CA Identity Manager - 版本说明

Similar documents

修改版-操作手册.doc

目录一系统访问... 1 二门户首页申报用户审核用户... 2 三系统登录用户名密码登录新用户注册用户登录已注册用

<433A5C446F63756D656E E E67735C41646D696E F725CD7C0C3E65CC2DBCEC4CFB5CDB3CAB9D3C3D6B8C4CFA3A8BCF2BBAFA3A95CCAB9D3C3D6B8C4CF31302D31392E646F63>

评委 : 李炎斌 - 个人技术标资信标初步审查明细表序号投标单位投标函未按招标文件规定填写漏填或内容填写错误的 ; 不同投标人的投标文件由同一台电脑或同一家投标单

深圳市新亚电子制程股份有限公司

说明为了反映教运行的基本状态, 为校和院制定相关政策和进行教建设与改革提供据依据, 校从程资源 ( 开类别开量规模 ) 教师结构程考核等维度, 对 2015 年春季期教运行基

全国建筑市场注册执业人员不良行为记录认定标准（试行）.doc

金不少于 800 万元, 净资产不少于 960 万元 ; (3) 近五年独立承担过单项合同额不少于 1000 万元的智能化工程 ( 设计或施工或设计施工一体 ) 不少于 2 项 ; (4) 近三年每年

Cybozu Garoon 3 管理员手册

《C语言基础入门》课程教学大纲

评委 : 徐岩宇 - 个人技术标资信标初步审查明细表序号投标单位投标函未按招标文件规定填写漏填或内容填写错误的 ; 不同投标人的投标文件由同一台电脑或同一家投标单

珠江钢琴股东大会

云信Linux SSH认证代理用户手册

0 年上半年评价与考核细则序号部门要素值考核内容考核方式考核标准考核 ( 扣原因 ) 考评得 3 安全生产目 30 无同等责任以上道路交通亡人事故无轻伤责任事故无重大质量

<4D F736F F D20B9D8D3DAB0BABBAAA3A8C9CFBAA3A3A9D7D4B6AFBBAFB9A4B3CCB9C9B7DDD3D0CFDEB9ABCBBE C4EAC4EAB6C8B9C9B6ABB4F3BBE1B7A8C2C9D2E2BCFBCAE92E646F6378>

目录关于图标... 3 登陆主界面... 3 工单管理... 5 工单列表... 5 搜索工单... 5 工单详情... 6 创建工单... 9 设备管理巡检计划查询详情销售管

采取行动的机会 90% 开拓成功的道路 2

登录、注册功能的测试用例设计.doc

18 上报该学期新生数据至阳光平台第一学期第四周至第六周 19 督促学习中心提交新增专业申请第一学期第四周至第八周 20 编制全国网络统考十二月批次考前模拟题第一学

3 月 30 日在中国证券报上海证券报证券时报证券日报和上海证券交易所网站上发出召开本次股东大会公告, 该公告中载明了召开股东大会的日期网络投票的方式时间以及审

自服务按钮无法访问新系统的自服务页面因此建议用户从信网中心 ( 主页, 右下角位置的常用下载, 或校园网用户自服务 ( 首页

第一部分 MagiCAD for Revit 安装流程

目录页 1. 欢迎使用网上预约面谈访问系统新用户新用户登入帐户程序启动网上预约面谈访问帐户核对帐户的地址资料

附件 : 上海市建筑施工企业施工现场项目管理机构关键岗位人员配备指南二一四年九月十一日 2

全国教师资格认定管理信息系统

何秋琳张立春视觉学习研究进展视觉注意视觉感知

教师上报成绩流程图

Microsoft Word - 文件汇编.doc

第2章数据类型、常量与变量

现场会议时间为 :2016 年 5 月 19 日网络投票时间为 :2016 年 5 月 18 日年 5 月 19 日其中通过深圳证券交易所交易系统进行网络投票的时间为 2016 年 5 月 19 日 9:30-

证券代码：证券简称：长城电脑公告编号：

三门峡市质量技术监督局清单公示

定位和描述 : 程序设计 / 办公软件高级应用级考核内容包括计算机语言与基础程序设计能力, 要求参试者掌握一门计算机语言, 可选类别有高级语言程序设计类数据库编程类

