• OPENIDM-2079: Cannot PATCH managed user when ID contains special characters.

• OPENIDM-2067: For an MS SQL repository, queries in the repo config file containing concatenation functions do not work

• OPENIDM-2063: Failed to start OpenIDM when MySQL was used as repo with SSL enabled

• OPENIDM-2061: Recon Fails to create users from AD "REV" : invalid identifier [Oracle]

• OPENIDM-2017: OpenIDM does not check availability of remote connectors.

• OPENIDM-2009: External REST service does not pass custom headers

• OPENIDM-1994: JAVA_TYPE_BYTE and JAVA_TYPE_PRIMITIVE_BYTE is not supported as native type with .NET

• OPENIDM-1972: scheduler.json should be delivered with instanceId of &{openidm.node.id} instead of scheduler1234

• OPENIDM-1967: Exceptions in connector when using remote java connector server are not wrapped properly

• OPENIDM-1966: External REST calls without any authentication specified are now refused

• OPENIDM-1961: Persistent scheduler jobs cannot be failed over

• OPENIDM-1960: when password of internal user is encrypted in MySQL repo, we can not authenticate with this user

• OPENIDM-1953: sample2 authentication should not be looking in managed/user

• OPENIDM-1943: LiveSync of ObjectClass __ALL__ is broken

• OPENIDM-1930: Attributes from role assignments are not in onAssignments/onUnassignments scripts

• OPENIDM-1925: remove parameters that are not beeing applied in script.json config file

• OPENIDM-1923: IWAModule hard-codes resource path

• OPENIDM-1917: livesync create failed

• OPENIDM-1916: [OracleDB] Resource 'user' not found

• OPENIDM-1912: Exception from OpenIDMResolverFactory if used in a parallel execution workflow task

• OPENIDM-1901: The effectiveAssignments had error and caused merge failure when multiple roles were assigned dynamically

• OPENIDM-1900: User created through UI failed to login when no role was selected.

• OPENIDM-1896: passthroughAuthnPopulateContext script is named too specifically; functionality is not specific to pass-through

• OPENIDM-1893: ScriptedRequestHandler throws away detail from ScriptThrowException

• OPENIDM-1892: External REST service returns a 500 InternalServerError on any error by the external call instead of what was returned

• OPENIDM-1891: Failed to change password for openidm-admin on UI

• OPENIDM-1890: Failed to update openidm-admin profile

• OPENIDM-1884: Managed/role entries are not being rendered on the Admin user management form with the proper _id

• OPENIDM-1883: Synchronization Situations / Actions: List "rational" options for each Synchronization Situation

• OPENIDM-1877: Exception when updated an assigned role.

• OPENIDM-1876: Various samples not syncing password properly

• OPENIDM-1874: _fields ignores NOT_READABLE attribute flag

• OPENIDM-1873: Recon audit on a successfuly completed recon contains ACTIVE state instead of SUCCESS

• OPENIDM-1872: CLI.SH - configureconnector cannot recognize available connectors

• OPENIDM-1863: ICF's UnsupportedOperationException is wrapped into wrong OpenIDM exception

• OPENIDM-1862: Null exception when both sunrise and sunset taskscanners were triggered at the same time.

• OPENIDM-1861: AoN should be included as a sample

• OPENIDM-1856: compensate mechanism issue on auditing UPDATE

• OPENIDM-1854: Change role attribute didn't clean target value changed by the original role

• OPENIDM-1853: roles didn't take effect when multiple roles were assigned to user

• OPENIDM-1851: external/rest calls no longer supply headers to remote system

• OPENIDM-1849: Default MySQL config refers to stored procedures which do not exist in default schema

• OPENIDM-1848: Changes to the repo configuration while the system is running cause global system failure

• OPENIDM-1847: AND and OR are not working anymore in queries built with _queryFilter and called from scripts

• OPENIDM-1846: JAVA_TYPE_BYTE_ARRAY is not supported as native type

• OPENIDM-1844: triggerWorkflowFromSync.js failed to generate task instance and sample9 failed

• OPENIDM-1842: onCreate-user-set-default-fields.js script does not update users on creation

• OPENIDM-1839: self-registration page should display error messages about the non valid fields

• OPENIDM-1824: Request command didn't return properly(proper value) when custom endpoint was used.

