CP-VA-140100-0003 Release Notes

This Release Notes contains the following sections:
cis141
This Release Notes contains the following sections:
Defects Fixed
The following defects have been fixed in this Cumulative Patch:
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risk
00854692
DE319144
Cannot delete IDM or IG log files in /opt/CA/
<APP_DIR>
/standalone/log/
Added permission to delete IG and IDM log files (log directory and contained files are now owned by wildfly:config)
Low
00851801
DE318705
After installing CA Identity Manager cumulative patch 1 for 14.1 (CP-IMV-140100-0001.tgz.gpg) - if a Provisioning Server is later deployed on the node - the deployment would fail with the following error:
Failed to start the Provisioning Server (error code 99)
timeout: failed to run command `/etc/init.d/improvisioning':
Permission denied
The 14.1-IM-CP1 patch does not include execute permissions for files in the imps BIN directory (/opt/CA/IdentityManager/ProvisioningServer/bin) affecting any Provisioning Server that is deployed
after
the 14.1-IM-CP1 patch is installed.
As a workaround, the vApp 14.1-CP3 patch introduces a custom startup behavior for PS - assigning execute permissions for files in the bin directory on every startup.
To eliminate the above problem with the 14.1-IM-CP1, you need to install 14.1-VA-CP3 either before or after the IM patch is installed.
Medium
00853913
INTERNAL
Cannot register or list external connector servers from the vApp "External Tools" web page
The password for the vApp service account on the Provisioning Directory (Global User account: "vapp-service") has expired. This Cumulative Patch un-sets the expiry flag.
Low
00852393
INTERNAL
On environments having multiple Provisioning Servers, the failover string in CA Identity Manager's ProvStore.xml lists ca-prov-srv-02 multiple times.
Fixed the replacement pattern in the CA Identity Manager startup script.
These changes affect the ProvStore template, therefore they will only take effect if the Provisioning Directory definition is created from scratch (e.g. on the first IDM deployment, or after deleting the ProvStore definition and restarting IDM).
On environments affected by the issue - it is recommended to edit the connection string manually and remove duplicate values.
Low
Product Enhancements
The following behaviors have been changed in this Cumulative Patch:
Support Ticket
Engineering Ticket
Enhancement description
Additional Deployment Instructions
INTERNAL
INTERNAL
Provisioning Server monitoring to only report per-DSA status in case there are stopped DSAs
If all Provisioning Directory DSAs are started, the monitor will not display per-DSA status and instead will display "[OK] All DSAs are started"
INTERNAL
INTERNAL
Added the option to enable/disable/list kernel audit settings.
When kernel audit is enabled - audit messages may be printed to the console repeatedly.
 
Added new aliases:
kernelAuditDisable
kernelAuditEnable
kernelAuditShow
INTERNAL
INTERNAL
Added support for authentication, TLS, and SSL in CA Identity Manager SMTP configuration
Added the following parameters to /opt/CA/VirtualAppliance/custom/IdentityManager/email.properties:
SMTP_SSL_ENABLED
SMTP_TLS_ENABLED
SMTP_USER
SMTP_PASSWORD