IBM Security Verify Governance Adapter MySQL Adapter 10.0.1 is available. Compatibility, installation, and other getting-started issues are addressed.
Copyright
International Business Machines Corporation 2003, 2024. All rights
reserved.
US
Government Users Restricted Rights -- Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
Installation and Configuration Notes
Corrections to Installation Guide
Customizing or Extending Adapter Features
Welcome to the IBM Security Verify Governance Adapter MySQL Adapter.
These Release Notes contain information for the following products that was not available when the IBM Security Verify Governance Adapter manuals were printed:
IBM Security Verify Governance Adapter MySQL Adapter Installation and Configuration Guide
The MySQL Adapter is designed to create and manage accounts on a MySQL Database. The adapter runs in "agentless" mode and communicates using JDBC to the systems being managed.
The IBM Security Verify Governance Adapters are powerful tools that require Administrator Level authority. Adapters operate much like a human system administrator, creating accounts, permissions and home directories. Operations requested from the IBM Security Verify Governance server will fail if the Adapter is not given sufficient authority to perform the requested task.
Review and agree to the terms of the IBM Security Verify Governance Adapter License prior to using this product.
The license can be viewed from the "license" folder included in the product package.
Adapter Version
Component |
Version |
Build Date |
2022 November 12 02.41.27 |
Adapter Version |
10.0.1 |
Component Versions |
Adapter build: 10.0.1.13 Profile: 10.0.1.13 Connector: 10.0.1.13 Dispatcher 7.1.39 or higher (packaged separately) |
Documentation |
The following guides are available in the IBM Documentation Center MySQL Adapter Installation and Configuration Guide |
New Features
Internal# |
Enhancement # (RFE) |
Description |
|
|
Items closed in release 10.0.1 |
RTC 191076 |
|
Rebranding to IBM Security Verify Governance |
RTC 191028 |
|
Verified the adapter with mysql-connector-j-8.0.31.jar |
|
|
Items closed in release version 7.1.1 |
|
|
Initial release |
Closed Issues
Internal# |
APAR#/CASE# |
Description |
|
|
Items closed in release 10.0.1 |
RTC 191028 |
TS010668801 |
MySQL-Adapter not functional |
|
|
Items closed in release version 7.1.1 |
|
|
None |
Known Issues
Internal# |
APAR# |
CASE# / Description |
|
|
None |
Known Limitations
Internal# |
APAR# |
Description |
|
|
None |
See the IBM Security Verify Governance Adapter Adapter Installation Guide for detailed instructions.
The MySQL Adapter Installation and Configuration Guide can be obtained from IBM Documentation Center at https://www.ibm.com/docs/en/svgaa?topic=getting-started
The following configuration notes apply to this release:
The
connector might or might not be available with the base Security
Directory Integrator or Security Directory Integrator product. The
connector is required to establish communication between the adapter
and the Dispatcher.
The Dispatcher must be installed.
Ensure that your sites meets the prerequisite requirements. See Prerequisites.
The adapter uses the MySQL JDBC connector. Follow the steps in the procedure to to download and copy the JDBC Connector JAR. Please consult the Release Notes for the current version of the JDBC connector jar that is certified for use with the current version of the adapter.
Procedure
Download mysql-connector-java-x.xx.jar from MySQL Connector/
Copy the MySQL JDBC driver to the SDI_HOME/jars/3rdparty/others directory.
For example: mysql-connector-java-8.0.31.jar
Restart the adapter service.
Installing ILMT-Tags File
Please add new section Installing ILMT-Tags File under the section Installing in adapter install guide. Under Installing ILMT-Tags specify below steps.
Before
you begin:
The
Dispatcher must be installed
Procedure:
Copy the files from ILMT-Tags folder to the specified location:
1. Windows: <SDI-HOME>\swidtag
2. Unix/Linux: <SDI-HOME>/swidtag
below
MySQL sslMode connector property
Specify the sslMode that the connector must use to connect to the MySQL database.
Valid values are: DISABLED, PREFERRED, REQUIRED, VERIFY_CA and VERIFY_IDENTITY
For more information see: https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-mode
No updates for this release
Enabling TLSv1.2 in Security Directory Integrator
Procedure:
1. Apply recommended fix packs and limited availability (LA) versions on the Security Directory Integrator. See Recommended fixes for IBM Tivoli Directory Integrator (TDI) & IBM Security Directory Integrator (SDI).