• OPENIDM-1819: Failures from ICF connectors are not available from onFailure handler

• OPENIDM-1813: reading a non existing workflow task via REST should return 404 instead of 500

• OPENIDM-1812: invoking non existing workflow via REST should return 4XX instead of 500

• OPENIDM-1810: OpenIDM requires all attributes which are defined in provisioner in update operation

• OPENIDM-1809: OpenIDM ignores required attribute in provisioner file

• OPENIDM-1806: DELETE managed object(user, role) returns 200+null on OrientDB (not ok)

• OPENIDM-1795: Async Recon via REST using performAction with a non-existing action not returning proper error

• OPENIDM-1794: GET with queries using _queryId with missing params on MySQL should return 400 instead of 200

• OPENIDM-1792: PATCH by Query via POST not working anymore (getting error 400)

• OPENIDM-1789: Role didn't take effect when replaceTarget operation was applied to a single value property

• OPENIDM-1781: clean-up obsolete properties in authentication.json that are now defined in authModules map

• OPENIDM-1773: Set up Working Custom Endpoint Samples / Query Requests on Groovy Endpoint

• OPENIDM-1767: BadPaddingException while authenticating as openidm-admin on Windows with MSSQL

• OPENIDM-1766: authenticated users can not PATCH their own data anymore

• OPENIDM-1759: In ResourceFunctions of script-common the non-string parameters of openidm.action call are ignored withouth any warning

• OPENIDM-1755: Recon target phase is always single threaded regardless of the number of configured taskThreads

• OPENIDM-1749: Startup randomly fails on scheduler bundle when launching sample1 on Centos

• OPENIDM-1748: Confusing policy validation display for passwords in the UI

• OPENIDM-1746: Javascript needs access to external packages

• OPENIDM-1739: Changes made to target objects by onLink triggers should be persisted if the situation action is UPDATE

• OPENIDM-1732: onRetrieve scripts not executing for managed/ query results

• OPENIDM-1708: reauthentication not functioning with alternate auth modules

• OPENIDM-1705: Sync Exception actions are returned with 409/conflict instead of 500/exception

• OPENIDM-1702: CLI.SH configimport not working on some configuration files

• OPENIDM-1701: Creating "managed" objects from sync doesn't create link immediately, causing unnecessary correlation for other mappings

• OPENIDM-1689: cleaning up the generic and explicit table mapping defaults for managed user

• OPENIDM-1679: Activity audit file not created when performing CRUD on OpenDJ via connector

• OPENIDM-1674: Slashes in _id break reconciliation

• OPENIDM-1665: Startup failure when connectors directory contains arbitrary sub-directories

• OPENIDM-1663: Deadlock within OpenIDM when updating managed users w/MSSQL as the repository

• OPENIDM-1655: External Rest Service erroneously sets the remote auth ChallengeScheme to HTTP_COOKIE instead of HTTP_BASIC

• OPENIDM-1649: SSL client/mutual auth not working even though certificate is present

• OPENIDM-1647: LiveSync fails when using Generic LDAP Connector if readSchema=false

• OPENIDM-1637: Problem in UI when the username contains a space char.

