CP Release Notes

Hitachi ID Connector Pack 3.1.
Release Notes
Software revision: 3.1.4

Document revision: 6484
Last changed: Sunday 23rd April, 2017
© 2017 Hitachi ID Systems, Inc. All rights reserved.

Contents
1 Connector Pack 3.1.4 3

2.1 Features and Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 Application servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.2 Database systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.3 E-mail/Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.4 Networking devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.5 Network operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.6 Network resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.7 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.1.2 E-mail/Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1.3 Networking Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1.5 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.6 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.7 Transparent password synchronization triggers . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.8 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
i
Connector Pack Release Notes
3.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2.2 Help desk systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2.3 E-mail/Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2.4 Networking devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.6 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.7 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.8 Transparent password synchronization triggers . . . . . . . . . . . . . . . . . . . . . . . . 10

4.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5 Connector Pack 3.1 12

5.1.1 New connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.1.3 Connector operations and behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5.1.4 Customer relationship management systems . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.1.6 E-mail / Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1.7 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1.8 Help desk and IT service management systems . . . . . . . . . . . . . . . . . . . . . . . 16
5.1.10 PSUnix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.1.11 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.1.12 Virtualization Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.2.3 Customer relationship management systems . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.2.4 Human resource management systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20


5.2.6 Network resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2.7 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2.8 Virtualization Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

6.1.3 Hard drive encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.1.5 Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.2.1 Miscellaneous fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.2.4 E-mail systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2.6 Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2.7 Single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2.8 Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

7.1.1 New connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.1.4 E-mail / Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.1.5 Hard drive encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.1.8 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
7.1.9 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

7.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

7.2.1 Miscellaneous fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.2.3 Customer relationship management system software . . . . . . . . . . . . . . . . . . . . 28
7.2.5 E-mail / Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.2.7 Human resource management systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.2.9 Network resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.2.10 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
7.2.11 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
8 Connector Pack 3.0 31

8.1.1 New connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1.5 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.7 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1.8 Single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.2.4 E-mail / Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.2.5 Hardware tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.2.6 Hard drive Encryption Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.2.8 Installation and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35


8.2.10 PSUnix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.2.11 Script systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.2.12 Single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Hitachi ID Connector Pack Release Notes
Conventions
This document uses the following conventions:
This information . . . displayed in . . .

Variable text (substituted for your own text) <angle brackets>
Non-text keystrokes – for example, [Enter] key on a keyboard. [brackets]
Terms unique to Hitachi ID Identity and Access Management italics
Suite
Button names, text fields, and menu items boldface
Web pages (names) italics and boldface
Literal text, as typed into configuration files, batch files, monospace font
command prompts, and data entry fields
Wrapped lines of literal text (indicated by the → character) Write this string as a
→single line of text.
Hypertext links – click the link to jump to a section in this Purple text
document or a web site
External document – click the link to jump to a section in another Magenta text
document. The links only work if the documents are kept in the
relative directory path.
© 2017 Hitachi ID Systems, Inc. All rights reserved. 1

DISCLAIMER!: The following is a list of features and enhancements made to Connector

Pack for the Connector Pack 3.1.4 release.
Although every effort has been made to ensure the accuracy of these
release notes, they may contain minor errors or omissions.

Connector Pack 3.1.4 1
• An upgrade to Python 3.5.3 is now required for product installation.
Python 3.5.3 is required by agtpython and pxpython.
• Fixed an issue to populate account attribute, displayName, properly when creating account on AD
target system.
• Deprecated support for Solaris 9 for the solaris9.sparc64 psunix distribution.
3
2.1 Features and Improvements
2.1.1 Application servers
• The Hitachi ID Management Suite connector (agtidm) now lists instance servers.
• Added ‘serverinfo’ operation to the Hitachi ID Management Suite connector (agtidm).
• The SAP connector (agtsap) now has different password reset methods for making a password pro-
ductive on reset. These options are:
– Log the user in
– Set the LTIME field
– Use the SUSR_USER_CHANGE_PASSWORD_RFC procedure
– Set PRODUCTIVE_PWD flag in BAPI_USER_CHANGE
– Do not make the password productive
2.1.2 Miscellaneous
• Removed the ‘Patch’ option from the setup page for minor release connector pack upgrades and
replaced it with ‘Upgrade’.
4
2.2 Resolved Issues
• Fixed so that LDAP users with no passwords will return an appropriate error code. Also fixed the
‘verifyreset’ operation to successfully reset passwords.
• Allow support for creating users for SAP version 7.3 by setting the appropriate attributes during create.
• Added pxrem support for Remedy 8.1 and 9.1 servers.
• Modified the Cisco Unified Communication Manager connector (agtcucm) to list both the Jabber de-
vice name and device profile name attributes at the same time.
• Corrected issue so that attribute values that contain the ‘&’ character do not get truncated for the Cisco
Unified Communication Manager connector (agtcucm).
2.2.2 Database systems
• Corrected issue so that the Sybase Database connector (agtsybctscript) can properly handle scripts.
2.2.3 E-mail/Groupware
• Changed the Exchange connector (agtexg2k7) to cleanup Power Shell sessions.

• Changed the Exchange connector (agtexg2k7) to allow ‘move contexts’ to change a mailbox’s database.
• Change made to the Exchange connector (agtexg2k7) to use the ‘domaincontroller’ attribute when
available in operations.
2.2.4 Networking devices
• Corrected issue so that multi-level enable passwords are reset successfully on Cisco IOS (agtcisco-
ios).
• Changed the behavior of the Cisco IOS networking equipment (Telnet) connector to log out after a
successful login for the verify operation.
• Modified Cisco ACS connector (agtcisco-acs) to not copy ‘dateExceeds’ account attribute from tem-
plate as this prevents accounts from being created successfully.
2.2.5 Network operating systems
• Modified Active Directory connector (agtad) to allow escaping hash characters to list group and OU
names with hashes using group/OU files.

• Fixed Active Directory DN connector (agtaddn) to return the expired status when an account is man-
ually expired from the target.
2.2.6 Network resource
• Fixed nrcifs and nrsmb to correctly handle creating and deleting folders.
2.2.7 Script systems
• Re-added the ‘Other settings’ address option for the Power Shell connector (agtps).