抗战时期国民政府的银行监理体制探析 % # % % % ) % % # # + #, ) +, % % % % % % % %

合并计算配售对象持有多个证券账户的, 多个证券账户市值合并计算确认多个证券账户为同一配售对象持有的原则为证券账户注册资料中的账户持有人名称有效身份证明文件

目录第一章博星卓越电子商务营销策划实践平台硬件使用介绍... 3 第二章博星卓越电子商务营销策划实践平台管理员端功能使用介绍系统管理员登陆班

第四条建设单位对可能产生职业病危害的建设项目, 应当依照本办法向安全生产监督管理部门申请职业卫生三同时的备案审核审查和竣工验收建设项目职业卫生三同时工作可

一从分封制到郡县制一从打虎亭汉墓说起

<443A5C6D B5C30312EB9A4D7F7CEC4B5B55C30322EBACFCDACCEC4B5B55C C30342EC8CBC9E7CCFC5C31332ECFEEC4BFC5E0D1B55C E30385C322EB2D9D7F7CAD6B2E12E646F63>

ETF、分级基金规模、份额变化统计

<4D F736F F D D323630D6D0B9FAD3A6B6D4C6F8BAF2B1E4BBAFB5C4D5FEB2DFD3EBD0D0B6AF C4EAB6C8B1A8B8E6>

Microsoft Word - 第7章图表反转形态.doc

2006年顺德区高中阶段学校招生录取分数线

Template BR_Rec_2005.dot

世华财讯模拟操作手册

一公共卫生硕士专业学位论文的概述学位论文是对研究生进行科学研究或承担专门技术工作的全面训练, 是培养研究生创新能力, 综合运用所学知识发现问题, 分析问题和解决

办法 >( 修订稿 ) 的议案关于提请任子行网络技术股份有限公司股东大会授权董事会办理公司限制性股票激励计划相关事宜的议案确定公司的限制性股票激励计划相关事项如

( ) 信号与系统 Ⅰ 学科基础必修课教周 2016 年 06 月 13 日 (08:00-09:35) ( )

工程勘察资质标准根据建设工程勘察设计管理条例和建设工程勘察设计资质管理规定, 制定本标准一总则 ( 一 ) 本标准包括工程勘察相应专业类型主要专业技术人员配备技术

,,,,, :,, (.,, );, (, : ), (.., ;. &., ;.. &.., ;, ;, ),,,,,,, ( ) ( ),,,,.,,,,,, : ;, ;,.,,,,, (., : - ),,,, ( ),,,, (, : ),, :,

联想电子订单操作指南

四川省卫生厅关于开展医疗美容主诊医师资格考试及换证工作的通知

黄金原油总持仓增长, 同比增幅分别为 4.2% 和 4.1% 而铜白银以及玉米则出现减持, 减持同比减少分别为 9.4%,9.4% 以及 6.5% 大豆, 豆粕结束连续 4 周总持仓量增长, 出现小幅

(Microsoft Word - NCRE\314\345\317\265\265\367\325\37313\324\27221\272\3051.doc)

4 进入交互区设置的组件管理, 在组件管理中, 教师可以选择课程空间中的所有组件, 并通过点击启用或不启用选定组件在课程空间中的显示 5 进入工作室管理的工作室首页,

中国石化油品销售企业CRM调研报告

收入支出项目 2016 年预算项目 2016 年预算预算 01 表单位 : 万元 ( 保留两位小数 ) 一公共财政预算拨款一人员经费一般财力人员支出成品

境外上市外资股股东持有股份总数 (H 股 ) 489,157,907 3 出席会议的股东所持有表决权股份数占公司有表决权股份总数的其中 :A 股股东持股占股份总数的

龚亚夫在重新思考基础教育英语教学的理念一文中援引的观点认为当跳出本族语主义的思维定式后需要重新思考许多相连带的问题比如许多发音的细微区别并不影响理解和

新, 各地各部门 ( 单位 ) 各文化事业单位要高度重视, 切实加强领导, 精心组织实施要根据事业单位岗位设置管理的规定和要求, 在深入调查研究广泛听取意见的基础上, 研究提