• OPENIDM-1631: OrientDB Studio not working correctly after upgrade to OrientDB 1.6.4

• OPENIDM-1629: Policy cannot-contain-others raises an exception when one of the fields to check against is absent

• OPENIDM-1626: Duplicated keys in Index in OrientDB returns error code 500 instead of 4XX

• OPENIDM-1624: Linux rc script generated by create-openidm-rc.sh fails to shutdown OpenIDM when installed to a directory other than 'openidm'

• OPENIDM-1616: Customization of the location of OrientDB db broken since upgrade to 1.6.4

• OPENIDM-1608: create schedule via REST with a bad misfirepolicy fails with 500 status code instead of 400

• OPENIDM-1597: openidm takes 100% CPU even in "idle" state on Windows

• OPENIDM-1584: java.lang.OutOfMemoryError exception

• OPENIDM-1583: OpenIDM should not enforce the REAUTH_REQUIRED policy for openidm-cert role.

• OPENIDM-1563: Task scanner creates a new thread pool for each execution resulting in a thread leak.

• OPENIDM-1537: Getting 500 error when loading the UI when an old invalid session-jwt cookie is present

• OPENIDM-1535: incomplete handleQuery implementation in ScriptedRequestHandler

• OPENIDM-1532: random issues with authentication on some startups leading to 401 on all requests

• OPENIDM-1529: IDMUserAuthModule should be using IdentityServer to get property for "openidm.auth.clientauthonlyports"

• OPENIDM-1526: Recon values fail to be reconstructed from the audit log when using a JDBC repo

• OPENIDM-1524: Jetty floods OpenIDM log with error

• OPENIDM-1515: MVCC is broken when using MSSQL as the OpenIDM repository.

• OPENIDM-1514: Failed login or expired session following a successful login results in empty response body.

• OPENIDM-1513: Inconsistency in script context: request object has different representations

• OPENIDM-1511: Policy.java overwrites the action parameter of async recon

• OPENIDM-1507: Logging level change to FINE causes NullPointerException in OrientDBRepoService

• OPENIDM-1503: InvalidCredentialException thrown from OpenICFProvisionerService uses 500 HTTP error code

• OPENIDM-1502: Audit log entries with same activitydate

• OPENIDM-1490: missing comma in DN definition of certificate

• OPENIDM-1489: Command line needs to allow supplying user/pwd

• OPENIDM-1486: 'en-US' language is always used

• OPENIDM-1479: Cannot delete from generic objects using PostgreSQL

• OPENIDM-1478: Encrypt with Command Line (CLI) is broken

• OPENIDM-1470: Set max heap size (Xmx) and min heap size (Xms) to the same value

• OPENIDM-1467: Private key validation before importing into the keystore

• OPENIDM-1457: Running OrientDB in memory results in failure and ACTIVE_NOT_READY state

• OPENIDM-1456: Correlation query not working correctly: recon leads to absent+unassigned instead of found

• OPENIDM-1450: Deleting record from Managed/user with mismatched version yields in 500 error [OrientDB]

• OPENIDM-1444: json schema package needs to specify export version and import version ranges

• OPENIDM-1433: OpenIDM renames entry on update (OpenIDM ICF glue code sets __NAME__ to __UID__)

• OPENIDM-1432: Missing uinotification table within Oracle openidm.sql schema

• OPENIDM-1431: authentication initialization messages should not appear in the log (INFO) for every request on the REST API

• OPENIDM-1426: Openidmui/index.html hangs on browser refresh

• OPENIDM-1424: gzip servlet filter no longer working

• OPENIDM-1419: Can't logout of openidmui (Session not terminating)

• OPENIDM-1417: Throwing 401 exception in augment security context javascript ends up being a 500 in the response

• OPENIDM-1416: Default onCreate script of UI sets the accountStatus to 'active', overrides the value of the managed user attribute

• OPENIDM-1415: Need to enable cascade delete on foreign keys within Oracle schema

• OPENIDM-1413: In async recon starter script (workflow.js) the query of the already running instances is executed before all it's parameters are set

• OPENIDM-1412: Missing 'not undefined' check for sourceId and targetId in async recon workflow starter script (workflow.js)

• OPENIDM-1411: Add not null check to async recon starter script (workflow.js) for sourceId query parameter, fill businessKey field of the workflow when starting a new workflow

• OPENIDM-1406: cluster.json should be using a property substitution, and take the setting from boot.properties

• OPENIDM-1403: considerable start-up happening after OpenIDM reports ready

• OPENIDM-1388: AD sync service does not work with SSL 8443

• OPENIDM-1385: Error with REST call to "/openidm/audit/access"

• OPENIDM-1381: Audit log does not correctly record the 'before' state of system objects when calling openidm.update().

