menu is not working - no reaction if you klick on it.
Roaming profile on multiple PCs is working fine, except of the menu.

I already tried the "default solutions" for this problem:
1. sfc /scannow
2. powershell with $manifest = (Get-AppxPackage Microsoft.WindowsStore).InstallLocation + '\AppxManifest.xml' ; Add-AppxPackage -DisableDevelopmentMode -Register $manifest
3. Copy and Paste the folder C:\Users\<user>\AppData\Local\TileDataLayer\Databa se of a local working user

If I don’t follow the instruction in the link above "Assigning a Roaming Profile Policy for a User Profile ..." and let Windows create the roaming profile on the file share I don’t have a start menu problem, but I can't login to different PC -> "Group Policy Client Service failed the sign-in" Error.


Has anybody done something like this before with Zenworks and Windows 10?

Thanks for your help!

Christian

Validator 1.5.0 Beta Released

August 8, 2017, 4:12 pm
$
0
0
We are pleased to release Validator 1.5 Beta.

Here is the download link: http://download.novell.com/Download?...d=jEEJpKPrfr8~


Highlights
-------------------
Added Wizards to create starter scenarios for various connectors.
Add capability for users to create their own wizards.
Generic Connector: Added new action Assert JSON to examine a JSON document via multiple JSON expressions.
Added Remote Connector to execute commands on remote systems, send/receive files, etc.


Change Log - v1.5.0
----------------------------
Fixes:
* When changing the variable name in the Manage Variables page, the variable reference will be
updated in the entire Test Suite file.
* SMTPConnector: Fixed assert email issue where it would always pass.
* Separated variable management into its own tab
* Added Start tab to help expose documentation, videos and creating test suites with wizards.
* Increased font sizes and fixed various styling issues.
* Changed starter tests to sample tests now that we have wizards.
* HTTPConnector now supports the PATCH method
* GenericConnector: Added default namespace handling to fix an issue caused by the Linux Java XPath libs.
* GenericConnector: Parse JSON action would fail when single quotes are in keys or values
* GenericConnector: Parse JSON and Set Variable will now return arrays as a JSON string rather than an object reference.
* SQL connectors: Invalid SQL statements (missing delimiters, etc.) were ignored instead of throwing an error
* When converting connection properties to variables, it will no longer convert the schema attribute
* Exporting a test will export all referenced templates

Enhancements:
* HTTPConnector: Automatically decrypt any encrypted data in the http payload. This allows for sensitive data to be include in the payload so they are not in clear text in the test suite file.
* Added Template Usage feature on Template Action Editor page to list where the template is being used.
* GenericConnector: Xpath now handles expressions that include namespaces.
* GenericConnector: Added new action Assert JSON to examine a JSON document via multiple JSON expressions
* Will not delete template if it is being referenced. Show dialog with the affected tests.
* Added Remote Connector
* Updated readme with supported browser versions. Updated unsupported browser messages to "see the readme".
* Added Wizards to create starter scenarios for various connectors.
* Add capability for users to create their own wizards.
* Validator UI authentication now allows group membership checking
* LDAP Connectors: Added button on connection properties to clear cached schema data from test suite file
* LDAP Connectors: Added Force Retry button to Assert Object Exists to continue to retry to assure the condition is still true.

Validator 1.5 Beta Released

August 8, 2017, 4:17 pm
$
0
0
We are pleased to release Validator 1.5 Beta. An IDM testing tool.

Here is the download link: http://download.novell.com/Download?...d=jEEJpKPrfr8~

Highlights
-------------------
Added Wizards to create starter scenarios for various connectors.
Add capability for users to create their own wizards.
Generic Connector: Added new action Assert JSON to examine a JSON document via multiple JSON expressions.
Added Remote Connector to execute commands on remote systems, send/receive files, etc.