• Added BlackBerry Enterprise Web Service (agtbes10) connector to list users, manage accounts, man-
age passwords and administrator credentials on BlackBerry Enterprise Server version 10.0.
• Added a read/read-write file access address option to CSV File Connector Service (agtcsv) connector
to target and list from read-only CSV files and folders.
• Added the ability to set the out-of-office attribute for Microsoft Exchange (agtexg2k7) connector.
3.1.3 Networking Devices
• Added information to serverinfo operation for Cisco Device targets to reindicate the remote authenti-
cating servers.
• Added scripted agtcisco-pix-ssh connector to access Cisco PIX networking equipment via SSH.
• Added scripted agtcisco-pix-telnet connector to access Cisco PIX networking equipment via Telnet.
• Added scripted agtcisco-asa-ssh connector to access Cisco ASA networking equipment via SSH.
• Added scripted agtcisco-asa-telnet connector to access Cisco ASA networking equipment via Telnet.
• Added generic date format to LDAP Directory Service (agtldap) connector configuration.
• Added delete-all-values and move operations for existing attributes to LDAP Directory Service (agtl-
dap) connector.
• Added pwtruncate to the address configuation scripting options and giving users a chance to set the
minimum length for an accepted password for LDAP Directory Service (agtldap) connector.
• Added "obpasswordcreationdate" attribute to LDAP Directory Service (agtldap) connector.
7
• Added longidNormalizeCase and groupidNormalizeCase configuration options to allow conversion of

long and group DN to lowercase for LDAP Directory Service (agtldap) connector.
• Removed the mobproxy.linux-glibc-2.*.x64 binaries from the psunix linux distributions in the Connector
Pack. The Mobile Proxy Service (mobproxy) is available within IDMUnix from the Password Manager
servers as rpm installations.
• Added psunix support for AIX 7.1 systems (psunix-aix7.1.ppc64).
• Added NAME target system attribute for Mainframe connector targets to support setting or updating
full name.
• Enhanced ODBC (agtodbcscript and agtodbcscript-32) connectors to be able to accept ODBC con-
nection string via new parameters, ODBC Driver and ODBC connection string:
1. If "Driver" is empty, it assumes a DSN in Server.
2. If "Driver" is populated it assumes raw ODBC parameters.
• Improved address checking for PSL ANG script connectors (agtdos and agttelnet).
3.1.6 Hardware tokens
• Added target address configuration option to RADIUS Authentication (agtradius) connector to include
RADIUS attributes in authentication packets.
• Added a check to ensure there is some default text presented to the users when password authenti-
cation is skipped while using RADIUS.
3.1.7 Transparent password synchronization triggers
• Added user filters to LDAP trigger (psldap) to allow certain users to trigger transparent password
synchronization.
3.1.8 Miscellaneous
• Added _acctSID and _acctSAM attributes to nrcifs and nrsmb.

3.2 Resolved Issues
• Removed listing of both regular users and managed accounts from Microsoft Office SharePoint Server
(agtshrpt) connector to avoid a potential issue causing duplicated accounts.
• Added account attribute AutomaticChange to SharePoint type target system.

• The CSV File (agtcsv) connector has been modified to no longer list records when invalid characters
have been detected and will now only indicate a warning in the log.
• Modified CSV File (agtcsv) connector to allow listing from empty CSV files during auto discovery.
• Enhanced Lotus Domino Server (agtdmno) connector reset operation’s flexibility via using fail-idfile-
reset-error control.
• Enhanced Lotus Domino Server (agtdmno) connector to support multiple replication servers in ad-
dress line.
• Corrected PowerShell (agtps) connector to handle script files that do not contain the correct file ex-
tension.
• Modified PowerShell (agtps) connector to check script file validity for loadplatform.
• Fixed Lotus Domino Server (agtdmno) to properly list groups when groups have no owners.
3.2.2 Help desk systems
• Corrected ServiceNow IT Service Management Suite (agtsvcnow) connector to properly update at-
tributes if its values contain spaces.
• Added validity checking for the config file path in address wizard for ServiceNow IT Service Manage-
ment Suite (agtsvcnow).
• ServiceNow IT Service Management Suite (agtsvcnow) connector now properly lists groups and group
members from custom groups.
• Fixed the Microsoft Exchange (agtexg2k7) connector to take into account the DomainController at-
tribute for create and update operations.
• Microsoft Exchange (agtexg2k7) connector now correctly parses X400 and X500 addresses for multi-
valued EmailAddresses profile attribute.
• Microsoft Exchange (agtexg2k7) connector now sets the delegated permissions on an Exchange
mailbox when creating the new mailbox.

3.2.4 Networking devices
• Modified Cisco Secure ACS TACACS+ (agtcisco-acs) connector to prevent concurrent resets on the
same account.
• Modified Cisco Secure ACS TACACS+ (agtcisco-acs) connector to include all attributes available in
server listing.
• Enhanced LDAP Directory Service (agtldap) by moving to winldap structure and deprecated the
cert8gen utility tool.
• Modified the return message for resetexpirepw on Active Directory DN (agtaddn) and Active Directory
(agtad) connectors to allow the operation to return success for AD accounts that have ‘Password never
expires’.
• Added Windows Server (agtnt) connector support for listing and notifying scheduled tasks for Windows
10.
• Modified psunix to have the ability to handle passwd, group and shadow-variant NIS files.
• Changed default TopSecret (agtts) and RACF (agtracf) connector attributes to be consistent with the
Main Frame Connector.
• Change Active Directory DN (agtaddn) connector to include multi-language support for configurations
settings.
• Changed the RACF telnet script to report verification failures when an active session prevents addi-
tional connections.
• Modified SSH script (agtssh) connector to correctly handle trim() function errors.
• Fixed an issue for RSA Authentication Manager 7.1/8.x (agtrsaam) to allow for the manage tokens
page to be accessible for the user’s token when multiple users have the same short ID.
3.2.8 Transparent password synchronization triggers
• Added Unix LDAP trigger (psldap) support for Sun One Directory Server (Oracle DSEE).