• OPENIDM-1368: AD password sync service throws critical error in SSL - mutual auth

• OPENIDM-1365: Recon Audit Log Entries Should Contain "messageDetails" for ScriptExceptions During Reconciliation

• OPENIDM-1361: Exception from UI when a workflow started by scheduler has a user task in it

• OPENIDM-1354: Recon Log Entries Missing "messageDetail" From Errors During Recon

• OPENIDM-1348: Get requests are not including the shutdown time for nodes that have shutdown normally

• OPENIDM-1346: Disabling The Cluster Management Service Causes Startup Errors/Exceptions

• OPENIDM-1341: Add support for the Cluster Management Service to MSSQL and Oracle repository configs and schemas

• OPENIDM-1339: AD password sync plugin service causes critical error and restarts Windows

• OPENIDM-1338: Validation for create without objectId is always true

• OPENIDM-1337: Recon.csv and recon detail over REST are not aligned.

• OPENIDM-1329: OrientDB as repo does not initialize if there is no network connection

• OPENIDM-1321: OpenIDM Audit Logger Service - Fix Camel-Case Typo In Activity Log For "parentActionId" Parameter

• OPENIDM-1309: On mysql 5.6 db init script raises a "Specified key was too long" on creation of index of auditactivity table

• OPENIDM-1308: InternalServerErrorException CryptoService unavailable; regression from OPENIDM-1185

• OPENIDM-1304: Custom queries for recon audit logs which return different columns do not get returned correctly

• OPENIDM-1298: Reconciliation should re-use the executor, and explicitly shut it down at the end

• OPENIDM-1293: OpenIDMELResolver should use component.name to bind JavaDelegate implementations instead of component.id

• OPENIDM-1292: Obfuscate Bootstrap information does not work properly

• OPENIDM-1287: Scheduler null pointer exception

• OPENIDM-1285: Private Key not getting stored in keystore when certificate is generated and store.

• OPENIDM-1283: External/rest requests to endpoints which return non-200 responses result in errors

• OPENIDM-1281: Query for "get-by-field-value" is incorrect

• OPENIDM-1268: Formatting in user registration page broken

• OPENIDM-1267: Add Enum and DateFormType specific data to the taskdefinitions returned by Activiti

• OPENIDM-1265: liveSync process should never get stuck because of exceptions with the synchronizationListener.

• OPENIDM-1259: OrientDB config file in Samples does not have the new query for clusters

• OPENIDM-1256: additionalPolicies option in policy.json not working

• OPENIDM-1253: Password reset dialog behaving incorrectly

• OPENIDM-1247: Policy Service property validation on a property with no configured policy results in a TypeError

• OPENIDM-1245: Align openidm and activiti contract on scripting(openidm.action() and openidm.patch() failed in a workflow on managed object.)

• OPENIDM-1236: ScriptableList: cannot put 0 (zero) index element

• OPENIDM-1216: Cluster Management Service

• OPENIDM-1210: Directly-assigned workflow tasks disappear when "Requeue" button is hit

• OPENIDM-1208: UI is inoperable in IE8 due to lowercase request headers

• OPENIDM-1190: Disable Quartz update check by default

• OPENIDM-1187: Inconsistent "If-None-Match:" behavior between query and read actions

• OPENIDM-1185: Internal Server error while patching an object's attribute with mysql as repository

• OPENIDM-1184: sample/sample3 and sample/provisioner use hardcoded path in provisioner configuration.