Change Log - v1.5.0
----------------------------
Fixes:
* When changing the variable name in the Manage Variables page, the variable reference will be
updated in the entire Test Suite file.
* SMTPConnector: Fixed assert email issue where it would always pass.
* Separated variable management into its own tab
* Added Start tab to help expose documentation, videos and creating test suites with wizards.
* Increased font sizes and fixed various styling issues.
* Changed starter tests to sample tests now that we have wizards.
* HTTPConnector now supports the PATCH method
* GenericConnector: Added default namespace handling to fix an issue caused by the Linux Java XPath libs.
* GenericConnector: Parse JSON action would fail when single quotes are in keys or values
* GenericConnector: Parse JSON and Set Variable will now return arrays as a JSON string rather than an object reference.
* SQL connectors: Invalid SQL statements (missing delimiters, etc.) were ignored instead of throwing an error
* When converting connection properties to variables, it will no longer convert the schema attribute
* Exporting a test will export all referenced templates

Enhancements:
* HTTPConnector: Automatically decrypt any encrypted data in the http payload. This allows for sensitive data to be include in the payload so they are not in clear text in the test suite file.
* Added Template Usage feature on Template Action Editor page to list where the template is being used.
* GenericConnector: Xpath now handles expressions that include namespaces.
* GenericConnector: Added new action Assert JSON to examine a JSON document via multiple JSON expressions
* Will not delete template if it is being referenced. Show dialog with the affected tests.
* Added Remote Connector
* Updated readme with supported browser versions. Updated unsupported browser messages to "see the readme".
* Added Wizards to create starter scenarios for various connectors.
* Add capability for users to create their own wizards.
* Validator UI authentication now allows group membership checking
* LDAP Connectors: Added button on connection properties to clear cached schema data from test suite file
* LDAP Connectors: Added Force Retry button to Assert Object Exists to continue to retry to assure the condition is still true.

OSP Documentation

August 8, 2017, 5:42 pm
$
0
0
Is there any additional documentation available for configuring OSP? The information in the getting started guide, doesn't provide enough information when something goes wrong. Thanks.

NSD KPI incident report queries

August 8, 2017, 9:24 pm
$
0
0
Hi,
I would like to know how the Mean resolution time is calculated in the NSD KPI report for Incidents.

Thanks.

OES Nss32 pool to Nss64

August 8, 2017, 10:28 pm
$
0
0
Hi,

Currently if we migrate old servers OES11 to 2015SP1 we decomission the pool
on the old server and commission via imanager on the new server.

Via this way it always stays nss32 on a new OES2015SP1.

Is there a way or command to upgrade that nss32 to nss64?

Kr,

Joeri
Search

Workflow Error

August 9, 2017, 2:40 am
$
0
0
Hello All,

I am working on 2 level resource request approval Workflow, when i request for resource from user application, Start of workflow fails and i was able to see resource request status as : Pending Approval: Pending Approval Retry in user application.

I couldn't find any start status of workflow in the logs, When i looked at logs of Roles and resource driver i am able to see the below error.

DirXML Log Event -------------------
Driver: \IDV\system\driverset1\Role and Resource Service Driver
Channel: Subscriber
Status: Error
Message: Unable to start Approval Workflow
Workflow DN: cn=AccountWF,cn=RequestDefs,cn=AppConfig,cn=UserAp plication,cn=driverset1,o=system
Reason: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target.

Note: This error is coming only for this workflow, for the rest it was not showing any error and all the trusted root certificates are placed correctly.

Can someone suggest me how to fix this issue.


Regards,
Eswar.

Is it possible to set the Entity and displayExp dynamically?

August 9, 2017, 5:01 am
$
0
0
Hi.

I'm wondering if it's possible to dynamically/programatic change the DAL entity and DAL displayExp on a Picklist field?

