Académique Documents
Professionnel Documents
Culture Documents
Release Notes
i
Connector Pack Release Notes
Conventions
Although every effort has been made to ensure the accuracy of these
release notes, they may contain minor errors or omissions.
• Fixed an issue to populate account attribute, displayName, properly when creating account on AD
target system.
• Deprecated support for Solaris 9 for the solaris9.sparc64 psunix distribution.
3
Connector Pack 3.1.3 2
• The Hitachi ID Management Suite connector (agtidm) now lists instance servers.
• Added ‘serverinfo’ operation to the Hitachi ID Management Suite connector (agtidm).
• The SAP connector (agtsap) now has different password reset methods for making a password pro-
ductive on reset. These options are:
– Log the user in
– Set the LTIME field
– Use the SUSR_USER_CHANGE_PASSWORD_RFC procedure
– Set PRODUCTIVE_PWD flag in BAPI_USER_CHANGE
– Do not make the password productive
2.1.2 Miscellaneous
• Removed the ‘Patch’ option from the setup page for minor release connector pack upgrades and
replaced it with ‘Upgrade’.
4
Hitachi ID Connector Pack Release Notes
• Fixed so that LDAP users with no passwords will return an appropriate error code. Also fixed the
‘verifyreset’ operation to successfully reset passwords.
• Allow support for creating users for SAP version 7.3 by setting the appropriate attributes during create.
• Added pxrem support for Remedy 8.1 and 9.1 servers.
• Modified the Cisco Unified Communication Manager connector (agtcucm) to list both the Jabber de-
vice name and device profile name attributes at the same time.
• Corrected issue so that attribute values that contain the ‘&’ character do not get truncated for the Cisco
Unified Communication Manager connector (agtcucm).
• Corrected issue so that the Sybase Database connector (agtsybctscript) can properly handle scripts.
2.2.3 E-mail/Groupware
• Corrected issue so that multi-level enable passwords are reset successfully on Cisco IOS (agtcisco-
ios).
• Changed the behavior of the Cisco IOS networking equipment (Telnet) connector to log out after a
successful login for the verify operation.
• Modified Cisco ACS connector (agtcisco-acs) to not copy ‘dateExceeds’ account attribute from tem-
plate as this prevents accounts from being created successfully.
• Modified Active Directory connector (agtad) to allow escaping hash characters to list group and OU
names with hashes using group/OU files.
• Fixed Active Directory DN connector (agtaddn) to return the expired status when an account is man-
ually expired from the target.
• Fixed nrcifs and nrsmb to correctly handle creating and deleting folders.
• Re-added the ‘Other settings’ address option for the Power Shell connector (agtps).
• Added BlackBerry Enterprise Web Service (agtbes10) connector to list users, manage accounts, man-
age passwords and administrator credentials on BlackBerry Enterprise Server version 10.0.
• Added a read/read-write file access address option to CSV File Connector Service (agtcsv) connector
to target and list from read-only CSV files and folders.
3.1.2 E-mail/Groupware
• Added the ability to set the out-of-office attribute for Microsoft Exchange (agtexg2k7) connector.
• Added information to serverinfo operation for Cisco Device targets to reindicate the remote authenti-
cating servers.
• Added scripted agtcisco-pix-ssh connector to access Cisco PIX networking equipment via SSH.
• Added scripted agtcisco-pix-telnet connector to access Cisco PIX networking equipment via Telnet.
• Added scripted agtcisco-asa-ssh connector to access Cisco ASA networking equipment via SSH.
• Added scripted agtcisco-asa-telnet connector to access Cisco ASA networking equipment via Telnet.
• Added generic date format to LDAP Directory Service (agtldap) connector configuration.
• Added delete-all-values and move operations for existing attributes to LDAP Directory Service (agtl-
dap) connector.
• Added pwtruncate to the address configuation scripting options and giving users a chance to set the
minimum length for an accepted password for LDAP Directory Service (agtldap) connector.
• Added "obpasswordcreationdate" attribute to LDAP Directory Service (agtldap) connector.
7
Hitachi ID Connector Pack Release Notes
• Removed the mobproxy.linux-glibc-2.*.x64 binaries from the psunix linux distributions in the Connector
Pack. The Mobile Proxy Service (mobproxy) is available within IDMUnix from the Password Manager
servers as rpm installations.