• OPENIDM-1179: Delete non-existing schedules via dynamic scheduler API triggers exception on openidm OSGI console

• OPENIDM-1176: Disabled schedules via dynamic scheduler API disappear

• OPENIDM-1175: IE9 and below aggressively cache AJAX requests, causing the UI to behave strangely

• OPENIDM-1174: Some UI Features are Indistinguishable From Plaintext

• OPENIDM-1173: After stopping and restarting eg. the groovy bundle the necessary Activiti ScriptEngineResolver service is not added again to the OSGI services

• OPENIDM-1170: Linux startup script generator is not working correctly

• OPENIDM-1162: With OrientDB, for a MISSING/CREATE situation/action, reconciliation creates a new link instead of using an existing link

• OPENIDM-1151: CLI.SH configExport not working on Linux Ubuntu

• OPENIDM-1150: Additional policy files raises an error about addPolicy()

• OPENIDM-1149: sample5 and sample9 broken due to javascript method method hasOwnProperty missing

• OPENIDM-1148: Changes to static files within /ui/default/bundle-dir unloads the /openidm context, breaking system

• OPENIDM-1147: Install path with space not handled correctly in startup.sh

• OPENIDM-1141: OrientDB config bootstrap repository does not use .json config file, only properties

• OPENIDM-1129: OpenIDM freezes when the connection to the repository is interrupted

• OPENIDM-1126: Listing reconciliation tasks endpoint sends back a JSON with an extra "progress" level

• OPENIDM-1123: Memory leak in directory/file processor

• OPENIDM-1115: When an LDAP user is created through the REST API, the _id that is returned is not normalized

• OPENIDM-1111: Empty OpenIDM response (HTTP 204) causes response parser to fail

• OPENIDM-1110: Immediate dll password change request has wrong content-length value

• OPENIDM-1109: Password needs to be valid JSON string after decryption

• OPENIDM-1100: Site images need to be changeable/extensible without re-packaging the UI

• OPENIDM-1094: Starting a second OpenIDM instance with a conflicting port causes the instance to freeze

• OPENIDM-1093: A user's accountStatus (active or inactive) has no effect on the UI or the REST API

• OPENIDM-1087: ObjectMapping's call-back action does not support sync-based use-cases

• OPENIDM-1083: Update with PUT on managed user returns the qualified id rather than the local id only

• OPENIDM-1070: RECON: link was not deleted when UNLINK or DELETE action was used for the TARGET IGNORED situation.

• OPENIDM-1068: Typo on individual user's profile page

• OPENIDM-1062: Issue with credential-query using Oracle

• OPENIDM-1056: Policy on repo/internal/openidm-admin/userName causes validation 500 failures

• OPENIDM-1021: Wrong starting arguments during start could throw an error or warning.

• OPENIDM-969: Console login fails and leaves OpenIDM in unusable state

• OPENIDM-964: An incorrect password in boot.properties causes OpenIDM to hang on startup

• OPENIDM-910: Eliminate process bundle warning message on re-starts

• OPENIDM-681: arbitrary query would return all ldap user account info

• OPENIDM-615: More graceful failure when DB drivers are missing

• OPENIDM-604: querying for "query-all-ids" with the repo.jdbc configuration set for explicit tables gives an exception

• OPENIDM-595: Sample 3 provisioner.openicf-sciptedsql.json has hard-coded path to /opt/111/openidm

• OPENIDM-594: Sample2c not showing ldapGroups

• OPENIDM-589: OrientDB index naming convention needs to be unique

• OPENIDM-577: System object audit logging

• OPENIDM-576: Support writing to newly created audit log file after moving/deleting the existing

• OPENIDM-556: NPE during patch action due to logger level

• OPENIDM-554: Running OpenIDM from any directory

• OPENIDM-553: Authorization re-configuration and re-registration issues

• OPENIDM-551: onStore, onRetrieve at managed object level not initialized

• OPENIDM-550: Using "*" condition on PUT to relax MVCC fails

• OPENIDM-548: If-None-Match tries to read the object and fails

• OPENIDM-547: NPE with the ETag header when not using quotes

• OPENIDM-545: Command line help not working

• OPENIDM-538: SSL Mutual auth should set openidm-cert role

• OPENIDM-536: Missing "_from" request param and "from" default causes NPE

• OPENIDM-532: Authentication rejected on first start-up (possible filter registration issue)