Transcription:

CA Identity Manager 版本说明 r12.5 SP1

本文档和相关的计算机软件帮助程序 ( 以下简称本文档 ) 仅供用户参考,CA 有权随时修改或撤销本文档未经 CA 事先书面许可, 不得擅自复制转让翻印透露修改或转录本文档的全部或部分内容本文档属于 CA 的保密和专有信息, 除非在与 CA 的单独保密协议中得到许可, 否则不得透露或使用本文档尽管有上述规定, 如果用户为本文档中所指的软件产品的经授权许可的用户, 那么仍可打印合理数量的本文档副本供用户及与该软件有关的用户雇员内部使用, 但所有 CA 版权声明和标识必须附在每一份副本上打印本文档副本的权利仅限于本软件适用的许可协议的有效期内如果该许可因任何原因终止, 用户应负责向 CA 书面证明已将本文档的所有完整和不完整的副本退回 CA 或销毁在所适用的法律允许的范围内,CA 按照现状提供本文档, 不附带任何保证, 包括但不限于商品适销性适用于特定目的或不侵权的默示保证 CA 在任何情况下对最终用户或其他第三方由于使用本文档所造成的直接或间接的损失或损害都不负任何责任, 包括但不限于利润损失投资受损业务中断信誉损失或数据丢失, 即使 CA 已经被提前明确告知这种损失或损害的可能性本文档中涉及的任何软件产品的使用均应遵照有关许可协议的规定且根据本声明中的条款不得以任何方式修改此许可协议本文档由 CA 制作本文档仅提供有限权利美国政府使用复制或透露本产品受 FAR Sections 12.212 52.227-14 和 52.227-19(c)(1) - (2) 以及 DFARS Section 252.227-7014(b)(3) 的相关条款或其后续条款的限制版权所有 2010 CA 保留所有权利此处涉及的所有商标商品名称服务标识和徽标均归其各自公司所有

CA 产品引用本文档参考以下 CA 产品 : CA Identity Manager CA SiteMinder Web Access Manager CA Directory CA Enterprise Log Manager CA Role & Compliance Manager (CA RCM) 联系技术支持要获取在线技术帮助以及办公地址主要服务时间和电话号码的完整列表, 请联系技术支持 :http://www.ca.com/worldwide

目录第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 9 支持的平台和版本... 9 Policy Xpress... 9 从 Option Pack 1 开始对 Policy Xpress 插件的更改... 10 端点帐户的反向同步... 10 批量任务... 11 电子邮件通知策略... 11 预防性身份策略... 12 工作流增强功能... 12 全局事件级别基于策略的工作流映射... 13 任务级别的基于策略工作流... 13 升级批准模板... 14 匹配属性确定程序... 14 在批准屏幕中突出显示更改的属性... 15 部分属性级别的批准 / 拒绝... 15 批准策略说明... 16 针对工作项的批量操作... 16 Smart Provisioning 增强... 16 在 Identity Manager 用户会话中更改语言... 17 第 2 章 : CA Identity Manager r12.5 中的新功能 19 CA Role & Compliance Manager 集成... 19 Smart Provisioning... 20 Identity Manager 连接器 - 支持的端点... 21 Identity Manager 连接器 - 更新限制... 22 CA Enterprise Log Manager 集成... 23 CA Enterprise Log Manager 报告... 23 Identity Manager 目录配置向导... 24 帐户管理功能增强... 24 需要配给管理器的端点类型... 24 安装和升级功能增强... 25 自动化的任务持久性无用单元收集和存档... 25 任务持久性迁移工具... 26 Connector Xpress 增强... 26 批加载程序允许多个操作... 27 角色和任务导入功能增强... 27 报告数据源... 28 新的默认报告... 28 工作流增强功能... 29 WorkPoint 3.4.2 支持... 29 目录 v