I know that it is possible to read the values through JUICE like this:
var cU = JUICE.UICtrlUtil;
var ctrl = JUICE.UICtrlUtil.getControl('fieldName');
entitydef = cU.getProperty(ctrl, JUICE.UICtrlIDMUtil.PROP_DIS_ENTITYDEF);
displayattrs = cU.getProperty(ctrl, JUICE.UICtrlIDMUtil.PROP_DISPLAY);

Kind regards
Carsten Jørgensen

Sync Password with McAfee Drive Encryption

August 9, 2017, 5:18 am
$
0
0
Hi there,
has anybody an idea? I post on the IDM Forum as the root cause of my problem seems to be the "set Password on AD without using Ctrl+Alt+Del" as we do it with the IDM Drivers...

We use SSPR for forgotten Passwords and IDM for Password Synchronization, here is the challenge: Now once a user forgot it's Password and does a reset via SSPR including sync to AD (e.g. using a colleque's computer) it still can't start it's PC as the McAfee Drive Encryption Password is the old, forgotten one.

McAfee Drive Encryption grabs the Password from the Windows System (https://kc.mcafee.com/corporate/inde...ent&id=KB69740 will bring some light into the McAfee side). Basically, McAfee forces customers to use Ctrl+Alt+Del to change a user's Password so they can grab and store it, what works against the idea of a corporate Password Portal at all.

Did anybody came across a problem like this and found a solution for it? I even assume that the Password of McAfee DE is stored somewhere local on the machine so an IDM Driver might not work at all...

thanks for Input, even the less obvious ideas might help :-)

Steffen

Sample code JAR

August 9, 2017, 6:30 am
$
0
0
I would need by Java to make a sum of two boxes and put the value in a third, could you give me an example.

With the documentation of the manufacturer is very difficult to carry out.

Login Icon after Ctrl+Alt-Del since agent upgrade?

August 9, 2017, 6:46 am
$
0
0
Hi,

We have an unwanted login Icon called "Other user" after entering Ctrl+Alt+Del since we updated our agent.
So far we have found this registry key that removes the icon but show the last connected user instead of asking for domain and password.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
"dontdisplaylastusername"="0"

http://i.imgur.com/E7s2On2.png

We did not have this problem with the last agent's version.

Any help will be greatly appreciated.

Identity Manager Bundle Edition 4.6 is now available for OES

August 9, 2017, 8:00 am

Univesal Password Policy implementation questions

August 9, 2017, 8:29 am
$
0
0
We are trying to implement a Universal Password policy for users on our system running OES 2015 SP1, ZCM 2017 and AD. We set up Universal Password to use Challenge/Response questions and then to provide a password hint. Here are a couple of things that I hope there are work arounds for.

1. When the password change dialog comes up, there is minimal info on what the criteria are for a valid password. You can put in an administrator message in but the user has to know to click on the 'policy' button on the change password dialog to see it, which is not very intuitive. Even then the Administrator message is at the bottom of the policy dialog and not very prominent.

2. When changing a password, you are asked to put in the password hint on the password change dialog (which happens at the end of the login) and after that you are prompted to put in the password hint again in a separate dialog. Why are you prompted twice for the password hint?

3. You can put in nothing for the password hint. Wouldn't you want to force users to put in something? However, it looks like you will be prompted every time you login for a password hint if you leave it blank.

4. You can change the Challenge/Response questions without changing the password. Can you change the password hint without changing the password? For instance, if you decided the password hint you entered was not clear enough and wanted to redo it but didn't want to change your actual password.

Thanks,

Dan
Search

Keeping user-installed apps updates

August 9, 2017, 8:40 am
$
0
0
Is there a way to basically tell ZENworks to update user-installed apps?

For example, I push Firefox to all workstations. If I update the MSI, it updates on ALL workstations.

If I have a bundle for Reflector 2, but it's only installed on workstations that people install from the Application Windows. Right now, the only way to update is have have the user click on the bundle again to install new version. Would I just use assign to all workstations, then set a requirement to check for the program's folder?

Just wondering if there is something easier that I am missing?