• OPENIDM-530: OpenICF connectors and related should not have EA tag anymore

• OPENIDM-467: Cannot save JSON object in repository if it contains a list

• OPENIDM-456: Support of systems with case-sensitive and case-insensitive ids are unpredictable

OpenIDM 3.0.0 has the following known limitations:

• A conditional GET request, with the If-Match request header, is not currently supported.

• OpenIDM provides an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. As an embedded system, local integration is supported. Remote integration is not currently supported.

• The OpenIDM implementation of roles does not enforce referential integrity. In other words, you can set up users with a hypothetical role x, before you create that referential role x. Conversely, if you delete an existing referential role y, users with that role will retain that role.

  When dynamically assigned roles are added, OpenIDM does not set up provisioning for previously existing users. Any updates to dynamically assigned roles will not update users assigned with those roles.

• OPENIDM-2089: Remove the need to store certificates in the default java keystore when doing ssl over jdbc.

• OPENIDM-2078: PermGen leak in "source" scripts

• OPENIDM-2074: When the workflow module is disabled, shutdown errors are displayed on the console

• OPENIDM-2068: Audit service does not pass cREST paging parameters along with other query details

• OPENIDM-2062: openidm/system/NAME?_action=test does not properly handle encrypted values causing the tests to fail.

• OPENIDM-2058: Issues on status code and response content for REST API of Configuration with put and delete

• OPENIDM-2057: Issues on status code and response content for REST API of System with post, and delete

• OPENIDM-2056: Recon audit log entry formatting has issues (missing entries and extra entries)

• OPENIDM-2055: Issues on status code and response content for REST API of Scheduler with query, put, and delete

• OPENIDM-2054: Should not be able to create two provisioners with the same name

• OPENIDM-2034: Support arbitrary [commons] auth modules via className

• OPENIDM-2028: The .NET Connector Server Exception displays an incorrect connector error

• OPENIDM-2021: If a query is made on an attribute that is not part of the object schema, OpenIDM returns an inaccurate message

• OPENIDM-2016: sync on unsupported object class with remote java connector returns 500 instead of 400

• OPENIDM-2005: OpenICF query filter does not support literal expressions

• OPENIDM-2004: NPE in OpenICF Provisioner query w/o filter

• OPENIDM-2002: Failed to Decrypt Jwt errors (badPaddingException)

• OPENIDM-1998: Error 500/NPE during reconciliation (ObjectClassResourceProvider.queryCollection)

• OPENIDM-1991: IDM blocked accessing Orientdb ReadWriteDiskCache

• OPENIDM-1988: Scripted SQL 1.4 unable to find jdbc driver

• OPENIDM-1981: Importing all config files with CLI configimport fails with Java 8

• OPENIDM-1959: cli.bat fails to export configuration when we give an absolute path in argument

• OPENIDM-1954: Enabling the OrientDB Studio UI doesn't take effect until the second restart of OpenIDM

• OPENIDM-1949: Update managed user with patch by query in POST should return modified object instead of null

• OPENIDM-1948: Creating manager user with PUT on managed/user// endpoint is accepted whereas it should be refused

• OPENIDM-1945: Invalid workflow config results in the request being stuck in the queue

• OPENIDM-1941: "pattern" property in access.js rules does not work when used on system endpoints

• OPENIDM-1907: Recon failures as a result of policy violations do not indicate the cause of the violation in the recon audit log.