基于策略的工作流... 29 工作流作业视图... 30 查看提交的任务功能增强... 31 配置文件屏幕增强... 31 确认字段... 31 动态字段显示... 32 新对象选择器字段样式... 32 对 Microsoft Visual Studio 2008 的支持... 32 身份策略功能增强... 32 配给角色所有者任务... 33 第 3 章 : CA Identity Manager r12.5 SP1 中现有功能的更改 35 包括在角色定义文件中的其他对象... 35 现在在安装过程中部署本地化文件... 35 增强的工作项指派... 35 增强的动态确定程序... 36 新任务重现模型... 36 第 4 章 : CA Identity Manager r12.5 中现有功能的变化 37 快照数据库性能提高... 37 快照参数 XML 文件增强... 37 连接管理... 38 环境导出包括其他对象... 38 CA Identity Manager 累积版本 (CR) 中的修补程序和增强... 38 Active Directory 连接器现在支持 Win2003 R2 UNIX 属性... 38 端点类型属性映射文件移动... 39 默认 CleverPath 报告模板被删除... 39 已弃用的配给 SDK 和实用程序... 39 不再支持 irecorder... 40 Web 服务对于新环境中的所有任务均为禁用状态... 41 第 5 章 : 安装注意事项 43 支持的升级路径... 43 将 ADAM 2008 作为用户存储... 43 JBoss Enterprise Application Platform 4.2 上的其他安装步骤... 44 要求 Solaris 修补程序... 44 Solaris 最低内核参数... 44 非 ASCII 字符会导致非英语系统上的安装失败... 45 IPv6 支持... 45 IPv6 JDK 要求... 45 IPv6 配置注意事项... 46 Windows 2008 上带有纯 IPv6 的配给目录不受支持... 46 Linux 上的配给目录安装... 47 使用 WebLogic 时 Identity Manager EAR 不自动部署... 47 vi 版本说明

防火墙阻止 Windows 2008 SP2 部署中与 Identity Manager 组件的通信... 47 Linux 64 位上的 CA Identity Manager 与 SiteMinder 连接错误... 48 第 6 章 : 已知问题 49 常规... 49 数据库未启动时 Identity Manager 以失败状态启动... 49 搜索大用户存储时, 可能发生内存不够错误... 49 批加载程序工作流限制... 49 创建带有配给的环境之后重新启动 CA Identity Manager... 50 JBoss 上的良性 JSF RI 错误... 50 CA Identity Manager 连接器需要连接器配置更改... 51 配给角色名称更改不会在 CA RCM 中动态更新... 51 在特定部署中创建新环境时的未找到错误... 52 CA RCM 日志中的良性错误... 52 在 Identity Manager 中修改单值复合属性... 53 Linux 系统的 WebSphere 中的工作流启动问题... 53 在工作流批准屏幕上突出显示为已更改的属性... 53 建议在导入角色定义文件时其他选项卡存在于环境中时出错... 54 升级... 54 将群集从 CA Identity Manager r12 CR6 或更高版本进行升级时的问题... 54 升级之后重新映射 DYN 端点属性... 55 CA Directory 升级消息问题... 55 基于 WebLogic 9.2.1 升级时的错误... 55 环境迁移错误... 56 升级 CA Directory 之前必要的修复... 56 用于 z/os 连接器的升级后步骤... 57 如果 Identity Manager 用户存储无法联系, 环境迁移则失败... 58 ( 仅 WebLogic) 更新选项包路径... 58 升级之后重新应用 WorkPoint 文件修改... 58 没有浏览和关联任务的搜索屏幕... 59 报告... 59 用户帐户报告生成失败... 59 使用 ExportAll.xml 捕获快照数据时出错... 60 捕获快照数据任务在完成时也显示为正在进行... 60 报告限制... 60 在 XML 文件中,Satisfy=All 运行不正常... 60 查看报告时会重定向到 Infoview 登录页... 60 为查看我的报告任务启用第三方 Cookie... 61 如果存在的记录多于 20,000 个, 生成用户帐户则失败... 61 对于 WebSphere, 非快照报告需要日期选取器... 62 配给... 62 常规... 62 端点类型... 66 目录 vii

