what is the difference between Remote IDM Indexer and Exact Data Matching?

I need a solution

I am using DLP 14.0.

For DLP 14.0 version, it looks Remote IDM Indexer has all the functionalities of Exact Data Matching.

Q1: Exact Data Matching (EDM) can detects content that is stored in structured or tabular format, IDM is capable of detecting them too, right?

Q2:  The DLP 14.0. version I’m using does not have the option of “Load Externally Generated Index”. Pls see attachment below. Therefore to me IDM with remote indexer has one devastating avantage that it frees me from having to collect and copy all the files I want to protect to the Enforce Server. On the other hand, Exact Data Matching will need me to collect and copy all data source file to the Enforce Server (since the current version of DLP i’m using does not have “Load Externally Generated Index”.)

0

Related:

  • No Related Posts

7023346: -603 error attemping to add server to Driver Set

This document (7023346) is provided subject to the disclaimer at the end of this document.

Environment


Identity Manager 4.7

Situation

When attempting to add a new server with IDM 4.7 installed on it to a new Driver Set, a -603 error is recieved.

Error message: Unable to associate the server with the Driver Set.

com.novell.admin.common.exceptions.UniqueSPIException: (Error-603) The requested attribute could not be found. In the Directory, if an attribute does not contain a value then the attribute does not exist for the specific object.

Resolution

After installing IDM 4.7 on the server, make sure you run the configure.sh script. This should extend schema on the Identity Vault.

Or run the /opt/novell/eDirectory/bin/idm-install-schema script to extend schema.

Then attempt to add the server to the driver set again.

Additionally, make sure the new server holds a read write replica of the partition where the driver set resides.

Cause

Missing IDM schema

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7002609: -783 Unable to load VRDIM at driver startup. -299 error in NDS Trace.

I. After looking at the environment variables and specifically theLD_LIBRARY_PATH variable there was a JAVA based application thatwas installed between reboots.

The installed Java based application caused IDM to lose a referenceto where its own JRE is loaded.

To temporarily fix the issue for a default root-based installationyou can place the following command in the eDirectory startupscript. This puts the IDM related paths in theLD_LIBRARY_PATH without any other paths:

exportLD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib

Running this command will only overwrite thevariable until the server is rebooted. To permanently fix theissue, either remove the other Java-based application or find wherethe application is setting the LD_LIBRARY_PATH (probably in/etc/profile.d directory) and remove or adjust the settings. Some applications do not need to have a path in the LD_LIBRARY_PATHand the normal PATH variable is sufficient.

Another possible resolution would be to removeIDM and reinstall. It seems that when the JAVA applicationwas installed prior to IDM there were no issues; however, that maynot be the case with all applications, just the one that was usedin this particular issue.

If this issue happens on a system with eDirectory 8.7.3.x here are the steps to resolve.

  1. Edit the ndsd startup script (/etc/init./ndsd)
  2. Look for the line LD_LIBRARY_PATH. It should look something like the following: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386:$LD_LIBRARY_PATH
  3. Change the like so that it looks like this: LD_LIBRARY_PATH=/usr/lib/nds-modules/jre/lib/i386
  4. Restart eDirectory and the IDM engine should load.

II. This issue has also been seen on a non-root install of IDM 4.7. This is due to missing Java Runtime Edition not being installed correct. Workaround: sudo su as root and install the following package from the IDM 4.7 installation media. Then restart eDirectory and the driver should load.

rpm -ihv /common/packages/java/netiq-jrex-1.8.0-162.noarch.rpm

Related:

7023302: Could not convert socket to TLS – Unable to send mail via IDM policy

This document (7023302) is provided subject to the disclaimer at the end of this document.

Environment

Identity Manager 4.7 (Engine)

Situation

After upgrading Identity Manager engine to version 4.7, send mail from the driver policies experience

 Message: Code(-9195) Error in vnd.nds.stream:<driver path> : Couldn't send email: javax.mail.MessagingException: Could not convert socket to TLS;

Resolution

1. Export the certificate from Exchange server(https://technet.microsoft.com/en-us/library/bb310778(v=exchg.160).aspx)

2. Import into /opt/netiq/common/jre/lib/security/cacerts

 (/opt/netiq/common/jre/bin/keytool -import -alias <alias-name> -file <exported-cert.cer> -keystore /opt/netiq/common/jre/lib/security/cacerts)

3. Restart eDirectory

Cause

In IDM 4.7, the engine determines if the mail server supports a secure port. If one is determined, then the engine defaults to using secure port automatically to ensure securing communication between the engine (client) and the mail server(server) as security measure.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023287: eDirectory fails to start after upgrade from 8.8.8 to 9, IDM 4.5 to 4.6

This document (7023287) is provided subject to the disclaimer at the end of this document.