SOAP Driver: 403 Response

August 9, 2017, 11:01 am
$
0
0
Hi,

I am able to access the webservice through the browser. But When I do it through the SOAP driver, I am getting the HTTP 403 error. Please assist.

Error Log below,

[08/09/17 13:57:12.797]:daap ST:Submitting document to subscriber shim:
[08/09/17 13:57:12.797]:daap ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.5.4.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<operation-data command="Go" event-id="0" soap-action="http://tempuri.org/NETIQAccessListener/GetRoles"/>
<soapenv:Envelope xmlns:daap="http://schemas.datacontract.org/2004/07/DAAP.Domain.DTO" xmlns:daap1="http://schemas.datacontract.org/2004/07/DAAP.Domain.DTO.Request" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:GetRoles>
<tem:request>
<daap:LoggingInformation/>
<daap:RecordSetInformation>
<daap:RecordSetMaxCount>0</daap:RecordSetMaxCount>
<daap:RecordSetStartingCount>0</daap:RecordSetStartingCount>
</daap:RecordSetInformation>
<daap1:InsertDate>2017-06-01</daap1:InsertDate>
</tem:request>
</tem:GetRoles>
</soapenv:Body>
</soapenv:Envelope>
</input>
</nds>
[08/09/17 13:57:12.799]:daap ST:DAAP: Drivershim received xml request <nds dtdversion="4.0" ndsversion="8.x"><source><product edition="Advanced" version="4.5.4.0">DirXML</product><contact>NetIQ Corporation</contact></source><input><operation-data command="Go" event-id="0" soap-action="http://tempuri.org/NETIQAccessListener/GetRoles"/><soapenv:Envelope xmlns:daap="http://schemas.datacontract.org/2004/07/DAAP.Domain.DTO" xmlns:daap1="http://schemas.datacontract.org/2004/07/DAAP.Domain.DTO.Request" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/"><soapenv:Header/><soapenv:Body><tem:GetRoles><tem:request><daap:Lo ggingInformation/><daap:RecordSetInformation><daap:RecordSetMaxCoun t>0</daap:RecordSetMaxCount><daap:RecordSetStartingCoun t>0</daap:RecordSetStartingCount></daap:RecordSetInformation><daap1:InsertDate>2017-06-01</daap1:InsertDate></tem:request></tem:GetRoles></soapenv:Body></soapenv:Envelope></input></nds>
[08/09/17 13:57:12.801]:daap ST:DAAP: Value of boolean flag 'remove-existing' is : false
[08/09/17 13:57:12.802]:daap ST:DAAP: HTTPSubscriberTransport.send()
[08/09/17 13:57:12.802]:daap ST:DAAP: Preparing HTTP POST connection to https://analytics-uat.xxx.xxxxx.xxx/...nerService.svc