• Added psunix support for AIX 7.1 systems (psunix-aix7.1.ppc64).
• Added NAME target system attribute for Mainframe connector targets to support setting or updating
full name.
• Enhanced ODBC (agtodbcscript and agtodbcscript-32) connectors to be able to accept ODBC con-
nection string via new parameters, ODBC Driver and ODBC connection string:
1. If "Driver" is empty, it assumes a DSN in Server.
2. If "Driver" is populated it assumes raw ODBC parameters.
• Improved address checking for PSL ANG script connectors (agtdos and agttelnet).
• Added target address configuration option to RADIUS Authentication (agtradius) connector to include
RADIUS attributes in authentication packets.
• Added a check to ensure there is some default text presented to the users when password authenti-
cation is skipped while using RADIUS.
• Added user filters to LDAP trigger (psldap) to allow certain users to trigger transparent password
synchronization.
3.1.8 Miscellaneous
• Removed listing of both regular users and managed accounts from Microsoft Office SharePoint Server
(agtshrpt) connector to avoid a potential issue causing duplicated accounts.
• Enhanced Lotus Domino Server (agtdmno) connector reset operation’s flexibility via using fail-idfile-
reset-error control.
• Enhanced Lotus Domino Server (agtdmno) connector to support multiple replication servers in ad-
dress line.
• Corrected PowerShell (agtps) connector to handle script files that do not contain the correct file ex-
tension.
• Modified PowerShell (agtps) connector to check script file validity for loadplatform.
• Fixed Lotus Domino Server (agtdmno) to properly list groups when groups have no owners.
• Corrected ServiceNow IT Service Management Suite (agtsvcnow) connector to properly update at-
tributes if its values contain spaces.
• Added validity checking for the config file path in address wizard for ServiceNow IT Service Manage-
ment Suite (agtsvcnow).
• ServiceNow IT Service Management Suite (agtsvcnow) connector now properly lists groups and group
members from custom groups.
3.2.3 E-mail/Groupware
• Fixed the Microsoft Exchange (agtexg2k7) connector to take into account the DomainController at-
tribute for create and update operations.
• Microsoft Exchange (agtexg2k7) connector now correctly parses X400 and X500 addresses for multi-
valued EmailAddresses profile attribute.
• Microsoft Exchange (agtexg2k7) connector now sets the delegated permissions on an Exchange
mailbox when creating the new mailbox.
• Modified Cisco Secure ACS TACACS+ (agtcisco-acs) connector to prevent concurrent resets on the
same account.
• Modified Cisco Secure ACS TACACS+ (agtcisco-acs) connector to include all attributes available in
server listing.
• Enhanced LDAP Directory Service (agtldap) by moving to winldap structure and deprecated the
cert8gen utility tool.
• Modified the return message for resetexpirepw on Active Directory DN (agtaddn) and Active Directory
(agtad) connectors to allow the operation to return success for AD accounts that have ‘Password never
expires’.
• Added Windows Server (agtnt) connector support for listing and notifying scheduled tasks for Windows
10.
• Modified psunix to have the ability to handle passwd, group and shadow-variant NIS files.
• Changed default TopSecret (agtts) and RACF (agtracf) connector attributes to be consistent with the
Main Frame Connector.
• Change Active Directory DN (agtaddn) connector to include multi-language support for configurations
settings.
• Changed the RACF telnet script to report verification failures when an active session prevents addi-
tional connections.
• Modified SSH script (agtssh) connector to correctly handle trim() function errors.
• Fixed an issue for RSA Authentication Manager 7.1/8.x (agtrsaam) to allow for the manage tokens
page to be accessible for the user’s token when multiple users have the same short ID.
• Added Unix LDAP trigger (psldap) support for Sun One Directory Server (Oracle DSEE).
• The Active Directory DN network resource connector (nrcifs) has been enhanced to allow the ma-
nipulation of group owners when NT4 group format is used.
• Added back the "sysID" and "syspassword" keys for all connectors and for backwards compatibility for
targets that support the system id and system password credentials.
PSLang connectors will also duplicate the values with the "sysid" and "syspw" keys for backwards
compatibility.
• The Active Directory connectors will return the group SID after the connector successfully performs a
create operation.
11
Connector Pack 3.1 5
• Added connector for SCIM: System for Cross-domain Identity Management (agtscim) application
servers.
• Added an official scripted connector for Juniper OS 9.x networking equipment (SSH).
• Added a scripted connector for Checkpoint NGX networking equipment (SSH).
• Added new connector called agtcisco-acs for Cisco Secure Access Control Server (TACACS+).
• Added two official scripted connectors for Cisco IOS networking equipment. The agtcisco-ios-ssh.con
script is associated with the SSH script connector (agtssh). The agtcisco-ios-telnet.con script is asso-
ciated with the Telnet script connector (agttelnet).
• Added two official scripted connectors for Fabric OS based devices. The agtfabricos-ssh.con script
is associated with the SSH script connector (agtssh). The agtfabricos-telnet.con script is associated
with the Telnet script connector (agttelnet).
• Added a scripted connector for Checkpoint NGX networking equipment (SSH). The agtckpt-ngfw.psl
script is associated with the SSH script connector (agtssh).
12
Hitachi ID Connector Pack Release Notes
• Removed valirad.exe and replacted it with a new connector for RADIUS authentication (agtradius).
• Added four new official scripted connectors to target the following flavors of UNIX:
– Linux (Ubuntu, RedHat, SUSE) (agtlinux.con)
– AIX (agtaix.con)
– HP-UX (agthpux.con)
– Solaris (agtsolaris.con)
• Added Hitachi ID Privileged Access Manager support for Twitter targets with an official scripted con-
nector (agttwitter) and platform type.
• Added support for official scripted connectors in loadplatform and to be able to load the connectors
that have either the .exe or .con extensions.
• Connector Pack 3.1 can no longer be installed for Hitachi ID Password Manager 6.4.9 or lower in-
stances.
• Changes have been made to loadplatform.exe in order to detect and report on target system template
differences.
• Added additional error codes for the verify operation for several connectors when a password fails to
be verified for different types of error conditions.
• Added support/handling for read-only domain controllers for the following connectors:
– Exchange (agtexg2k7)
– Active Directory DN (agtaddn)
– Network resource (nrcifs)
– WindowsNT compatible systems (agtnt)
• Added a Universal CRT check to the pre-installation check for the product setup to check for the
existance of the KB2999226 windows update hotfix and Visual C++ Runtime 2015 redistributable
pre-requisites.
• The Microsoft Visual C++ 2015 Redistributable (x64) as well as Microsoft Visual C++ 2015 Redis-
tributable (x86) will now be installed by the installer during the pre-installation check if it is not previ-
ously installed.
• Added support in loadplatform for setting the directory for loading agents.
• Binaries are now all dual signed with SHA-1 and SHA-256 signatures using the SHA-2 certificate.
• Modified the command line installation of the Connector Pack to no longer install the global connector
pack using the -instance parameter.
• SalesForce connector (agtsalesforce) now supports operations for public groups, permission sets and
roles.
• Added functionality to allow additional address attributes to be defined from a SQL script file.
• Enhanced platforminfo operation for SQL script based connectors to query data from the script.
• Enhanced SQL script connectors to support isuseringroup operation.
• Added custom operations support to SQL Application Connectors.
• Updated the listing groups operation to support a 4th column, for shortid, in SQL Application Connec-
tors. shortid is an optional field.
• Enhanced SQL script type connectors to be able to list group owner and group member even in case
group owner or group member is a group.
• Modified the Exchange connector (agtexg2k7) to be able to set the AcceptMessagesOnlyFrom at-
tribute to an empty value in order to clear the existing value and set it to all senders.
• Enhanced the performance of the list feature for Exchange connector (agtexg2k7).
• Modified the Exchange connector (agtexg2k7) to be able to configure the poll time. This connector
was also modified to allow the user to choose whether an error message in the log from the address
line for Exchange 2007+ should be displayed, if the new mailbox is not found within the time frame.
• Modified Microsoft Exchange connector (agtexg2k7) by adding attributes that allow "out of office"
information to be set.
• The GroupWise connector (agtgrpw) can perform several concurrent password resets without issue.
• Removed Exchange connector (agtexg2k7) support for verify/reset/lock operations.
• When Active Directory and Exchange servers are down, Exchange connector (agtexg2k7) can grace-
fully handle the situation.
• The Exchange connector (agtexg2k7), will incrementally list mailbox attributes when listOUs is speci-
fied.
• The Exchange connector (agtexg2k7), can now list by specified databases.
• Added support for Microsoft Exchange Server 2016 for the Exchange connector (agtexg2k7).
• Enhanced the connector for RSA Authentication Manager 7.1/8.x (agtrsaam) RSA Authentication
Manager 7.1/8.x to look up the server’s Token Policy for when the values for Generated PIN length
and Generated PIN character set are blank and when resetting the PIN for a user’s token to a random
value.
• Added support to be able to specify sub domains and optionally recursively for the Security Domains
for RSA Authentication Manager 7.1, 8.0, and 8.1.
• The tag names and variable lookups for RSA Authentication Manager token authentication have been
synchronized across the authentication agent, connector, and external question modules as well as
valiace.
• Added dual authentication ability, allowing a user’s login request to be handled by the duo app.
• The RSA Authentication Manager 5.x/6.x connector (agtace) as well as the psace service for both
Windows as well as UNIX distributions have been deprecated. This deprecates support for RSA Au-
thentication Manager 5.x/6.x.
• Modified Remedy Action Request System IT Service Manager connector (remedy-itsm) to create
users successfully by adding required attributes to the target system.
• Added a feature allowing the ServiceNow connector (svcnow) to target any custom table to manage
users and groups.
• Company name added to the list of attributes for HP Service Manager (agthpsm-ws) target system
type.
• Modified the connector for WindowsNT compatible systems(agtnt) to allow certain operations to be
run against domain controllers, including serverinfo, platforminfo, addressattrs, listresource and up-
dateresource.
• Added support for listing and enabling deleted users when the Active Directory recycle bin has been
activated.
• Added the ability to set the thumbnailPhoto attribute for Active Directory (agtad) and Active Directory
DN (agtaddn) connectors.
• Extended the serverinfo pslang function in psunix to provide version and information structure for
users to override the built-in operation with.
• Enhanced the TopSecret connector (agtts) to include network resource operations that permit access
to users on TopSecret resources.
• Added serverinfo operation support for the following connectors:
– TopSecret (agtts)
– ACF2 (agtacf2)
– RACF (agtracf)
• Enhanced Windows NT connector (agtnt) to use the bare KVG address line format.
• Added address tag listResourceDisable to Windows NT connector (agtnt) to disable specific resource
lists
• The Active Directory connector (agtad) now supports listing nested groups.
5.1.10 PSUnix
• Added scripted platform definition files to associate official scripted connectors with the SSH or Telnet
connector:
– agtaix.con
– agtchkpt-ngfw.con
– agtcisco-ios-ssh.con
– agtcisco-ios-telnet.con
– agtfabricos-ssh.con
– agtfabricos-telnet.con
– agthpux.con
– agtjunos9x.con
– agtlinux.con
– agtsolaris.con
– agttwitter.con
• Added addressattrs PSLang function to extend address wizard attributes for the following connectors:
– Secure Shell (agtssh)
– Telnet (agttelnet)
– Win32 Console Script (agtdos)
• Updated Windows Console Script (agtdos) sample files to extend the address wizard.
• Added platforminfo operation to dynamically determine operations from a script and list support for
the following connectors:
– Secure Shell (agtssh)
– Telnet (agttelnet)
– Win32 Console Script (agtdos)
• Added addressattrs functionality in order to allow the PowerShell script connector (agtps) to edit ad-
dress help wizard.
• Enhanced Powershell script connector (agtps) functionality to be able provide information regarding
the platform based on a script file.
• Added ArrayList support for multi-value attributes for the create and update operations of the Power-
shell Script connector (agtps).
• Added variable arguments support in expect statements for Secure Shell (agtssh) and Telnet (agttel-
net) connectors.
• The ability to trigger a custom function added to Python Script connector (agtpython).
• The Python Script connector (agtpython) can handle multiple groupuseradd operations.
• Modified the powershell script to add the ability to perform the verifyreset operation for the powershell
connector (agtps).
• Added support of network resource operations (nrcreate, nrdelete, nrupdate, nrmove) in the Python
connector (agtpython).
• Python connector (agtpython) can parse multivalued attributes in serverinfo and user accounts.
• Added addressattr python method support to extend address wizard attributes for the Python connec-
tor (agtpython).
• Enhanced platforminfo operation to query operations from a script and list support for Python connec-
tor (agtpython).
• Changes to Lotus Domino Server Script connector (agtgdmno) to properly handle fallback on verifyre-
set operation.
• Fixed an issue in Lotus Domino Server connector (agtdmno) to allow it to run batch file specified in
configuration file properly.
• Added a result check to the groupuseradd/delete operations for the Peoplesoft connector (agtpsft) so
failures can be detected and returned by connector for retry.
• Improved the error checking for the WebEx connector (agtwebex) to include a more descriptive error
message when resetting a password that includes a double quotation mark.
• Fixed an issue in Lotus Domino Server Script connector (agtgdmno) which was causing Notes client
to crash when listing.
• Modified a few of the connectors to allow for administrative credentials to not be specified for where
this is supported and will no longer show an "AdminID was unspecified but required" error when the
credentials are empty.
• Removed the discovery option to load group members that satisfy an expression since they are now
listed based on auto discovery options in the target system configuration.
• Fixed an issue with the installer to detect the Connector Pack properly.
• Modified connector pack setup to ensure all required library files are installed.
• Added a kvgroup parser error message for when the target address is incomplete and cannot be
parsed and no kvgroup tokens are found.
• Extended the serverinfo operation to odbc connectors (agtodbcscript and agtodbcscript-32).
• Scripted connectors can now load scripts from absolute and relative paths.
• Updated the list, verify and reset operations for the Success Factor (agtsf) connector to use the .net
3.5 binding mechanism.
• Fixed crash occurring for LDAP Directories connector (agtldap) when creating an account with a
required ldap server attribute not set.
• Fixed an issue with account requests to keep disabled accounts disabled after an account update
is made. Changed the default value of Active Directory attribute "accountDisabled", from "Set to
specified value" to "Copy from template" for the "Action when creating account" criterion. Changed the
default value of Active Directory attribute "accountDisabled", from "Set to specified value" to "None"
for the "Action when updating account" criterion.
• Corrected an issue to ensure that password reset on an HP-UX target with shadow enabled will only
modify the password attribute.
• Added semaphores to lock pamutil credentials on Unix when accessed concurrently.
• Added missing DLLs and NSS libraries to the connector pack MSI.
• Fixed an issue with SSH scripts for Unix-based targets to prevent infinite loops from occurring during
a failure case.
• Modified attributes for the following connectors, to be able to support multi-valued attributes:
– TopSecret (agtts)
– ACF2 (agtacf2)
– RACF (agtracf)
• Corrected an issue to ensure that network resource connectors can connect to resources configured
with an IP address in its UNC path/URL.
• Fixed operations for the network resource connector (nrcifs) for Active Directory DN (agtaddn) when
required to do multiple sddl string substitutions.
• Fixed the network resource connector (nrcifs), for Active Directory DN, to correctly identify group types
for non-domain servers, SANs or if there are firewalls.
• Fixed an internal issue for the Python Script connector (agtpython) that caused sqlite3 safety check to
fail.
• Python interface program (pxpython) can now parse multi value attribute types in request_attributes,
requester_attributes, recipient_attributes.
• Modified powershell connector (agtps) simple sample script to allow expected functionality when user
logs into the Front-end (PSF).
• Updated extlib to include putty 0.66 and support newest version of OpenSSH when using Secure
Shell connector (agtssh).
• Python Script connector (agtpython) can now properly call verify, reset, update operations in a target
system connector.
• Fixed an issue to ensure that the VMWare vSphere connector (agtvsphere) is upgraded properly when
upgrading the Connector Pack.
• The Webex (agtwebex) connector will list the users account status, enabled or disabled, during the
Auto discovery process.
• Enhanced the Amazon Web Services (agtaws) connector ’Test connection’ functionality by returning
an error when invalid credentials are given.
• Enhanced Lotus Domino Server (agtdmno) connector delete operation to allow for deletion of users
ID file from the ID vault.
• Added sample CSV source files, schema, and script files to the samples directory for the use of ODBC
as a CSV.
• Enhanced the Microsoft Office SharePoint Server (agtshrpt) connector to work with Sharepoint 2013.
• Added authentication type to Microsoft Office SharePoint Server (agtshrpt) connector.
• Added account attribute, and domain to Microsoft Office SharePoint Server (agtshrpt) connector so
that it can handle multiple domains.
• Enhanced the HDD key recovery of hard drive encryption systems to allow codes to have formatting
that can be customized.
• Enhanced Check Point (Pointsec) Endpoint Security (agtchkpt) connector to no longer require the
inclusion of the first response code for the challenge string.
• Added support for POSIX style groups to the LDAP directory service (agtldap) connector.
22
Hitachi ID Connector Pack Release Notes
• Enhanced the Active Directory DN (agtaddn) connector programs nrcifs and nrsmb in order to properly
present groups, in which a user is already a member, in the ’Request access to network resource’
page.
• The Mobile proxy service (mobproxy) binary for the Hitachi ID Mobile Access proxy server is now
available for the Linux distributions within psunix in the Connector Pack.
6.1.5 Script
• Added support for extra address line parameters in SSHD Host target (agtssh) connector.
• Updated SSHD Host target (agtssh) connector to use a new style address line format, with backwards
support for the old style format.
• Modified Microsoft Active Directory DN (agtaddn), Telnet (agttelnet), Microsoft Exchange (agtexg2k7),
PeopleSoft (agtps), and Tivoli Access Manager for Enterprise SSO (agttamsso) connectors to verify
certain address values are in KVGroup format.
• Updated Amazon Web Services (agtaws) connector to log a warning instead of an error when it is
unable to list the virtual instances.
• Fixed an issue to allow ePO server version to be retrieved properly in McAfee Endpoint Encryption
6.X (agtmcee6) serverinfo operation based on target system administrator permissions.
• Fixed CSV file connector (atgcsv) to handle relative paths correctly.
• Fixed labeling and added missing parameter field for the Google Apps (agtgapps) connector address
helper.
• Fixed Microsoft Office 365 (agtoffice365) connector error handling when DisplayName is left empty.
• Updated Microsoft SQL server (agtsql) connector to use the correct method calls instead of SQL
queries.
• Changed Exchange 2007+ server (agtexg2k7) connector to correct an unexpected error when the
session initialization fails.
• Changed Exchange 2007+ server (agtexg2k7) connector so that Hitachi ID Password Manager does
not copy distribution list membership from the template account, when creating accounts.
• Added listFlatGroups address line option to Active Directory DN (agtaddn) connector to allow the
ability to flatten memberships in nested groups, and groups as group managers.
• Verified ’CN request attribute value’ values are escaped during create account operation in the Active
Directory DN (agtaddn) connector.
• Fixed an issue in the Active Directory DN (agtaddn) connector move context operation for targets with
NT4 format.
• Fixed an issue with Active Directory DN (agtaddn) to properly escape CN attribute values.
• Fixed an error message in Active Directory DN (agtaddn) to better show that the error involves a bad
account name.
• Changed RACF (agtracf) connector to write attributes only if they are set to be listed.
• Fixed an issue with the Active Directory DN (agtaddn) connector nrcifs program to translate an account
from another domain into a samAccountName properly when requesting a DFS folder/share on a
different domain.
6.2.6 Script
• Fixed lock and unlock for the SSHD Host target (agtssh) connector to ensure that passwords are reset
successfully on AIX systems.
• Fixed the runcommand operation to work properly when the target credentials use an authorization
key with passphrase.
• Fixed an issue with the Tivoli Access Manager for Enterprise SSO (agttam) connector to allow for
multiple application server access behind a single URL.
6.2.8 Token
• Fixed an issue when targeting a Vasco IDENTIKEY Server (agtvasco) connector and specifying the
domain as an Active Directory user source.
• Added a connector for vSphere Hypervisor. Supported operations are list server info, List users,
password reset and verify.
• Google Applications connector updated to accommodate Google’s ending of support of their Google
Apps provisioning APIs.
• Increased performance of the Exchange connector (agtexg2k7) when retrieving group membership
information.
• The connector for McAfee Endpoint Encryption 6.x (agtmcee6) is now compatible with McAfee Drive
Encryption 7.x
26
Hitachi ID Connector Pack Release Notes
• Updated ServiceNow connectors (agtsvcnow and pxsvcnow) to send soap requests directly to Ser-
viceNow service (removed dependency from .NET)
• Enhanced ServiceNow connector (pxsvcnow) with the ability to perform search on any field from any
table in ServiceNow.