Environment

eDirectory 8.8.8

eDirectory 9.x

Identity Manager 4.5

Identity Manager 4.6

Situation

Recently upgraded IDM from 4.5 to 4.6. Subsequently upgraded eDirectory from 8.8.8 to 9.x. Now, eDirectory fails to start with the following error message in ndsd.log:

Aug 20 07:31:20 Path of NetIQ eDirectory configuration file /etc/opt/novell/eDirectory/conf/nds.conf
Aug 20 07:31:20 NCPServer: Have 1 interfaces in conf file
Signature file not found
And from /var/log/messages:
2018-08-20T09:47:14.852585-05:00 idv02 systemd[1]: Failed to start eDirectory service for /etc/opt/novell/eDirectory/conf/nds.conf..
2018-08-20T09:47:14.852785-05:00 idv02 systemd[1]: ndsd.service: Unit entered failed state.
2018-08-20T09:47:14.852931-05:00 idv02 systemd[1]: ndsd.service: Failed with result ‘resources’.

The following files are present in /opt/novell/eDirectory/lib64:

  • libcrypto.so -> libcrypto.so.1.0.0
  • libcrypto.so.1 -> libcrypto.so.1.0.0
  • libcrypto.so.1.0.0
  • libssl.so -> libssl.so.1.0.0
  • libssl.so.1 -> libssl.so.1.0.0
  • libssl.so.1.0.0

Resolution

  1. Execute the following commands to move the libssl and libcrypto files to a different location:
# cd /opt/novell/eDirectory/lib64
# mkdir bak
# mv -v libssl* bak
# mv -v libcrypto* bak
  1. Start eDirectory by executing the following:
# ndsmanage startall
  1. Verify eDirectory is running:
# ndsstat

Cause

The IDM 4.6 installer places the libssl and libcrypto files in the /opt/novell/eDirectory/lib64 directory. eDirectory 8.8.8 needs the files to be in this location. Upgrading to eDirectory 9 does not clean these files out, which causes a conflict that prevents eDirectory from starting.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023272: IDM 4.7.0 Data Collection Service (DCS) Driver 4.2.0 won’t start: NoClassDefFoundError: com/microfocus/database/builder/DatabaseBuilder

This document (7023272) is provided subject to the disclaimer at the end of this document.

Environment

Identity Manager 4.7.0

Identity Manager Driver – Data Collection Service

Situation

After applying the Data Collection Service Driver 2.0 update on a IDM 4.7 server, the following error is received when attempting to start the driver.

08/15/18 09:05:27.732]:Data Collection Service Driver ST:DCSShim: BatchFileManager – Initializing state file…

[08/15/18 09:05:27.732]:Data Collection Service Driver ST:

DirXML Log Event ——————-

Driver: DENCHRIS18_TREEsystemdriverset1Data Collection Service Driver

Status: Error

Message: Code(-9010) An exception occurred: java.lang.NoClassDefFoundError: com/microfocus/database/builder/DatabaseBuilder

at com.novell.nds.dirxml.driver.dcsshim.persist.BatchFile.open(Unknown Source)

at com.novell.nds.dirxml.driver.dcsshim.persist.BatchFileManager.<init>(Unknown Source)

at com.novell.nds.dirxml.driver.dcsshim.DCSShim.init(Unknown Source)

at com.novell.nds.dirxml.engine.Driver.startShim(Driver.java:1676)

at com.novell.nds.dirxml.engine.Driver.initialize(Driver.java:329)

at com.novell.nds.dirxml.engine.Driver.<init>(Driver.java:295)

at com.novell.nds.dirxml.engine.DriverEntry.run(DriverEntry.java:626)

at java.lang.Thread.run(Thread.java:748)

[08/15/18 09:05:27.733]:Data Collection Service Driver ST:Driver terminated.

[08/15/18 09:05:27.735]:Data Collection Service Driver ST:Writing XML attribute vnd.nds.stream://DENCHRIS18_TREE/system/driverset1/Data+Collection+Service+Driver#DirXML-PersistentData.

Resolution

Per the readme, the DCS 4.2.0 update requires the 4.7.1 update be installed on the server.

System Requirements:

•Identity Manager 4.7.1 or higher.

•IDM Reporting Module.

Install the 4.7.1 and the driver should start.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

7022980: IDM 4.7 – Bidirectional eDir Driver 4.0.4.0 does not connect over SSL – Error occured while getting socket factory. Reason : null

This document (7022980) is provided subject to the disclaimer at the end of this document.