第 7 章 : 已修复问题 83 第 8 章 : 文档 85 总目录... 86 在线帮助功能增强... 86 etrust 到 CA 的品牌重塑... 87 术语更改... 87 文档更改... 88 附录 A: 第三方声明 89 Apache... 89 ANTLR 2.7.5H#... 96 ASM 3... 97 DOM4J... 97 HSQLDB 1.7.3... 99 HSQLDB 1.8.0... 101 IBM DB2 Driver for JDBC and SQLJ... 102 Jaxen 1.3... 102 JDOM 1.11... 104 JSON 1.0... 105 jtopen 5.1.1... 105 libcurl 7.15.0... 106 MX4J 3.0.2... 107 Oracle JDBC Driver 10g Release 2... 109 Rhino 1.5R5... 110 Rhino 1.7R1... 119 SAAJ 1.2... 131 SAXPath 1.1... 132 SpiderMonkey 1.5... 133 Sun JDK 1.6.0... 134 Xinha.96 Beta 2... 142 viii 版本说明

第 1 章 : CA Identity Manager r12.5 SP1 中的新功能此部分包含以下主题 : 支持的平台和版本 (p. 9) Policy Xpress (p. 9) 端点帐户的反向同步 (p. 10) 批量任务 (p. 11) 电子邮件通知策略 (p. 11) 预防性身份策略 (p. 12) 工作流增强功能 (p. 12) Smart Provisioning 增强 (p. 16) 在 Identity Manager 用户会话中更改语言 (p. 17) 支持的平台和版本在 CA Identity Manager r12.5 SP1 中, 对支持的应用程序服务器版本目录和数据库进行了一些更改注意 : 有关支持平台和版本的完整列表, 请参阅 CA 支持站点中的 CA Identity Manager 支持表 Policy Xpress 通过 Policy Xpress 您可以创建复杂的业务逻辑 ( 策略 ), 无需开发自定义代码 Policy Xpress 任务位于策略选项卡下, 在默认情况下, 与 Policy Xpress 管理者角色和系统管理者角色相关联先前,Policy Xpress 是 Option Pack 1 的一部分在该版本中,Policy Xpress 已并入到核心 CA Identity Manager 产品并可以从策略选项卡下访问此外, 请注意以下该版本中对 Policy Xpress 的改进与提高 : 使用范围规则搜索策略策略具有已提交任务和反向侦听程序创建修改查看和删除策略在查看提交的任务中作为事件被捕获可以在发生错误时重新提交这些事件此外, 您可以为这些事件配置工作流 Policy Xpress 审核查看提交的任务中的所有活动, 包括评估的策略执行的操作以及故障几个对插件所做的可用性改进第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 9

端点帐户的反向同步策略可以在提交任务之前验证数据在策略生成错误时, 细化行为控制注意 : 有关 Policy Xpress 的详细信息, 请参阅 Administration Guide ( 管理指南 ) 从 Option Pack 1 开始对 Policy Xpress 插件的更改 CA Identity Manager r12.5 SP1 实施下列的 Policy Xpress 插件更改 : 数据元素已经更改帐户属性 - 已删除端点对象 - 已删除帐户值和帐户值 ( 按标识符 ) - 已移到帐户类别比较器, 比较字符串 - 添加了区分大小写选项比较器, 比较日期 - 添加了日期格式参数日期 - 添加了日期格式参数时间 - 添加了时间格式参数列表筛选 - 添加了列表大小功能工作流 - 现在可以返回全名用户名或电子邮件地址操作设置帐户数据和按标识符设置帐户数据 - 已移到帐户类别添加了移动帐户操作端点帐户的反向同步端点系统用户可以在端点上创建删除或修改帐户例如, 用户使用外部工具可以在 Active Directory 域中创建或修改帐户 CA Identity Manager 必须注意到这种潜在的安全问题在端点上直接创建或修改帐户会绕过 CA Identity Manager 的批准流程和审核通过识别 Identity Manager 帐户和端点帐户之间的区别, 反向同步可以帮助确保对端点帐户的控制您创建反向同步策略来处理更改然后, 使用浏览和关联更新 CA Identity Manager 来触发执行策略先前, 反向同步是 Option Pack 1 的一部分在该版本中, 反向同步并入到核心 CA Identity Manager 产品并可以在用户控制台的端点选项卡上访问注意 : 有关反向同步的详细信息, 请参阅 Administration Guide ( 管理指南 ) 中的 Managed Endpoint Accounts ( 管理端点帐户 ) 一章 10 版本说明