• The Active Directory DN network resource connector (nrcifs) has been enhanced to allow the ma-
nipulation of group owners when NT4 group format is used.
4.2 Resolved Issues
• Added back the "sysID" and "syspassword" keys for all connectors and for backwards compatibility for
targets that support the system id and system password credentials.
PSLang connectors will also duplicate the values with the "sysid" and "syspw" keys for backwards
compatibility.
• The Active Directory connectors will return the group SID after the connector successfully performs a
create operation.
11
Connector Pack 3.1 5
5.1.1 New connectors
5.1.1.1 Application servers
• Added connector for Cisco Unity Connection (agtcuc).

• Added connector for Cisco Unified Communication Manager (agtcucm).
• Added connector for SCIM: System for Cross-domain Identity Management (agtscim) application
servers.
5.1.1.2 Networking devices
• Added an official scripted connector for Juniper OS 9.x networking equipment (SSH).
• Added a scripted connector for Checkpoint NGX networking equipment (SSH).
• Added new connector called agtcisco-acs for Cisco Secure Access Control Server (TACACS+).
• Added two official scripted connectors for Cisco IOS networking equipment. The agtcisco-ios-ssh.con
script is associated with the SSH script connector (agtssh). The agtcisco-ios-telnet.con script is asso-
ciated with the Telnet script connector (agttelnet).
• Added two official scripted connectors for Fabric OS based devices. The agtfabricos-ssh.con script
is associated with the SSH script connector (agtssh). The agtfabricos-telnet.con script is associated
with the Telnet script connector (agttelnet).
• Added a scripted connector for Checkpoint NGX networking equipment (SSH). The agtckpt-ngfw.psl
script is associated with the SSH script connector (agtssh).
5.1.1.3 Single sign-on
• Added connector for Imprivata OneSign (agtimprivata) servers.
12
5.1.1.4 Hardware tokens
• Removed valirad.exe and replacted it with a new connector for RADIUS authentication (agtradius).
5.1.1.5 Database systems
• Added connector support for SQLite database (agtsqlite).
5.1.1.6 Network operating systems
• Added four new official scripted connectors to target the following flavors of UNIX:
– Linux (Ubuntu, RedHat, SUSE) (agtlinux.con)
– AIX (agtaix.con)
– HP-UX (agthpux.con)
– Solaris (agtsolaris.con)
5.1.1.7 Social media systems
• Added Hitachi ID Privileged Access Manager support for Twitter targets with an official scripted con-
nector (agttwitter) and platform type.
• Extended the serverinfo operation to odbc connectors.

• Modified Microsoft Office SharePoint Server connector (agtshrpt) to support the management of
SharePoint service accounts.
• Enhanced Lotus Domino Server connectors (agtdmno and agtgdmno) by adding the following pseudo-
attributes:
– _FullNameAppend
– _IDFileLocation
– _DeleteAdminP
– _DenyAccessGroup
5.1.3 Connector operations and behavior
• Added support for official scripted connectors in loadplatform and to be able to load the connectors
that have either the .exe or .con extensions.

• Enhanced loadplatform to be able to identify and load scripted platform types.

• Modified address input method by removing ability to manually enter addresses, and forcing the use
of the address wizard.
• Discovery templates are now loadable from configuration (.cfg) files by loadplatform.
• Added the "Groups whose membership will be listed" option to the auto discovery section for target
system information. The target system information option "Automatically manage groups" can only be
set to "Only groups with owners, moderated by owners" on targets that support moderated groups.
• Modified loadplatform to load connectors from the 64-bit connnector pack by default instead of the
32-bit connector pack.
• Added a KVGroup parser error message for when the target system address is incomplete and cannot
be parsed and no kvgroup tokens are found.
• Connector Pack 3.1 can no longer be installed for Hitachi ID Password Manager 6.4.9 or lower in-
stances.
• Changes have been made to loadplatform.exe in order to detect and report on target system template
differences.
• Added additional error codes for the verify operation for several connectors when a password fails to
be verified for different types of error conditions.
• Added support/handling for read-only domain controllers for the following connectors:
– Exchange (agtexg2k7)
– Active Directory DN (agtaddn)
– Network resource (nrcifs)
– WindowsNT compatible systems (agtnt)
• Added a Universal CRT check to the pre-installation check for the product setup to check for the
existance of the KB2999226 windows update hotfix and Visual C++ Runtime 2015 redistributable
pre-requisites.
• The Microsoft Visual C++ 2015 Redistributable (x64) as well as Microsoft Visual C++ 2015 Redis-
tributable (x86) will now be installed by the installer during the pre-installation check if it is not previ-
ously installed.
• Added support in loadplatform for setting the directory for loading agents.
• Binaries are now all dual signed with SHA-1 and SHA-256 signatures using the SHA-2 certificate.
• Modified the command line installation of the Connector Pack to no longer install the global connector
pack using the -instance parameter.
5.1.4 Customer relationship management systems
• SalesForce connector (agtsalesforce) now supports operations for public groups, permission sets and
roles.

• Added functionality to allow additional address attributes to be defined from a SQL script file.
• Enhanced platforminfo operation for SQL script based connectors to query data from the script.
• Enhanced SQL script connectors to support isuseringroup operation.
• Added custom operations support to SQL Application Connectors.
• Updated the listing groups operation to support a 4th column, for shortid, in SQL Application Connec-
tors. shortid is an optional field.
• Enhanced SQL script type connectors to be able to list group owner and group member even in case
group owner or group member is a group.
5.1.6 E-mail / Groupware
• Modified the Exchange connector (agtexg2k7) to be able to set the AcceptMessagesOnlyFrom at-
tribute to an empty value in order to clear the existing value and set it to all senders.
• Enhanced the performance of the list feature for Exchange connector (agtexg2k7).
• Modified the Exchange connector (agtexg2k7) to be able to configure the poll time. This connector
was also modified to allow the user to choose whether an error message in the log from the address
line for Exchange 2007+ should be displayed, if the new mailbox is not found within the time frame.
• Modified Microsoft Exchange connector (agtexg2k7) by adding attributes that allow "out of office"
information to be set.
• The GroupWise connector (agtgrpw) can perform several concurrent password resets without issue.
• Removed Exchange connector (agtexg2k7) support for verify/reset/lock operations.
• When Active Directory and Exchange servers are down, Exchange connector (agtexg2k7) can grace-
fully handle the situation.
• The Exchange connector (agtexg2k7), will incrementally list mailbox attributes when listOUs is speci-
fied.
• The Exchange connector (agtexg2k7), can now list by specified databases.
• Added support for Microsoft Exchange Server 2016 for the Exchange connector (agtexg2k7).
• Enhanced the connector for RSA Authentication Manager 7.1/8.x (agtrsaam) RSA Authentication
Manager 7.1/8.x to look up the server’s Token Policy for when the values for Generated PIN length
and Generated PIN character set are blank and when resetting the PIN for a user’s token to a random
value.
• Added support to be able to specify sub domains and optionally recursively for the Security Domains
for RSA Authentication Manager 7.1, 8.0, and 8.1.

• The tag names and variable lookups for RSA Authentication Manager token authentication have been
synchronized across the authentication agent, connector, and external question modules as well as
valiace.
• Added dual authentication ability, allowing a user’s login request to be handled by the duo app.
• The RSA Authentication Manager 5.x/6.x connector (agtace) as well as the psace service for both
Windows as well as UNIX distributions have been deprecated. This deprecates support for RSA Au-
thentication Manager 5.x/6.x.
5.1.8 Help desk and IT service management systems
• Modified Remedy Action Request System IT Service Manager connector (remedy-itsm) to create
users successfully by adding required attributes to the target system.
• Added a feature allowing the ServiceNow connector (svcnow) to target any custom table to manage
users and groups.
• Company name added to the list of attributes for HP Service Manager (agthpsm-ws) target system
type.
• Modified the connector for WindowsNT compatible systems(agtnt) to allow certain operations to be
run against domain controllers, including serverinfo, platforminfo, addressattrs, listresource and up-
dateresource.
• Added support for listing and enabling deleted users when the Active Directory recycle bin has been
activated.
• Added the ability to set the thumbnailPhoto attribute for Active Directory (agtad) and Active Directory
DN (agtaddn) connectors.
• Extended the serverinfo pslang function in psunix to provide version and information structure for
users to override the built-in operation with.
• Enhanced the TopSecret connector (agtts) to include network resource operations that permit access
to users on TopSecret resources.
• Added serverinfo operation support for the following connectors:
– TopSecret (agtts)
– ACF2 (agtacf2)
– RACF (agtracf)
• Enhanced Windows NT connector (agtnt) to use the bare KVG address line format.
• Added address tag listResourceDisable to Windows NT connector (agtnt) to disable specific resource
lists
• The Active Directory connector (agtad) now supports listing nested groups.

• Deprecated support for the sunldap UNIX transparent synchronization trigger.

• Added missing dlls and nss libraries to the connector pack MSI.
• Added the ability to list managers when a manager is assigned for the LDAP Directories connector
(agtldap).
• Added support for move and copy operations to per/pre/post operations in LDAP script.
• The Active Directory DN connector (agtaddn) can list group names in NT4 or DN format.
• Modified the following plugins and utilities to support Active Directory DN connector (agtaddn):
– dcdiscovery.exe
– dcselect.exe
– w2kranddc.exe
– listadresources
– loadalias
• Modified the movecontext operation in Active Directory DN connector (agtaddn) to have the ability to
move users across domains.
5.1.10 PSUnix
• Deprecated the following platforms:

– aix5.3.ppc
– aix6.1.ppc
– hpux11iv1.hppa
– hpux11iv23.hppa
– hpux11iv23.ia32
– linux-glibc-2.3.x86
– solaris11.sparc
– solaris10.sparc
– solaris9.sparc
• Support for AIX 7.1 (psunix-aix7.1.ppc64) will not be included for Connector Pack 3.1.0.
• Added scripted platform definition files to associate official scripted connectors with the SSH or Telnet
connector:
– agtaix.con

– agtchkpt-ngfw.con
– agtcisco-ios-ssh.con
– agtcisco-ios-telnet.con
– agtfabricos-ssh.con
– agtfabricos-telnet.con
– agthpux.con
– agtjunos9x.con
– agtlinux.con
– agtsolaris.con
– agttwitter.con
• Added addressattrs PSLang function to extend address wizard attributes for the following connectors:
– Secure Shell (agtssh)
– Telnet (agttelnet)
– Win32 Console Script (agtdos)
• Updated Windows Console Script (agtdos) sample files to extend the address wizard.
• Added platforminfo operation to dynamically determine operations from a script and list support for
the following connectors:
– Win32 Console Script (agtdos)
• Added addressattrs functionality in order to allow the PowerShell script connector (agtps) to edit ad-
dress help wizard.
• Enhanced Powershell script connector (agtps) functionality to be able provide information regarding
the platform based on a script file.
• Added ArrayList support for multi-value attributes for the create and update operations of the Power-
shell Script connector (agtps).
• Added variable arguments support in expect statements for Secure Shell (agtssh) and Telnet (agttel-
net) connectors.
• The ability to trigger a custom function added to Python Script connector (agtpython).
• The Python Script connector (agtpython) can handle multiple groupuseradd operations.
• Modified the powershell script to add the ability to perform the verifyreset operation for the powershell
connector (agtps).
• Added support of network resource operations (nrcreate, nrdelete, nrupdate, nrmove) in the Python
connector (agtpython).
• Python connector (agtpython) can parse multivalued attributes in serverinfo and user accounts.
• The Python connector (agtpython) supports the nested group operations.

• Added default discovery templates CISCO_IOS_SSH_TEMPLATE and CISCO_IOS_TELNET_TEMPLATE

for discovering Cisco IOS networking equipment using SSH and Telnet.
• Added addressattr python method support to extend address wizard attributes for the Python connec-
tor (agtpython).
• Enhanced platforminfo operation to query operations from a script and list support for Python connec-
tor (agtpython).
• Modified the following PSLang-based connectors to be able to support nested groups:

– Windows Console Script (agtdos)
5.1.12 Virtualization Platforms
• Added pseudo attribute to refer to VM ancestry chain.
5.2 Resolved Issues
• Changes to Lotus Domino Server Script connector (agtgdmno) to properly handle fallback on verifyre-
set operation.
• Fixed an issue in Lotus Domino Server connector (agtdmno) to allow it to run batch file specified in
configuration file properly.
• Added a result check to the groupuseradd/delete operations for the Peoplesoft connector (agtpsft) so
failures can be detected and returned by connector for retry.
• Improved the error checking for the WebEx connector (agtwebex) to include a more descriptive error
message when resetting a password that includes a double quotation mark.
• Fixed an issue in Lotus Domino Server Script connector (agtgdmno) which was causing Notes client
to crash when listing.
• Modified a few of the connectors to allow for administrative credentials to not be specified for where
this is supported and will no longer show an "AdminID was unspecified but required" error when the
credentials are empty.
• Removed the discovery option to load group members that satisfy an expression since they are now
listed based on auto discovery options in the target system configuration.

• Fixed an issue with the installer to detect the Connector Pack properly.
• Modified connector pack setup to ensure all required library files are installed.
• Added a kvgroup parser error message for when the target address is incomplete and cannot be
parsed and no kvgroup tokens are found.
• Extended the serverinfo operation to odbc connectors (agtodbcscript and agtodbcscript-32).
• Scripted connectors can now load scripts from absolute and relative paths.
5.2.3 Customer relationship management systems
• Fixed SalesForce connector (agtsalesforce) to retrieve attributes in human readable format.
5.2.4 Human resource management systems
• Updated the list, verify and reset operations for the Success Factor (agtsf) connector to use the .net
3.5 binding mechanism.
• Fixed crash occurring for LDAP Directories connector (agtldap) when creating an account with a
required ldap server attribute not set.
• Fixed an issue with account requests to keep disabled accounts disabled after an account update
is made. Changed the default value of Active Directory attribute "accountDisabled", from "Set to
specified value" to "Copy from template" for the "Action when creating account" criterion. Changed the
default value of Active Directory attribute "accountDisabled", from "Set to specified value" to "None"
for the "Action when updating account" criterion.
• Corrected an issue to ensure that password reset on an HP-UX target with shadow enabled will only
modify the password attribute.
• Added semaphores to lock pamutil credentials on Unix when accessed concurrently.
• Added missing DLLs and NSS libraries to the connector pack MSI.
• Fixed an issue with SSH scripts for Unix-based targets to prevent infinite loops from occurring during
a failure case.
• Modified attributes for the following connectors, to be able to support multi-valued attributes:
– TopSecret (agtts)
– ACF2 (agtacf2)
– RACF (agtracf)

5.2.6 Network resources
• Corrected an issue to ensure that network resource connectors can connect to resources configured
with an IP address in its UNC path/URL.
• Fixed operations for the network resource connector (nrcifs) for Active Directory DN (agtaddn) when
required to do multiple sddl string substitutions.
• Fixed the network resource connector (nrcifs), for Active Directory DN, to correctly identify group types
for non-domain servers, SANs or if there are firewalls.
• Fixed an internal issue for the Python Script connector (agtpython) that caused sqlite3 safety check to
fail.
• Python interface program (pxpython) can now parse multi value attribute types in request_attributes,
requester_attributes, recipient_attributes.
• Modified powershell connector (agtps) simple sample script to allow expected functionality when user
logs into the Front-end (PSF).
• Updated extlib to include putty 0.66 and support newest version of OpenSSH when using Secure
Shell connector (agtssh).
• Python Script connector (agtpython) can now properly call verify, reset, update operations in a target
system connector.
5.2.8 Virtualization Platforms
• Fixed an issue to ensure that the VMWare vSphere connector (agtvsphere) is upgraded properly when
upgrading the Connector Pack.

• The Webex (agtwebex) connector will list the users account status, enabled or disabled, during the
Auto discovery process.
• Enhanced the Amazon Web Services (agtaws) connector ’Test connection’ functionality by returning
an error when invalid credentials are given.
• Enhanced Lotus Domino Server (agtdmno) connector delete operation to allow for deletion of users
ID file from the ID vault.
• Added sample CSV source files, schema, and script files to the samples directory for the use of ODBC
as a CSV.
• Enhanced the Microsoft Office SharePoint Server (agtshrpt) connector to work with Sharepoint 2013.
• Added authentication type to Microsoft Office SharePoint Server (agtshrpt) connector.
• Added account attribute, and domain to Microsoft Office SharePoint Server (agtshrpt) connector so
that it can handle multiple domains.
• Added SAP Sybase IQ support to Sybase Database (agtsybct/agtsybctscript) connectors.
6.1.3 Hard drive encryption
• Enhanced the HDD key recovery of hard drive encryption systems to allow codes to have formatting
that can be customized.
• Enhanced Check Point (Pointsec) Endpoint Security (agtchkpt) connector to no longer require the
inclusion of the first response code for the challenge string.
• Added support for POSIX style groups to the LDAP directory service (agtldap) connector.
22
• Enhanced the Active Directory DN (agtaddn) connector programs nrcifs and nrsmb in order to properly
present groups, in which a user is already a member, in the ’Request access to network resource’
page.
• The Mobile proxy service (mobproxy) binary for the Hitachi ID Mobile Access proxy server is now
available for the Linux distributions within psunix in the Connector Pack.
6.1.5 Script
• Added support for extra address line parameters in SSHD Host target (agtssh) connector.
• Updated SSHD Host target (agtssh) connector to use a new style address line format, with backwards
support for the old style format.
• Modified Microsoft Active Directory DN (agtaddn), Telnet (agttelnet), Microsoft Exchange (agtexg2k7),
PeopleSoft (agtps), and Tivoli Access Manager for Enterprise SSO (agttamsso) connectors to verify
certain address values are in KVGroup format.
6.2 Resolved Issues
6.2.1 Miscellaneous fixes
• Fixed connector failure to trigger from the CGI.
• Updated Amazon Web Services (agtaws) connector to log a warning instead of an error when it is
unable to list the virtual instances.
• Fixed an issue to allow ePO server version to be retrieved properly in McAfee Endpoint Encryption
6.X (agtmcee6) serverinfo operation based on target system administrator permissions.
• Fixed CSV file connector (atgcsv) to handle relative paths correctly.
• Fixed labeling and added missing parameter field for the Google Apps (agtgapps) connector address
helper.
• Fixed Microsoft Office 365 (agtoffice365) connector error handling when DisplayName is left empty.
• Updated Microsoft SQL server (agtsql) connector to use the correct method calls instead of SQL
queries.

6.2.4 E-mail systems
• Changed Exchange 2007+ server (agtexg2k7) connector to correct an unexpected error when the
session initialization fails.
• Changed Exchange 2007+ server (agtexg2k7) connector so that Hitachi ID Password Manager does
not copy distribution list membership from the template account, when creating accounts.
• Added listFlatGroups address line option to Active Directory DN (agtaddn) connector to allow the
ability to flatten memberships in nested groups, and groups as group managers.
• Verified ’CN request attribute value’ values are escaped during create account operation in the Active
Directory DN (agtaddn) connector.
• Fixed an issue in the Active Directory DN (agtaddn) connector move context operation for targets with
NT4 format.
• Fixed an issue with Active Directory DN (agtaddn) to properly escape CN attribute values.
• Fixed an error message in Active Directory DN (agtaddn) to better show that the error involves a bad
account name.
• Changed RACF (agtracf) connector to write attributes only if they are set to be listed.
• Fixed an issue with the Active Directory DN (agtaddn) connector nrcifs program to translate an account
from another domain into a samAccountName properly when requesting a DFS folder/share on a
different domain.
6.2.6 Script
• Fixed SSHD Host target (agtssh) connector to prevent intermittent crashes.

• Changed the Python (agtpython) connector to log the full content of applicable error output to the log
file when an exception has been encountered.
• Fixed lock and unlock for the SSHD Host target (agtssh) connector to ensure that passwords are reset
successfully on AIX systems.
• Fixed the runcommand operation to work properly when the target credentials use an authorization
key with passphrase.
6.2.7 Single sign-on
• Fixed an issue with the Tivoli Access Manager for Enterprise SSO (agttam) connector to allow for
multiple application server access behind a single URL.

6.2.8 Token
• Fixed an issue when targeting a Vasco IDENTIKEY Server (agtvasco) connector and specifying the
domain as an Active Directory user source.

• Added a connector for vSphere Hypervisor. Supported operations are list server info, List users,
password reset and verify.
• Google Applications connector updated to accommodate Google’s ending of support of their Google
Apps provisioning APIs.
• Enabled granular service license assignment by the Office365 connector.

• Enhanced AWS connector (agtaws) with the AssumeRole feature for cross-account access.
• Added version support to the Sybase scripted connector.

Enabled the Sybase scripted connector to use an absolute script path.
• Converted the Sybase connectors to 64 bit.
• Increased performance of the Exchange connector (agtexg2k7) when retrieving group membership
information.
7.1.5 Hard drive encryption
• The connector for McAfee Endpoint Encryption 6.x (agtmcee6) is now compatible with McAfee Drive
Encryption 7.x
26
• Updated ServiceNow connectors (agtsvcnow and pxsvcnow) to send soap requests directly to Ser-
viceNow service (removed dependency from .NET)
• Enhanced ServiceNow connector (pxsvcnow) with the ability to perform search on any field from any
table in ServiceNow.
• Added ability to reset an attribute to the original value on agtldap.

• Modified the Windows Server connector (agtnt) to list and update COM+ application subscribers.
• The agtdos.exe and agtpython.exe connectors can execute parallel verify and reset operations.
• Added the create and delete operations for the agtvasco connector to be able to assign or unassign
Vasco tokens for a user.
The listunassigned utility is also now able to list unassigned Vasco tokens.
• Enhanced the error handling for the agtrsaam connector when an input kvgroup is passed in directly
from the command line.

7.2 Resolved Issues
7.2.1 Miscellaneous fixes
• Changed the connectors to initiate a reset for verifyreset if the verify operation is not successful for
any reason.
• Fixed the CSV file connector (agtcsv) to perform the verify reset operation correctly.
• Changed the CSV file connector (agtcsv) to provide an error when data and configuration do not
match.
• Changed the SharePoint server connector (agtshrpt) to return an error when a group operation fails
and cannot be performed.
• Enhanced the Lotus Domino connector (agtdmno) to wrap any exceptions during API calls.
• Improved the nrupdate operation for the Lotus Domino connector (agtdmno).
• Enhanced the way that the membership file is populated by the PeopleSoft connectors.
• Corrected the PeopleSoft connector (agtpsft82) so that the verifyreset operation succeeds.
7.2.3 Customer relationship management system software
• Corrected SalesForce connector (agtsalesforce) to list ’accountEnable’ attribute
• Corrected SalesForce connector (agtsalesforce) to return clear error message on enable opera-
tion when enable failed due to license over limit
• Removed salesforce Alias attribute association to OTHER_NAME.
• Fixed credential leak in the logs for the Sybase connector (agtsybct) in the event that a reset failure
is encountered.
• Fixed issue with the Exchange connector (agtexg2k7) where pre-defined requests could not update
multiple permissions in a set operation.

• Corrected BMC SDE connectors to not do group listing needlessly after an update operation
7.2.7 Human resource management systems
• Corrected Concur connector (agtconcur) to use employee ID as the short ID.
• Fixed the NDS connector (agtnds) to return the correct status on groupuseradd and groupuserdelete
operations when a group does not exist or when a user is not a member of the group.
• Improved the Active Directory connector (agtad) logging to prevent excessive messages.
• Fixed potential agtad crash which could happen when listing domain objects
• Issue fixed in the Windows Server connector agtnt.exe when listing IIS service accounts.
• Fixed Active Directory DN connector (agtaddn) to lists all subdomains of the domain forest in a
serverinfo operation.
• Fixed issue so that reserved Windows accounts are filtered properly when listing subscribers with
agtnt.
• Fixed issue so that the listing results do not get truncated when targetting Novell e-directory with
agtldap.
• Fixed the LDAP connector (agtldap) to not crash on an update or create operation when a non-
existent account attribute is specified.
7.2.9 Network resource
• Changed network resource connectors for SMB and CIFS to connect to paths on DFS shares.
• Fixed the SSH script connector (agtssh) so that it runs the list operation successfully on Solaris.
• Corrected issue so that the list operation on agtssh completes in a reasonable amount of time.
• Changed samples scripts for SSHD scripted connectors for verifyreset options.
• Changed Telnet connector to allow messages to be returned for multiple operations and include veri-
fyreset operation for the RACF sample.
• Changed the sample Cisco IOS SSHD script to reset a username with the correct password or secret.
• The PowerShell Script now supports network resource operations.

• Fixed an issue with the psace for SecurID when displaying the service name in the Windows Services
list.
• Improved the challenge response authentication for the Connector package agent module (agent.pss)
for authentication chains when blank values are specified.
• Fixed valiace.exe for token authentication to populate the values for the PIN requirements when
the token’s PIN has been cleared.

Connector Pack 3.0 8
• Added Sophos Safeguard (agtsge) connectors.

• Added Concur Solutions - Expenses and Invoicing (agtconcur) connectors.
• Added ODBC script (agtodbcscript-32) connector and interface program pxodbc-32.exe for 32-bit sup-
port for ODBC data sources.
• CSV Connector Service (agtcsv) connector now supports additional delimiters.

• VMWare vSphere (agtvsphere) connector now list and manage VMs as pseudo accounts.
• Enhanced connector infrastructure to support runcommand operation.

• The following connectors have runcommand operation support added:
– agtpython
– agtora
– agtsql
– agtsybct
– agttelnet
– agtnt
– agtssh
• The serverinfo operation is now supported for Java-based connectors.
• The following connectors and interface programs have been upgraded to 64-bit versions:
31
– pxsoap – agtilearn – agtmvm.exe

– pxremedyforce – agtsvcnow – agtnt
– pxodbc – agttamsso – agtnull
– pxnull – agtwebex – agtodbcscript
– pxsvcnow – agtwebex-conn – agtopan
– pxmssm – agtacf2 – agtpgpwde
– pxpython – agtad – agtpython
– pxhpsm-ws-im – agtaddn – agtracf
– pxpsynchv6 – agtbitlocker – agtsalesforce
– pxcasd – agtchkpt – agtsf
– nrcifs – agtcsv – agtshrpt
– nrsmb – agtdb2 – agtsoap
– nrsrhpt – agtdb2script – agtsql
– agtora – agtdos – agtsqlscript
– agtorascript – agtepo – agtssh
– agtps – agtgapps – agttelnet
– agtnds – agthitrack – agtts
– agtexg2k7 – agthpsm_ws – agtunix
– agtbes – agthsnm – agtxml
– agtbes-ws – agtidm
– agtcache – agtmcee6
• Enhanced agentGetConnection() PSL ANG function so that it can be called by PSL ANG based con-
nectors.
• Added the ability to px* programs to populate all the server address data into $general and $targetData
variables.
• The following connectors have been deprecated, and will no longer be avaliable:
– agtex2k
– agtjdeow80-com
– agtolap
The following connectors have been replaced:

– agtsyb by agtsybct
– agtsybscript by agtsybctscript
The new connectors have the same functionalities as the old, but use new libraries.
• Exposed the shortid parameter for connectors that usePSL ANG.
• Oracle database 12C1 is now a supported target system.

• Microsoft SQL Server (agtsql) and Microsoft SQL Server script (agtsqlscript) connectors now supports
Microsoft SQL Server 2012/2014 servers.
• Microsoft SQL Server (agtsql) connector now supports SSL encryption.

• Oracle Database (agtora) connector can now list, assign and remove privileges. These privileges are
considered groups.
• Enhanced the Sybase ASE (agtsybct) connector by:

– Allowing a direct communication with the server
– Adding the server info operation
– Detecting a reset failure when the servers password policy is not respected
• Support has been added for both Java JRE 1.7 32-bit and 1.8 32-bit for the RSA Authentication
Manager 7.1/8.x (agtrsaam) connectors.
• Windows NT Server (agtnt) connector now consolidates all subscriber types and groups into one
subscriber list file.
• Active Directory DN (agtaddn) connector can now exclude container objects from listing.
• Active Directory DN (agtaddn) connector will use the CN attribute when performing a rename opera-
tion.
• Active Directory DN (agtaddn) connector can list groups or computers from a group or a OU.
• Modified LDAP Attribute sample scripts to add the ability to unlock user accounts on Oracle Directory
Server via resetting a password.
• Scripted connectors can now use all the connector return codes.
• Added sample configuration script agtldap-pamldap.cfg for LDAP servers with authentication through
pluggable authentication modules.
• The PowerShell Script (agtps) connector now uses standard connector error codes.
• Added agtssh-cisco_ios.psl script for Cisco IOS support for SSHD and Telnet targets.
• Added sample script agtssh-chkpt-ngx.psl for Secure Shell (agtssh) connectors operations for Check
Point Embedded NGX based Devices.
• Added sample script agtssh-junos9x.psl for SSH support for Juniper JunOS devices.
• Implemented new %k:_hostID% replacement string to be accessible in exposing target ID in scripting
connectors.

• SiteMinder (agtsm) connector can now return only the directory of interest when listing accounts, and
more debugging was added to the siteminder binary.
8.2 Resolved Issues
• Prevented the Lotus Domino (agtdmno) connector from generating duplicate attributes.
• Google GData SDK version 2.2.0.0 is now automatically included during Google Apps (agtgapps)
installation.
• By default, a domain email is no longer required to create accounts on the Lync server.
• SAP (agtsap) connector now sets a role’s start date to the day that the account is created.
• Resolved an issue where file transmission between instance or proxy servers was mishandling sym-
bolic directory links.
• The nrcifs.exe binary will correctly handle the NT4 nameformat in HiGM.
• The nrsmb.exe and nrcifs.exe binaries will correctly handle invalid inputs.
• Microsoft SQL Server (agtsql) connector now unlock accounts during a password reset operation.
• Microsoft Exchange (agtexg2k7) connector now supports the built-in strategy to choose a mailbox
database.
• Microsoft Exchange (agtexg2k7) connector no longer supports the DistributionGroup attribute.
• Microsoft Exchange (agtexg2k7) connector now properly targets servers on different domains in a
trust setup and properly parse attributes.

• RSA Authentication Manager 7.1/8.x (agtrsaam) connector no longer displays a false error message
when enabling or disabling a user’s token from the Manage tokens page.
• RSA Authentication Manager 7.1/8.x (agtrsaam) connector can now be used with 64-bit Java installed.
• The valiace plug-in was previously installed with the Password Manager server and is now included
with the Connector Pack. The valiace plug-in will need to be manually copied from the connector
directory for the Connector Pack to the plug-in directory for the instance on the Password Manager
server.
• The format for the target system address for RSA Authentication Manager 7.1/8.x has been modified.
The agtrsaam.properties and agtrsaam.jvmconfig files are no longer used and the fields that were
previously specified in these files are now set directly on the target address line. Upgrading from a
previous Connector Pack to Connector Pack 3.0 will require that the RSA Authentication Manager
7.1/8.x target system address lines be modified for the updated format.
Resolved an issue when listing from an RSA Authentication Manager 7.1/8.x target when there are
users whose names or user IDs contain UTF-8 characters.
8.2.6 Hard drive Encryption Systems
• Check Point (agtchkpt) connector now uses the account ID when generating the Helper ID data.
• Remedy Action Request System IT Service Manager (agtrem-itsm) connector is now compatible with
newer ARS ITSM.
8.2.8 Installation and setup
• Moved getpass.dll and psynchpwd.dll to connector-pack’s utility directory.
• TopSecret (agtts) and ACF2 (agtacf2) connectors now trims multi-value attributes and correct attribute
output formatting.
• LDAP Directories (agtldap) connector now compares modifyTimeStamp against lastModifiedTimeUTC

when performing incremental listing of user attributes.
• Windows NT Server (agtnt) connector now gracefully handles inputs with an undefined address.
• LDAP Directories (agtldap) connector now resets the oblogintrycount attribute on unlock operation
back to zero for Oblix/OAM.

• Active Directory DN (agtaddn) connector will correctly list and authenticate users when a parent do-
main is targeted with a OU list from a child domain.
8.2.10 PSUnix
• Upgraded OpenSSL libraries to version 1.0.1j for Windows and psunix.
• SSHD Host target system connector now supports sudo command for AIX targets. The default shell
used is bash and can be modified.
• When a password reset fails, verifyreset operation will fallback to a reset operation if neither verify, nor
adminverify are not supported.
• Microsoft SQL (agtsqlscript) and Oracle (agtorascript) script connectors now support listcomputer,
listsubscriber, and updatesubscriber operations.
• For PowerShell Script (agtps) connector, updated agtps-nt.ps1 sample script to include groups without
descriptions during listing.
• SiteMinder (agtsm) connector no longer missing shared library symbols at runtime.

• RSA Authentication Manager 7.1/8.x (agtrsaam) connector no longer supports groupcreate and groupdelete
operations.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
www.Hitachi-ID.com Date: | 2017-04-23 File: git:fox:doc/connector/release/cp-release-notes.tex

CP Release Notes

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CP Release Notes

Transféré par

Droits d'auteur :

Formats disponibles

Hitachi ID Connector Pack 3.1.

Software revision: 3.1.4

© 2017 Hitachi ID Systems, Inc. All rights reserved.

1 Connector Pack 3.1.4 3

2 Connector Pack 3.1.3 4

3 Connector Pack 3.1.2 7

3.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

4 Connector Pack 3.1.1 11

5 Connector Pack 3.1 12

© 2017 Hitachi ID Systems, Inc. All rights reserved.

5.2.5 Network operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

6 Connector Pack 3.0.2 22

7 Connector Pack 3.0.1 26

© 2017 Hitachi ID Systems, Inc. All rights reserved.

7.2 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

8 Connector Pack 3.0 31

© 2017 Hitachi ID Systems, Inc. All rights reserved.

8.2.9 Network operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

© 2017 Hitachi ID Systems, Inc. All rights reserved.

This document uses the following conventions:

This information . . . displayed in . . .

© 2017 Hitachi ID Systems, Inc. All rights reserved. 1

DISCLAIMER!: The following is a list of features and enhancements made to Connector

© 2017 Hitachi ID Systems, Inc. All rights reserved. 2

2.1 Features and Improvements

2.1.1 Application servers

2.2 Resolved Issues

2.2.1 Application servers

2.2.2 Database systems

• Changed the Exchange connector (agtexg2k7) to cleanup Power Shell sessions.

2.2.4 Networking devices

2.2.5 Network operating systems

© 2017 Hitachi ID Systems, Inc. All rights reserved. 5

2.2.6 Network resource

2.2.7 Script systems

© 2017 Hitachi ID Systems, Inc. All rights reserved. 6

3.1 Features and Improvements

3.1.1 Application servers

3.1.3 Networking Devices

3.1.4 Network operating systems

• Added longidNormalizeCase and groupidNormalizeCase configuration options to allow conversion of

3.1.5 Script systems

3.1.6 Hardware tokens

3.1.7 Transparent password synchronization triggers

• Added _acctSID and _acctSAM attributes to nrcifs and nrsmb.

© 2017 Hitachi ID Systems, Inc. All rights reserved. 8

3.2 Resolved Issues

3.2.1 Application servers

• Added account attribute AutomaticChange to SharePoint type target system.

3.2.2 Help desk systems

© 2017 Hitachi ID Systems, Inc. All rights reserved. 9

3.2.4 Networking devices

3.2.5 Network operating systems

3.2.6 Script systems

3.2.7 Hardware tokens

3.2.8 Transparent password synchronization triggers

© 2017 Hitachi ID Systems, Inc. All rights reserved. 10

4.1 Features and Improvements

4.2 Resolved Issues

5.1 Features and Improvements

5.1.1 New connectors

5.1.1.1 Application servers

• Added connector for Cisco Unity Connection (agtcuc).