• The agtdos.exe and agtpython.exe connectors can execute parallel verify and reset operations.
• Added the create and delete operations for the agtvasco connector to be able to assign or unassign
Vasco tokens for a user.
The listunassigned utility is also now able to list unassigned Vasco tokens.
• Enhanced the error handling for the agtrsaam connector when an input kvgroup is passed in directly
from the command line.
• Changed the connectors to initiate a reset for verifyreset if the verify operation is not successful for
any reason.
• Fixed the CSV file connector (agtcsv) to perform the verify reset operation correctly.
• Changed the CSV file connector (agtcsv) to provide an error when data and configuration do not
match.
• Changed the SharePoint server connector (agtshrpt) to return an error when a group operation fails
and cannot be performed.
• Enhanced the Lotus Domino connector (agtdmno) to wrap any exceptions during API calls.
• Improved the nrupdate operation for the Lotus Domino connector (agtdmno).
• Enhanced the way that the membership file is populated by the PeopleSoft connectors.
• Corrected the PeopleSoft connector (agtpsft82) so that the verifyreset operation succeeds.
• Corrected SalesForce connector (agtsalesforce) to return clear error message on enable opera-
tion when enable failed due to license over limit
• Removed salesforce Alias attribute association to OTHER_NAME.
• Fixed credential leak in the logs for the Sybase connector (agtsybct) in the event that a reset failure
is encountered.
• Fixed issue with the Exchange connector (agtexg2k7) where pre-defined requests could not update
multiple permissions in a set operation.
• Corrected BMC SDE connectors to not do group listing needlessly after an update operation
• Fixed the NDS connector (agtnds) to return the correct status on groupuseradd and groupuserdelete
operations when a group does not exist or when a user is not a member of the group.
• Improved the Active Directory connector (agtad) logging to prevent excessive messages.
• Fixed potential agtad crash which could happen when listing domain objects
• Issue fixed in the Windows Server connector agtnt.exe when listing IIS service accounts.
• Fixed Active Directory DN connector (agtaddn) to lists all subdomains of the domain forest in a
serverinfo operation.
• Fixed issue so that reserved Windows accounts are filtered properly when listing subscribers with
agtnt.
• Fixed issue so that the listing results do not get truncated when targetting Novell e-directory with
agtldap.
• Fixed the LDAP connector (agtldap) to not crash on an update or create operation when a non-
existent account attribute is specified.
• Changed network resource connectors for SMB and CIFS to connect to paths on DFS shares.
• Fixed the SSH script connector (agtssh) so that it runs the list operation successfully on Solaris.
• Corrected issue so that the list operation on agtssh completes in a reasonable amount of time.
• Changed samples scripts for SSHD scripted connectors for verifyreset options.
• Changed Telnet connector to allow messages to be returned for multiple operations and include veri-
fyreset operation for the RACF sample.
• Changed the sample Cisco IOS SSHD script to reset a username with the correct password or secret.
• The PowerShell Script now supports network resource operations.
• Fixed an issue with the psace for SecurID when displaying the service name in the Windows Services
list.
• Improved the challenge response authentication for the Connector package agent module (agent.pss)
for authentication chains when blank values are specified.
• Fixed valiace.exe for token authentication to populate the values for the PIN requirements when
the token’s PIN has been cleared.
• Added ODBC script (agtodbcscript-32) connector and interface program pxodbc-32.exe for 32-bit sup-
port for ODBC data sources.
– agtpython
– agtora
– agtsql
– agtsybct
– agttelnet
– agtnt
– agtssh
• The serverinfo operation is now supported for Java-based connectors.
• The following connectors and interface programs have been upgraded to 64-bit versions:
31
Hitachi ID Connector Pack Release Notes
• Enhanced agentGetConnection() PSL ANG function so that it can be called by PSL ANG based con-
nectors.
• Added the ability to px* programs to populate all the server address data into $general and $targetData
variables.
• The following connectors have been deprecated, and will no longer be avaliable:
– agtex2k
– agtjdeow80-com
– agtolap
• Oracle Database (agtora) connector can now list, assign and remove privileges. These privileges are
considered groups.
• Support has been added for both Java JRE 1.7 32-bit and 1.8 32-bit for the RSA Authentication
Manager 7.1/8.x (agtrsaam) connectors.