[08/09/17 13:57:12.802]:daap ST:DAAP: Setting up SSL connection..........
[08/09/17 13:57:12.803]:daap ST:DAAP: Setting the following HTTP request properties:
[08/09/17 13:57:12.803]:daap ST:DAAP: Authorization: <credentials suppressed>
[08/09/17 13:57:12.803]:daap ST:DAAP: SOAPAction: http://tempuri.org/NETIQAccessListener/GetRoles
[08/09/17 13:57:12.803]:daap ST:DAAP: Content-Type: text/xml; charset=utf-8
[08/09/17 13:57:12.883]:daap ST:DAAP: Did HTTP POST with 614 bytes of data to https://analytics-uat.xxx.xxxxx.xxx/...nerService.svc
[08/09/17 13:57:12.966]:daap ST:DAAP: IOExecption : Server returned HTTP response code: 403 for URL: https://analytics-uat.xxx.xxxxx.xxx/...nerService.svc
[08/09/17 13:57:12.967]:daap ST:DAAP: Response code and message: 403 Forbidden
[08/09/17 13:57:12.968]:daap ST:DAAP: The following bytes (which are base64 encoded) were received as a response to our request on the subscriber channel. They cannot be converted to XML:
[08/09/17 13:57:12.969]:daap ST:DAAP: PCFET0NUWVBFIGh0bWw+CjwhLS1baWYgbHQgSUUgN10+IDxodG 1sIGNsYXNzPSJuby1qcyBpZTYgb2xkaWUiIGxhbmc9ImVuLVVT Ij4gPCFbZW5kaWZdLS0+CjwhLS1baWYgSUUgN10+ICAgIDxodG 1sIGNsYXNzPSJuby1qcyBpZTcgb2xkaWUiIGxhbmc9ImVuLVVT Ij4gPCFbZW5kaWZdLS0+CjwhLS1baWYgSUUgOF0+ICAgIDxodG 1sIGNsYXNzPSJuby1qcyBpZTggb2xkaWUiIGxhbmc9ImVuLVVT Ij4gPCFbZW5kaWZdLS0+CjwhLS1baWYgZ3QgSUUgOF0+PCEtLT 4gPGh0bWwgY2xhc3M9Im5vLWpzIiBsYW5nPSJlbi1VUyI+IDwh LS08IVtlbmRpZl0tLT4KPGhlYWQ+Cjx0aXRsZT5BY2Nlc3MgZG VuaWVkIHwgYW5hbHl0aWNzLXVhdC5ybWYuaGFydmFyZC5lZHUg dXNlZCBDbG91ZGZsYXJlIHRvIHJlc3RyaWN0IGFjY2VzczwvdG l0bGU+CjxtZXRhIGNoYXJzZXQ9IlVURi04IiAvPgo8bWV0YSBo dHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleH QvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KPG1ldGEgaHR0cC1l cXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1FZG dlLGNocm9tZT0xIiAvPgo8bWV0YSBuYW1lPSJyb2JvdHMiIGNv bnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93IiAvPgo8bWV0YSBuYW 1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdp ZHRoLGluaXRpYWwtc2NhbGU9MSxtYXhpbXVtLXNjYWxlPTEiIC 8+CjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaWQ9ImNmX3N0eWxl cy1jc3MiIGhyZWY9Ii9jZG4tY2dpL3N0eWxlcy9jZi5lcnJvcn MuY3NzIiB0eXBlPSJ0ZXh0L2NzcyIgbWVkaWE9InNjcmVlbixw cm9qZWN0aW9uIiAvPgo8IS0tW2lmIGx0IElFIDldPjxsaW5rIH JlbD0ic3R5bGVzaGVldCIgaWQ9J2NmX3N0eWxlcy1pZS1jc3Mn IGhyZWY9Ii9jZG4tY2dpL3N0eWxlcy9jZi5lcnJvcnMuaWUuY3 NzIiB0eXBlPSJ0ZXh0L2NzcyIgbWVkaWE9InNjcmVlbixwcm9q ZWN0aW9uIiAvPjwhW2VuZGlmXS0tPgo8c3R5bGUgdHlwZT0idG V4dC9jc3MiPmJvZHl7bWFyZ2luOjA7cGFkZGluZzowfTwvc3R5 bGU+CjwhLS1baWYgbHRlIElFIDldPjxzY3JpcHQgdHlwZT0idG V4dC9qYXZhc2NyaXB0IiBzcmM9Ii9jZG4tY2dpL3NjcmlwdHMv anF1ZXJ5Lm1pbi5qcyI+PC9zY3JpcHQ+PCFbZW5kaWZdLS0+Cj whLS1baWYgZ3RlIElFIDEwXT48IS0tPjxzY3JpcHQgdHlwZT0i dGV4dC9qYXZhc2NyaXB0IiBzcmM9Ii9jZG4tY2dpL3NjcmlwdH MvemVwdG8ubWluLmpzIj48L3NjcmlwdD48IS0tPCFbZW5kaWZd LS0+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0IiBzcm M9Ii9jZG4tY2dpL3NjcmlwdHMvY2YuY29tbW9uLmpzIj48L3Nj cmlwdD4KCjwvaGVhZD4KPGJvZHk+CiAgPGRpdiBpZD0iY2Ytd3 JhcHBlciI+CiAgICA8ZGl2IGNsYXNzPSJjZi1hbGVydCBjZi1h bGVydC1lcnJvciBjZi1jb29raWUtZXJyb3IiIGlkPSJjb29raW UtYWxlcnQiIGRhdGEtdHJhbnNsYXRlPSJlbmFibGVfY29va2ll cyI+UGxlYXNlIGVuYWJsZSBjb29raWVzLjwvZGl2PgogICAgPG RpdiBpZD0iY2YtZXJyb3ItZGV0YWlscyIgY2xhc3M9ImNmLWVy cm9yLWRldGFpbHMtd3JhcHBlciI+CiAgICAgIDxkaXYgY2xhc3 M9ImNmLXdyYXBwZXIgY2YtaGVhZGVyIGNmLWVycm9yLW92ZXJ2 aWV3Ij4KICAgICAgICA8aDE+CiAgICAgICAgICA8c3BhbiBjbG Fzcz0iY2YtZXJyb3ItdHlwZSIgZGF0YS10cmFuc2xhdGU9ImVy cm9yIj5FcnJvcjwvc3Bhbj4KICAgICAgICAgIDxzcGFuIGNsYX NzPSJjZi1lcnJvci1jb2RlIj4xMDEwPC9zcGFuPgogICAgICAg ICAgPHNtYWxsIGNsYXNzPSJoZWFkaW5nLXJheS1pZCI+UmF5IE lEOiAzOGJjOThiM2I4ZDQxODU4ICZidWxsOyAyMDE3LTA4LTA5 IDE3OjU3OjEyIFVUQzwvc21hbGw+CiAgICAgICAgPC9oMT4KIC AgICAgICA8aDIgY2xhc3M9ImNmLXN1YmhlYWRsaW5lIiBkYXRh LXRyYW5zbGF0ZT0iZXJyb3JfZGVzYyI+QWNjZXNzIGRlbmllZD wvaDI+CiAgICAgIDwvZGl2PjwhLS0gLy5oZWFkZXIgLS0+Cgog ICAgICA8c2VjdGlvbj48L3NlY3Rpb24+PCEtLSBzcGFjZXIgLS 0+CgogICAgICA8ZGl2IGNsYXNzPSJjZi1zZWN0aW9uIGNmLXdy YXBwZXIiPgogICAgICAgIDxkaXYgY2xhc3M9ImNmLWNvbHVtbn MgdHdvIj4KICAgICAgICAgIDxkaXYgY2xhc3M9ImNmLWNvbHVt biI+CiAgICAgICAgICAgIDxoMiBkYXRhLXRyYW5zbGF0ZT0id2 hhdF9oYXBwZW5lZCI+V2hhdCBoYXBwZW5lZD88L2gyPgogICAg ICAgICAgICA8cD5UaGUgb3duZXIgb2YgdGhpcyB3ZWJzaXRlIC hhbmFseXRpY3MtdWF0LnJtZi5oYXJ2YXJkLmVkdSkgaGFzIGJh bm5lZCB5b3VyIGFjY2VzcyBiYXNlZCBvbiB5b3VyIGJyb3dzZX IncyBzaWduYXR1cmUgKDM4YmM5OGIzYjhkNDE4NTgtdWEyMSku PC9wPgogICAgICAgICAgPC9kaXY+CgogICAgICAgICAgCiAgIC AgICAgPC9kaXY+CiAgICAgIDwvZGl2PjwhLS0gLy5zZWN0aW9u IC0tPgoKICAgICAgPGRpdiBjbGFzcz0iY2YtZXJyb3ItZm9vdG