2. After applying the appropriate updates, modify the /solution.properties file by appending the following text to the bottom of the file:
#####################
# # Protocols to enforce SSL protocols in a SDI Server
# # Optional values for com.ibm.di.SSL* property (TLSv1, TLSv1.1, TLSv1.2). # # This can be a multi-valued comma separated property
# # Optional values for com.ibm.jsse2.overrideDefaultProtocol property (SSL_TLSv2, TLSv1,TLSv11,TLSv12).
# # This is a single value property.
#####################
-
com.ibm.di.SSLProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.di.SSLServerProtocols=TLSv1,TLSv1.1,TLSv1.2
com.ibm.jsse2.overrideDefaultProtocol=TLSv1
com.ibm.jsse2.overrideDefaultTLS=true
#####################
Enabling DEBUG Logs on SDI Server
Procedure:
1. Stop the SDI Server process
Pre-7.2.0-ISS-SDI-FP0008
2. Edit the /etc/log4j.properties
3. Modify the following line:
log4j.rootCategory=INFO, Default
to
log4j.rootCategory=DEBUG, Default
Post-7.2.0-ISS-SDI-FP0008
2. Edit the /etc/log4j2.xml
3. Modify the following line:
<Root level="info">
to
<Root level="debug">
4. Start the SDI Server process
5. Re-create the problem and collect the /logs/ibmdi.log
No updates for this release
No updates for this release
The following configuration notes apply to this release:
None.
IBM Security Verify Governance Adapter adapters can be customized and/or extended. The type and method of this customization may vary from adapter to adapter.
Refer to the IBM Security Verify Adapter development and customization guide https://www.ibm.com/support/pages/ibm-security-verify-adapters-v10x
Support for Customized Adapters
The integration to the Verify Governance server using the adapter framework is supported. However, IBM does not support the customizations, scripts, or other modifications. If you experience a problem with a customized adapter, IBM Support may require the problem to be demonstrated on the GA version of the adapter before a Case is opened.
Installation Platform
The IBM Security Verify Governance Adapter Adapter was built and tested on the following product versions.
Adapter Installation Platform:
The following SDI releases are the officially supported versions:
IBM Security Directory Integrator 7.2 + FP0008
Earlier versions of SDI that are still supported may function properly, however to resolve any communication errors, you must upgrade your SDI releases to the officially supported versions by the adapters. Please refer to the adapters installation and configuration guides for the latest update on IBM Security Directory Integrator versions and fix packs
Managed Resource:
MySQL v8.0.31
Validated JDBC driver:
mysql-connector-j-8.0.31.jar
IBM Security Verify Governance servers:
IBM Security Verify Governance Identity Manager v10.0
IBM Security Verify Governance v10.0
This
information was developed for products and services offered in the
U.S.A. IBM may not offer the products, services, or features
discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual
property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM
product, program, or service.
IBM may have patents or
pending patent applications covering subject matter described in this
document. The furnishing of this document does not give you any
license to these patents. You can send license inquiries, in writing,
to:
IBM
Director of Licensing
IBM Corporation
North Castle
Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to:
Intellectual
Property Licensing
Legal and Intellectual Property Law
IBM
Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa
242-8502 Japan
This
information could include technical inaccuracies or typographical
errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the
publication. IBM may make improvements and/or changes in the
product(s) and/or the program(s) described in this publication at any
time without notice.
Any references in this information to
non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at
those Web sites are not part of the materials for this IBM product
and use of those Web sites is at your own risk.
IBM may
use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to
you.
Licensees of this program who wish to have
information about it for the purpose of enabling: (i) the exchange of
information between independently created programs and other programs
(including this one) and (ii) the mutual use of the information which
has been exchanged should contact:
IBM
Corporation
2ZA4/101
11400 Burnet Road
Austin, TX
78758 U.S.A.
Such
information may be available, subject to appropriate terms and
conditions, including in some cases, payment of a fee.
The
licensed program described in this information and all licensed
material available for it are provided by IBM under terms of the IBM
Customer Agreement, IBM International Program License Agreement, or
any equivalent agreement between us.
Any performance data
contained herein was determined in a controlled environment.
Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on
development-level systems and there is no guarantee that these
measurements will be the same on generally available systems.
Furthermore, some measurements may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific
environment.
Information concerning non-IBM products was
obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested
those products and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed
to the suppliers of those products.
Trademarks
IBM,
the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
Microsoft,
Windows, and the Windows logo are trademarks of Microsoft Corporation
in the United States, other countries, or both.
Java and
all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.