• Windows NT Server (agtnt) connector now consolidates all subscriber types and groups into one
subscriber list file.
• Active Directory DN (agtaddn) connector can now exclude container objects from listing.
• Active Directory DN (agtaddn) connector will use the CN attribute when performing a rename opera-
tion.
• Active Directory DN (agtaddn) connector can list groups or computers from a group or a OU.
• Modified LDAP Attribute sample scripts to add the ability to unlock user accounts on Oracle Directory
Server via resetting a password.
• Scripted connectors can now use all the connector return codes.
• Added sample configuration script agtldap-pamldap.cfg for LDAP servers with authentication through
pluggable authentication modules.
• The PowerShell Script (agtps) connector now uses standard connector error codes.
• Added agtssh-cisco_ios.psl script for Cisco IOS support for SSHD and Telnet targets.
• Added sample script agtssh-chkpt-ngx.psl for Secure Shell (agtssh) connectors operations for Check
Point Embedded NGX based Devices.
• Added sample script agtssh-junos9x.psl for SSH support for Juniper JunOS devices.
• Implemented new %k:_hostID% replacement string to be accessible in exposing target ID in scripting
connectors.
• SiteMinder (agtsm) connector can now return only the directory of interest when listing accounts, and
more debugging was added to the siteminder binary.
• Prevented the Lotus Domino (agtdmno) connector from generating duplicate attributes.
• Google GData SDK version 2.2.0.0 is now automatically included during Google Apps (agtgapps)
installation.
• By default, a domain email is no longer required to create accounts on the Lync server.
• SAP (agtsap) connector now sets a role’s start date to the day that the account is created.
• Resolved an issue where file transmission between instance or proxy servers was mishandling sym-
bolic directory links.
• The nrcifs.exe binary will correctly handle the NT4 nameformat in HiGM.
• The nrsmb.exe and nrcifs.exe binaries will correctly handle invalid inputs.
• Microsoft SQL Server (agtsql) connector now unlock accounts during a password reset operation.
• Microsoft Exchange (agtexg2k7) connector now supports the built-in strategy to choose a mailbox
database.
• Microsoft Exchange (agtexg2k7) connector no longer supports the DistributionGroup attribute.
• Microsoft Exchange (agtexg2k7) connector now properly targets servers on different domains in a
trust setup and properly parse attributes.
• RSA Authentication Manager 7.1/8.x (agtrsaam) connector no longer displays a false error message
when enabling or disabling a user’s token from the Manage tokens page.
• RSA Authentication Manager 7.1/8.x (agtrsaam) connector can now be used with 64-bit Java installed.
• The valiace plug-in was previously installed with the Password Manager server and is now included
with the Connector Pack. The valiace plug-in will need to be manually copied from the connector
directory for the Connector Pack to the plug-in directory for the instance on the Password Manager
server.
• The format for the target system address for RSA Authentication Manager 7.1/8.x has been modified.
The agtrsaam.properties and agtrsaam.jvmconfig files are no longer used and the fields that were
previously specified in these files are now set directly on the target address line. Upgrading from a
previous Connector Pack to Connector Pack 3.0 will require that the RSA Authentication Manager
7.1/8.x target system address lines be modified for the updated format.
Resolved an issue when listing from an RSA Authentication Manager 7.1/8.x target when there are
users whose names or user IDs contain UTF-8 characters.
• Check Point (agtchkpt) connector now uses the account ID when generating the Helper ID data.
• Remedy Action Request System IT Service Manager (agtrem-itsm) connector is now compatible with
newer ARS ITSM.
• TopSecret (agtts) and ACF2 (agtacf2) connectors now trims multi-value attributes and correct attribute
output formatting.
• Active Directory DN (agtaddn) connector will correctly list and authenticate users when a parent do-
main is targeted with a OU list from a child domain.
8.2.10 PSUnix
• SSHD Host target system connector now supports sudo command for AIX targets. The default shell
used is bash and can be modified.
• When a password reset fails, verifyreset operation will fallback to a reset operation if neither verify, nor
adminverify are not supported.
• Microsoft SQL (agtsqlscript) and Oracle (agtorascript) script connectors now support listcomputer,
listsubscriber, and updatesubscriber operations.
• For PowerShell Script (agtps) connector, updated agtps-nt.ps1 sample script to include groups without
descriptions during listing.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com