VyIGNmLXdyYXBwZXIiPgogIDxwPgogICAgPHNwYW4gY2xhc3M9 ImNmLWZvb3Rlci1pdGVtIj5DbG91ZGZsYXJlIFJheSBJRDogPH N0cm9uZz4zOGJjOThiM2I4ZDQxODU4PC9zdHJvbmc+PC9zcGFu PgogICAgPHNwYW4gY2xhc3M9ImNmLWZvb3Rlci1zZXBhcmF0b3 IiPiZidWxsOzwvc3Bhbj4KICAgIDxzcGFuIGNsYXNzPSJjZi1m b290ZXItaXRlbSI+PHNwYW4gZGF0YS10cmFuc2xhdGU9InlvdX JfaXAiPllvdXIgSVA8L3NwYW4+OiA2OS4xNDcuMTYwLjY4PC9z cGFuPgogICAgPHNwYW4gY2xhc3M9ImNmLWZvb3Rlci1zZXBhcm F0b3IiPiZidWxsOzwvc3Bhbj4KICAgIDxzcGFuIGNsYXNzPSJj Zi1mb290ZXItaXRlbSI+PHNwYW4gZGF0YS10cmFuc2xhdGU9In BlcmZvcm1hbmNlX3NlY3VyaXR5X2J5Ij5QZXJmb3JtYW5jZSAm YW1wOyBzZWN1cml0eSBieTwvc3Bhbj4gPGEgZGF0YS1vcmlnLX Byb3RvPSJodHRwcyIgZGF0YS1vcmlnLXJlZj0id3d3LmNsb3Vk ZmxhcmUuY29tLzV4eC1lcnJvci1sYW5kaW5nP3V0bV9zb3VyY2 U9ZXJyb3JfZm9vdGVyIiBpZD0iYnJhbmRfbGluayIgdGFyZ2V0 PSJfYmxhbmsiPkNsb3VkZmxhcmU8L2E+PC9zcGFuPgogICAgCi AgPC9wPgo8L2Rpdj48IS0tIC8uZXJyb3ItZm9vdGVyIC0tPgoK CiAgICA8L2Rpdj48IS0tIC8jY2YtZXJyb3ItZGV0YWlscyAtLT 4KICA8L2Rpdj48IS0tIC8jY2Ytd3JhcHBlciAtLT4KCiAgPHNj cmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgogIHdpbmRvdy 5fY2ZfdHJhbnNsYXRpb24gPSB7fTsKICAKICAKPC9zY3JpcHQ+ Cgo8L2JvZHk+CjwvaHRtbD4K
[08/09/17 13:57:12.978]:daap ST:DAAP: Response Doc #document,null,null
[08/09/17 13:57:12.978]:daap ST:
<nds dtdversion="2.0">
<source>
<product build="20141001_0707" instance="DAAP" version="4.0.0.2">Identity Manager Driver for SOAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error" type="driver-general">
<description>The response received on the subscriber channel was not valid XML. Consider writing a ByteArrayModifiers Java extension if you need to convert the results to XML.</description>
</status>
</output>
</nds>
[08/09/17 13:57:12.979]:daap ST:DAAP: After restoring operation-data
[08/09/17 13:57:12.979]:daap ST:
<nds dtdversion="2.0">
<source>
<product build="20141001_0707" instance="DAAP" version="4.0.0.2">Identity Manager Driver for SOAP</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error" type="driver-general">
<description>The response received on the subscriber channel was not valid XML. Consider writing a ByteArrayModifiers Java extension if you need to convert the results to XML.</description>
</status>
</output>
<operation-data command="Go" event-id="0" soap-action="http://tempuri.org/NETIQAccessListener/GetRoles"/>
</nds>