Environment

Identity Manager 4.5

Identity Manager Driver – Bidirectional eDirectory Driver 4.0.4.0

Situation

After upgrading to IDM 4.7 and the Bidirectional eDirectory Driver 4.0.4.0, the driver will not connect over SSL, the secure LDAP port (636). However it will connect over the unsecure LDAP port (389).

[05/16/18 13:45:55.081]:eDirectory ST:eDirectory: OpenLDAPConnection – Connect to the server

[05/16/18 13:45:55.082]:eDirectory ST:eDirectory: Error occured while getting socket factory. Reason : null

[05/16/18 13:45:55.082]:eDirectory ST:eDirectory: Schema.Schema() – LDAPException: Unable to initiallize socket factory (80) Other

java.lang.NullPointerException

[05/16/18 13:45:55.083]:eDirectory ST:SubscriptionShim.init() returned:

[05/16/18 13:45:55.083]:eDirectory ST:

<nds dtdversion=”4.0″>

<source>

<product build=”20180222_0550″ instance=”eDirectory” version=”4.0.4.0″>Identity Manager Bi-directional Driver for eDirectory</product>

<contact>NetIQ Corporation</contact>

</source>

<output>

<status level=”success”/>

</output>

</nds>

Resolution

This issue is resolved with the Bidirectional eDirectory driver 4.0.5.0 or later.

Cause

There was an issue when Use SSL is set to YES, and Always Accept Server Certificate is set to YES, that the driver did not pull the certificate properly from the connected side LDAP server.

Workaround is to set Always Accept Server Certificate is set to NO and define the certificate information in the Driver Parameters. (Driver properties, Driver Configuration tab, Driver Parameters section, Driver Settings)

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023255: lcache coring with ndsd becoming unresponsive

This document (7023255) is provided subject to the disclaimer at the end of this document.

Environment

eDirectory 9.0.4
novell-AUDTedirinst NetIQ 9.0.4-0
novell-AUDTplatformagent Novell 2.0.2-81
/etc/logevent.conf
LogHost=xx.xx.xx.xx
LogCachePort=1288
LogEnginePort=1289
LogCacheDir=/opt/novell/idm/naudit/cache

Situation

ndsstat doesn’t return and stays waiting
/var/log/messages:
Error in `lcache’: corrupted double-linked list: 0x00007fbf74b7c690 ***
Errors in the nproduct.log
[Novell Audit Cache]: Authenticated to Server…
[EndClientConnection]: Not Exiting thread due to STATE_ENDING for socket 0
[Novell Audit Cache]: Server dropped the connection, Trying to connect again…
[EndClientConnection]: Not Exiting thread due to STATE_ENDING for socket 0
[Novell Audit Cache]: Server seems busy, wait for 5 Seconds and try again…
[Novell Audit Cache]: Authenticated to Server…
[EndClientConnection]: Not Exiting thread due to STATE_ENDING for socket 0
[Novell Audit Cache]: Server dropped the connection, Trying to connect again…
[EndClientConnection]: Not Exiting thread due to STATE_ENDING for socket 0
[Novell Audit Cache]: Server seems busy, wait for 5 Seconds and try again.
lcache process has a large number of open files
lsof -p 12435 (12435 represents the pid number of the lcache process)

Resolution

The platform agent – novell-AUDTplatformagent had been updated but the Sentinel collector had not.

Ensure the components involved in event auditing are all current for the version of eDirectory / Sentinel running
Find the latest Sentinel plugins at this location:

Cause

Connectivity issues between lcache and the Sentinel collector for eDirectory causing lcache cores and connection failures with open files.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7023249: IDM 4.6 to IDM 4.7 upgrade – Roles and Resource Driver will not start – Missing driver option: cleaup-res-history-last-days

This document (7023249) is provided subject to the disclaimer at the end of this document.

Environment


Identity Manager 4.7

Identity Manager Driver – Role and Resource

Situation

After upgrading from IDM 4.6 to IDM 4.7 the Role and Resource driver will not start.

The following errors is found in a level 3 startup trace of the Role and Resource driver.

Message: Missing driver option: cleaup-res-history-last-days

Resolution

A new required GCV “Store resource history for days” was introduced with the Role and Resource driver in IDM 4.7.

Installing the updated Role and Resource Driver base package that ships with IDM 4.7 to the IDM 4.7.0.201802012164852 package. Then deploying the updated driver, resolved the issue.

Cause

Missing cleaup-res-history-last-days GCV.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related: