Release
notes IBM
Security Verify Adapter v10.0.7 for SQL Server
IBM Security Adapter v10.0.7 for SQL Server is available. Compatibility, installation
and other getting-started issues are addressed.
Copyright International Business Machines Corporation
2003, 2024. All rights reserved.
US Government Users Restricted Rights -- Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
·
Preface
·
Adapter Features and Purpose
·
Installation and Configuration
Notes
·
Customizing or Extending Adapter Features
·
Notices
These Release Notes contain information for the following products
that was not available when the IBM Security Verify Server manuals were
printed:
·
SQL Server Adapter Installation and Configuration Guide
The SQL Server Adapter is designed to create and manage accounts
on Microsoft SQL Server. The adapter runs in agentless mode and
communicates using ActiveX Data Objects (ADO) and Microsoft SQL Server APIs to
the systems being managed.
IBM recommends the installation of this adapter in agentless mode.
A single copy of the adapter can handle multiple IBM Security Verify Server
Services. The deployment configuration is based, in part, on the topology of
your network domain, but the primary factor is the planned structure of your
IBM Security Verify Server Provisioning Policies and Approval Workflow process.
Please refer to the IBM Knowledge Centre
for a discussion of these topics.
The IBM Security Verify Server adapters are powerful tools that
require Administrator Level authority. Adapters operate much like a human
system administrator, creating accounts, permissions and home directories.
Operations requested from the IBM Security Verify Server will fail if the
adapter is not given sufficient authority to perform the requested task. IBM
recommends that this adapter run with administrative (root) permissions.
The ability to manage service groups was a
feature introduced prior to IBM Security Verify
Server. By service groups, IBM Security
Verify Server is referring to any logical entity that can group accounts
together on the managed resource.
Managing service groups implies the
following:
Create service groups on the managed resource.
Modify attribute of a service group.
Delete a service group.
Note:
Service group name change is not supported in the IBM Security Verify Server
release.
The SQL Server adapter does not support
management of service groups.
Review and
agree to the terms of the IBM Security Verify Adapter License prior to using
this product.
The license can be viewed from the
"license" folder included in the product package.
Component |
Version |
Build Date |
2024-06-20 07:21:23 PDT |
Adapter Version |
10.0.7 |
Component Versions |
Adapter 10.0.7 Profile 10.0.7 ADK 8.0.7 |
Documentation |
Check the IBM Knowledge Centre for the following guide(s): SQL Server Adapter Installation and Configuration Guide |
Internal# |
Enhancement # (RFE) |
Description |
|
|
Items included in current release (10.0.7) |
Internal |
This release includes ADK 8.0.7 with openSSL 3.1.6 |
|
|
|
Items included in current release (10.0.6) |
Internal |
This release includes ADK 8.0.6 with openSSL 3.1.4 |
|
|
|
Items included in release (10.0.5) |
Internal |
This release includes ADK 8.0.5 with openSSL 3.1.4 |
|
|
|
Items included in 10.0.4 |
Internal |
This release includes ADK 8.0.4 with openSSL 3.1.0 |
|
|
|
Items included in 10.0.3 |
Internal |
This release includes ADK 8.0.3 with openSSL 3.1.0 |
|
Internal |
Fixed issue with installer putting files in incorrect folder |
|
|
|
Items included in 10.0.1 |
Internal |
This release includes ADK 7.0.9 will have openSSL 1.1.1k |
|
|
|
Items included in release (7.1.18) |
RTC-186968 |
RFE 143184 (62143) |
Enhance the SQL adapter for multi-thread functionality |
|
RFE 118170 (53582) |
ISIM SQL Adapter Recon Performance Issue |
RTC-187491 |
|
SQL Server adapter support for SQL Server 2019 |
|
|
Items included in release (7.1.17) |
RTC-183239 |
|
SQL Server ��� PSIRT: OpenSSL update to Windows ADK |
|
|
Items included in release (7.1.16) |
RTC-181495 |
|
Attribute Values lookup Support -SQL Server Adapter |
|
|
Items included in 7.1.15 version |
RTC-177539 |
|
As a developer of the SQL Server adapter, I need to use a newer OpenSSL version that addresses PSIRT advisories. OpenSSL is upgraded from version 1.0.2n to 1.0.2p |
|
|
Items included in 7.1.14 version |
|
|
None |
|
|
Items included in 7.1.13 version |
RTC-170891 |
|
US - As an SQL Server adapter developer, I need to address PSIRT advisories |
|
|
Items included in 7.1.12 version |
RTC-154488 |
|
Support for FIPS compliant mode. |
RTC-163312 |
|
Add support for SSL enable/disable prompt. |
|
|
Items included in 7.1.11 version |
RTC-154249 |
|
Add support for SQL server 2016. |
|
|
Items included in 7.1.10 version
|
RTC-151772 |
|
Add Support for Identity Governance and Intelligence (IGI) v5.2.2 This adapter is now designed for use with IBM Security Identity Manager, Privileged Identity Manager, and Identity Governance and Intelligence. |
|
|
Items included in 7.0.9 release
|
|
|
None |
|
|
Items included in 7.0.8 release
|
|
79732 (39955)
|
Request for inclusion of user defined SQL server roles -Reconciliation of user defined server roles and assigning user defined server roles to users |
|
|
Items included in 7.0.7 release
|
|
|
Initial Release |
Internal# |
APAR# |
Case# / Description |
|
|
Items closed in current release (10.0.4) |
Bugz 4150 |
|
Installer fails to register agent as a service. Default install path has a typo |
|
|
Items closed in current release (10.0.1) |
RTC 188091 Bug 3351 TS004254145 |
IJ29410 |
Tables or columns in SQL Server to verify db role and db user info from recon |
RTC 189277 Bug 3529 TS005548326 |
|
Question about ersql2000authmethod field on driver configuration setup on IGI/SVG |
|
|
Items closed in release (7.1.18) |
Bug 3120 RTC-185779 TS003143791 |
IJ22166 |
Question on MSSQL Connection string when selecting 'SQL Server Authentication' |
|
|
Items closed in release (7.1.17) |
|
|
None |
|
|
Items closed in release (7.1.16) |
|
|
None |
|
|
Items closed in 7.1.15 version |
|
|
None |
|
|
Items closed in 7.1.14 version |
RTC 176657 Bug 2571 |
|
US - As a SQL Server adapter developer I must ensure that the adapter supports SSL TLS v1.2 protocol between adapter and the SQL Server. (for SSL issues between IGI and adapter, refer to Known Issues) |
|
|
Items closed in 7.1.13 version |
|
|
None |
|
|
Items closed in 7.1.12 version |
|
|
None |
|
|
Items closed in 7.1.11 version |
RTC 158751 Bug 2305
|
|
PMR 34398,082,000/ SQL Adapter version incorrect. |
|
|
Items closed in 7.1.10 version
|
|
|
None |
|
|
Items closed in 7.0.9 version
|
RTC 147660 Bug 2108 |
|
PMR 01644,69G,760 / SQL Server adapter fails to change password if password contains single quote. |
|
|
Items closed in 7.0.8 version
|
RTC 134196 Bug 1915 |
|
Unable to list all Server roles in the attribute ersql2000serverrole |
|
|
Items closed in 7.0.7 version
|
|
|
Initial Version
|
Internal# |
APAR# |
Case# / Description |
N/A |
N/A |
During installation of the adapter, the upgrade option has known issues and should not be used. use the full installation |
N/A |
N/A |
Class 3 Certificates Class 3 secure server CA-G2 certs are not written properly to DamlCACerts.pem file through CertTool.exe Utility. The certificate data is written twice between BEGIN CERTIFICATE and END CERTIFICATE.
Work around: To correct this issue, please follow the below steps and edit DamlCACerts.pem file present in <Adapter installation path>\data folder.
Step 1. Start the CertTool utility
Step 2. Import the class 3 CA certificate by using “F��� option from the main menu of CertTool Utility.
Step 3. Once the class 3 CA certificate is successfully installed, open DamlCACerts.pem file stored in the <Adapter installed path>\data folder using text editor.
Step 4. Delete the class 3 CA certificate data (i.e. content between BEGIN CERTIFICATE and END CERTIFICATE) from DamlCACerts.pem.
Step 5. Open class 3 CA certificate file using text editor and copy the certificate data (between the BEGIN CERTIFICATE and END CERTIFICATE)
Step 6. Paste the certificate data to DamlCACerts.pem file between the BEGIN CERTIFICATE and END CERTIFICATE lines of same class 3 CA Certificate. If more than one class 3 certificates are installed then you can identify the certificate using issuer and subject data.
Step 7. Save DamlCACerts.pem file.
Step 8. To verify the DamlCACerts.pem file is edited properly, display certificate information by using option from the main menu of CertTool Utility.
Please note that this issue is seen after installing class 3 CA certificate. If you correct the DamlCACerts.pem and then install another class 3 CA certificate, the newly installed class 3 CA certificate will show same issue.
This issue is also seen when you delete any certificate using option "G" from the main menu of CertTool utility. The delete option will affect all remaining class 3 CA certificate and you have to follow step 1 to 8 to correct the DamlCACerts.pem file. |
N/A |
N/A |
Installation on the Microsoft Windows 2012 Server platform |
N/A |
N/A |
SSL between IGI and Adapter does not support TLSv1.2, as the DAML context property is not exposed through IGI VA link. |
See the IBM Security Verify Server SQL Server Adapter Installation
and Configuration Guide for detailed instructions.
The following is the correction to the Installation Guide apply to
this release:
None
The following configuration notes apply to this release:
None.
The IBM Security Verify adapters can be customized and/or
extended. The type and method of this customization may vary from adapter to
adapter.
Customizing and extending adapters requires a number of additional
skills. The developer must be familiar with the following concepts and skills
prior to beginning the modifications:
·
LDAP schema management
·
Working knowledge of scripting
language appropriate for the installation platform
·
Working knowledge of LDAP object
classes and attributes
·
Working knowledge of XML document
structure
Note: This adapter supports customization only through the use of
pre-Exec and post-Exec scripting.
IBM Security Identity Server Resources:
Check the "Training" section of the IBM Knowledge Centre
for links to training, publications, and demos.
IBM Security Directory Integrator Resources:
Check the "Training" section of the IBM Security Directory Integrator
Support web site for links to training, publications, and demos.
The integration to the IBM Security Verify Server the adapter
framework is supported. However, IBM does not support the customizations,
scripts, or other modifications. If you experience a problem with a customized
adapter, IBM Support may require the problem to be demonstrated on the GA
version of the adapter before a PMR is opened.
The IBM Security Verify Adapter was built and tested on the
following product versions.
Adapter Installation Platform:
Microsoft Windows 11
Microsoft Windows 2019
Microsoft Windows 2022
Managed Resource:
Microsoft SQL Server 2016
-- with -- respective
Microsoft SQL Server Client software versions 2016 and 2019
Clients:
IBM Security Verify Governance Identity Manager v10.0
IBM Security Verify Governance v10.0
IBM Security Identity Manager v7.0.x
IBM Security Identity Manager v6.0.x
IBM Security Identity Governance
and Intelligence v5.2.x
This information was developed for products and services offered
in the U.S.A. IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM representative for
information on the products and services currently available in your area. Any
reference to an IBM product, program, or service is not intended to state or
imply that only that IBM product, program, or service may be used. Any
functionally equivalent product, program, or service that does not infringe any
IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product,
program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM
Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
For license inquiries regarding double-byte (DBCS)
information, contact the IBM Intellectual Property Department in your country
or send inquiries, in writing, to:
Intellectual
Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
This information could include
technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions
of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this
IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged should contact:
IBM
Corporation
2ZA4/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate
terms and conditions, including in some cases, payment of a fee.
The licensed program described in this information and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement, or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments
may vary significantly. Some measurements may have been made on
development-level systems and there is no guarantee that these measurements
will be the same on generally available systems. Furthermore, some measurements
may have been estimated through extrapolation. Actual results may vary. Users
of this document should verify the applicable data for their specific
environment.
Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available
sources. IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft
Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
End
of Release Notes