• OPENIDM-1898: Representation of request-object differs between code and json-representation

• OPENIDM-1889: UI failed to recover from password changing failure

• OPENIDM-1860: Null pointer exception when setting target attribute during onUnlink

• OPENIDM-1823: getScriptBindings function of ServiceScript (ScriptRegistryImpl.java) slows down extremely when accessed paralell from multiple threads

• OPENIDM-1779: Recon action DELETE on situation UNASSIGNED does not delete the target object

• OPENIDM-1771: Failed requests (updating user data) are not audited in the activity audit log

• OPENIDM-1744: Canceling a completed recon changes its stage from COMPLETED_SUCCESS to ACTIVE_CANCELING

• OPENIDM-1742: Launching a recon by ID on a non-existent ID is not handled correctly

• OPENIDM-1721: postAction scripts are not triggered when the "action" is IGNORE or ASYNC

• OPENIDM-1664: Memory usage of AD connector continue to increase.

• OPENIDM-1654: No sync/ service is registered if a sync.json file is not present in the configuration

• OPENIDM-1642: no more possible to change the default Encryption Keys

• OPENIDM-1641: Obfuscation of bootstrap information for Keystore not working

• OPENIDM-1632: create-openidm-logrotate.sh is not properly defined

• OPENIDM-1619: OperationOptions specified within the provisioner configuration are not passed to connectors by OpenIDM

• OPENIDM-1600: Cluster with Oracle DB backend

• OPENIDM-1564: __NAME__ attribute incorrectly required as part of object definition for a create action

• OPENIDM-1562: Route to endpoint service not found if there is a resourcename after the name of the endpoint

• OPENIDM-1560: when starting OpenIDM with -p option logging.properties file is not taken in project location

• OPENIDM-1530: OpenIDM self-signed certificates in keystore and truststore does not match

• OPENIDM-1523: Generated self-signed cert does not work with the OpenDJ pwd sync plugin

• OPENIDM-1504: OpenICFProvisionerService handle method performs logger.isDebugEnabled() checks but logs at the error level

• OPENIDM-1501: sync?_action=performAction with an action=DELETE results in a delete on the source rather than the target

• OPENIDM-1488: XDate locales could not be initialized correctly

• OPENIDM-1476: Internal patch retry process in managed objects fails

• OPENIDM-1452: Incorrect bundleVersion in provisioner config yields confusing error

• OPENIDM-1445: Provisioner service does not decrypt encrypted attributes before passing them to OpenICF framework

• OPENIDM-1437: Policy service not called at the right time

• OPENIDM-1430: OpenIDM needs a restart after importing a new cert via REST API

• OPENIDM-1409: The query-all and get-users-of-direct-role queries are not consistent across different repos

• OPENIDM-1399: Logging into the working directory (specified with the -w option) does not work

• OPENIDM-1398: ad plugin using old conventions for calling openidm patch operation to set password

• OPENIDM-1390: Unable to parse boolean configuration values from custom OpenICF provisioner

• OPENIDM-1379: ADD operation failed for OpenDJ account notification handler

• OPENIDM-1277: cli.bat configexport does not work on Windows

• OPENIDM-1269: some issues with Case Sensitivity options for Sync

• OPENIDM-1219: DB/Config bootstrapping should use IdentityServer support for getting properties, including boot prop

• OPENIDM-1186: PATCH with POST using MVCC are successful even if revision wrong

• OPENIDM-1165: EXCEPTION action when doing liveSync stops the synctoken processing

• OPENIDM-1098: onDelete script generates exception

• OPENIDM-1074: disabling automatic polling for changes of config file not possible on new install

• OPENIDM-848: Conflicting behavior might be observed between the default fields set by the onCreate script and policy enforcement

• OPENIDM-803: For reconciliation, the default DELETE action does not delete target objects when targets are ambiguous, including UNQUALIFIED situations, if there is more than one target

• OPENIDM-662: query-all-ids always returns the revision as 0, even after the object has been updated to a newer revision

These capabilities are expected to change in upcoming releases:

• The way you generate connector configurations for access to external resources, described in Creating Default Connector Configurations in the Integrator's Guide.