批量任务批量任务通过批量任务 (Option Pack 1 中的排定任务 )CA Identity Manager 用户可以执行以下操作 : 修改用户对象, 基于属性筛选, 如部门城市终止日期等等周期性运行特定对象中的任务, 如每个星期六产生批量用户更改, 如修改选定部门内的所有用户该功能不同于 CA Identity Manager 中通过提供群体筛选的排定任务功能与排定任务不同, 在配置批量任务时, 受批量任务影响的对象群体为未知此外, 批量任务影响许多对象, 而排定任务仅影响一个对象注意 : 有关批量任务的详细信息, 请参阅 Administration Guide ( 管理指南 ) 电子邮件通知策略电子邮件通知会通知系统中任务和事件的 CA Identity Manager 用户例如, CA Identity Manager 在事件或任务需要批准时, 可以给批准人发送邮件 CA Identity Manager r12.5 SP1 为创建电子邮件通知提供两种方式 : 电子邮件模板 ( 现有的功能 ) 管理员使用安装有 CA Identity Manager 的默认模板来创建电子邮件通知要自定义那些模板, 管理员使用电子邮件模板 API 电子邮件通知策略 ( 新的功能 ) CA Identity Manager r12.5 SP1 包括其他的方式, 允许企业用户通过使用管理控制台中的电子邮件管理任务创建查看修改和删除电子邮件通知这些用户不需要知道任何配置电子邮件通知的代码管理员可以定义电子邮件的内容何时发送何人接收电子邮件的内容可以包含动态信息, 如当前日期或事件信息, 在发送电子邮件时,CA Identity Manager 将进行填充例如, 您可以配置在创建新用户时发送给批准人的电子邮件通知电子邮件可以包含登录信息雇用日期以及管理者然而, 电子邮件通知策略是 Policy Xpress 策略, 使用用户控制台中的单独一套任务来创建和管理这些电子邮件通知策略注意 : 有关电子邮件模板策略的详细信息, 请参阅 Administration Guide ( 管理指南 ) 第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 11

预防性身份策略预防性身份策略预防性身份策略是一种身份策略, 它会阻止用户接收可能会导致利益冲突或欺骗的权限这些策略支持公司的职责隔离 (SOD) 要求通过在提交任务之前执行的这些预防性身份策略, 管理员可以在分配权限或更改配置文件属性之前检查策略违规如果违规存在, 在提交任务之前, 管理员可以清除违规例如, 公司可以创建一个预防性身份策略, 来阻止具有用户经理角色的用户同时具有用户批准人角色如果管理员使用修改用户任务为用户管理者提供用户批准人角色,CA Identity Manager 则会显示一条关于违规的消息管理员可以更改角色分配以便在提交任务之前清除该违规预防性身份策略也可以触发工作流流程, 这个流程是 : 在 CA Identity Manager 执行任务之前, 需要获得指定批准人的批准注意 : 有关预防性身份策略的详细信息, 请参阅 Administration Guide ( 管理指南 ) 工作流增强功能在此版本中, 对工作流进行了以下几项新增强 : 全局事件级别基于策略的工作流映射 (p. 13) 任务级别的基于策略工作流 (p. 13) 升级批准模板 (p. 14) 匹配属性确定程序 (p. 14) 在批准屏幕中突出显示更改的属性 (p. 15) 部分属性级别的批准 / 拒绝 (p. 15) 批准策略说明 (p. 16) 针对工作项的批量操作 (p. 16) 12 版本说明