------------------------------

Regards,
Kalai

Universal Password implementation and OES client

August 9, 2017, 11:40 am
$
0
0
(I originally posted this in the "eDir: Mod. Auth. Service & Univ. Password" forum and 'ab' thought it was more a client issue and recommended posting it here.)

We are trying to implement a Universal Password policy for users on our system running OES 2015 SP1, ZCM 2017, Client for Open Enterprise Server 2 SP4 (IR6) and AD. We set up Universal Password to use Challenge/Response questions and then to provide a password hint. Here are a couple of things that I hope there are work arounds for.

1. When the password change dialog comes up, there is minimal info on what the criteria are for a valid password. You can put in an administrator message in but the user has to know to click on the 'policy' button on the change password dialog to see it, which is not very intuitive. Even then the Administrator message is at the bottom of the policy dialog and not very prominent.

2. When changing a password, you are asked to put in the password hint on the password change dialog (which happens at the end of the login) and after that you are prompted to put in the password hint again in a separate dialog. Why are you prompted twice for the password hint?

3. You can put in nothing for the password hint. Wouldn't you want to force users to put in something? However, it looks like you will be prompted every time you login for a password hint if you leave it blank.

4. You can change the Challenge/Response questions without changing the password. Can you change the password hint without changing the password? For instance, if you decided the password hint you entered was not clear enough and wanted to redo it but didn't want to change your actual password.

5. 'ab' from the other post recommended that we turn off the password hint but under the 'Forgotten Password' tab of the Universal Password, I don't see where that is an option.

Thanks,

Dan

ECMAScript Function not found

August 9, 2017, 11:37 pm
$
0
0
Hi,

we are running IDM 4.6.1 on SLES 12 and we dp our deployments with Designer LDAP 4.6.1.

We introduced a new ECMAScript object only containing four functions. All function tests within the ECMAScript editor were successful.

But when calling the custom function trough an xpath argument, one function is not found durig execution of the policy.

[08/10/17 08:24:03.027]:User Management ST: token-xpath("es:returnJValue($current-node,'Referenz')")
[08/10/17 08:24:03.034]:User Management ST:
DirXML Log Event -------------------
Driver: \IDMS-DEV\tu-darmstadt\res\DriverSet\User Management
Channel: Subscriber
Status: Error
Message: Code(-9131) Error in vnd.nds.stream://IDMS-DEV/tu-darmstadt/res/DriverSet/User+Management/Subscriber/tudaUMbase-sub-etp-HandleModifyEvents#XmlData:143 : Error evaluating XPATH expression 'token-xpath("es:returnJValue($current-node,'Referenz')")' : com.novell.xml.xpath.XPathEvaluationException: function 'es:returnJValue' not found.


This is the content of the ECMAScript Object:
Code:
// load the compatibility functions
load("nashorn:mozilla_compat.js");
/**
* Check if the String is a valid JSON Object
* Returns true if JSON is valid, false if not
*
*/
function isJSON(str) {
    try {
        JSON.parse(str);
    } catch (e) {
        return false;
    }
    return true;
}
 
function setJSONValue(jstr,name,value)
{
jObject = JSON.parse(jstr);
if (typeof jObject[name] !== undefined)
                {
                              jObject[name] = value;
                }           
return JSON.stringify(jObject);
}
 
 function returnJValue(jstr,name)
{
jObject = JSON.parse(jstr);
retvalue = jObject[name];
return retvalue;
}
Any ideas?

Kind regards,

Thorsten

NAM Support for WSS Connections

August 10, 2017, 1:54 am
$
0
0
Hi All,

Similar request to the thread https://forums.novell.com/showthread...-to-server-wss which appeared to go unanswered.

I have a web app proxied through NAM 4.3.2, which works for the most part, until a user invokes a connection which appears to be WSS:// related. This fails with the browser complaining about not being able to connect to server on wss://.......

My reading seems to suggest this can be supported on Apache through the use of the mod_proxy_wstunnel module. I can't find reference to this in the NAM install httpd.conf file however.

Anybody had any luck or have any further info on supporting web sockets through NAM Access Gateways?
Viewing all 11924 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>