工作流增强功能全局事件级别基于策略的工作流映射事件可以被映射到管理控制台的工作流流程, 或与特定任务中的基于策略的工作流批准策略关联通过新的为事件配置基于全局策略的工作流任务, 管理员可以在环境级别为事件设置基于策略的工作流映射不同于为管理任务中的事件设置基于策略工作流, 所配置的基于策略工作流映射应用于生成该事件的所有任务注意 : 只有在启用工作流时, 为事件配置全局基于策略工作流任务才可用在禁用工作流时执行该任务会抛出错误此新任务已经被添加到系统选项卡提交任务时, 会以下列方式检索该任务中每个事件的工作流流程 : 为该管理任务的事件配置的任何工作流具有优先权针对基于策略或不基于策略的工作流可以配置事件如果针对该管理任务的事件配置了基于策略的工作流, 那么会调用与该策略关联的工作流流程如果没有规则匹配, 则该事件不调用工作流同样, 如果针对该管理任务的事件配置了不基于策略的工作流, 那么会调用与该策略关联的工作流流程如果针对该管理任务的事件没有配置工作流, 那么该事件的全局工作流配置具有优先权任务级别的基于策略工作流通过任务级别的基于策略工作流, 您可以将任务与基于规则评估的工作流流程相关联这意味着, 与任务总是启动工作流流程不同, 仅当与该任务相关联的规则为真时, 工作流流程才会运行并生成工作项例如, 创建新组时, 您可以定义一个规则, 规定 : 仅当新组是指定父组织的一部分时才将创建组任务置于工作流控制之下并且创建工作项如果新组不属于该组织, 工作流流程则不会运行, 也不会创建任何工作项如果任务有多个规则, 则针对要批准的任务, 需要批准与该任务关联的所有工作流流程与之相似, 如果与该任务相关联的某一个工作流流程被拒绝, 则该任务本身也会遭到拒绝工作流规则可以被赋予优先级值, 以便确定规则评估和工作流执行的顺序针对任务级别的基于策略工作流, 仅默认的 CA Identity Manager 工作流模板支持工作流规则另外, 还可以创建自定义工作流流程以便与工作流规则一起使用注意 : 有关基于策略工作流的详细信息, 请参阅 Administration Guide ( 管理指南 ) 中的 Workflow ( 工作流 ) 一章第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 13

工作流增强功能升级批准模板已经添加了新的流程模板, 包括从主要批准人到升级批准人的同步转换批准节点如果找不到主要参与人, 则该用户可以批准或拒绝该请求注意 : 有关升级批准模板的详细信息, 请参阅 Administration Guide ( 管理指南 ) 中的 Workflow ( 工作流 ) 一章匹配属性确定程序该确定程序仅针对用户类型的对象来自任何可用对象的值与用户对象中的字段匹配使用以下选项设置匹配属性规则的限制 : 批准人指定批准该任务的用户类型用户或对象指定可以从中找到批准人的用户或对象与事件关联的对象 - 工作流控制下的事件该任务的启动人 - 启动管理任务的用户该任务的主要对象 - 由任务正在创建 / 修改的对象 ( 仅可用于任务级别的事件映射 ) 该任务的先前批准人 - 该任务以前的批准人 14 版本说明

工作流增强功能使用或对象属性指定包含批准人的属性批准人搜索属性指定在搜索中用于匹配以上识别的值的属性在批准屏幕中突出显示更改的属性为了让批准人了解已经修改哪些属性或让批准人在必要时撤销对那些属性的更改, 已经在批准人配置文件屏幕中添加了撤销图标, 通过它批准人可以了解已经更改了该属性批准人可以通过单击撤销按钮查看可编辑属性的原始值, 也可以将属性值更改为任何其他值部分属性级别的批准 / 拒绝批准人可以选择部分批准或拒绝批准配置文件屏幕上的属性更改如果批准人决定拒绝对批准屏幕上可见属性所做的更改, 那么批准人可以单击拒绝按钮, 且只将那些属性恢复到其原始值在先前版本中, 如果批准人单击拒绝按钮, 则会拒绝整个事件同样, 如果批准人单击批准按钮, 仅批准对批准屏幕上可见属性所做的更改注意 : 这仅适用于带有 OnChange 评估类型的批准策略的事件级别的基于策略工作流有关该功能的详细信息, 请参阅 Administration Guide ( 管理指南 ) 中的 Policy-Based Workflow ( 基于策略工作流 ) 一节第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 15

Smart Provisioning 增强批准策略说明对于批准策略管理的对象, 增加了一个非强制性的不可搜索的字符串说明属性, 并且将出现在生成的工作项中默认值 :255 个字符您可以使用以下格式输入 bundle key 的信息进行说明 : $ (bundle=<fully qualified resource bundles name> : key=<key>) 注意 : 如果批准策略说明超过 255 个字符, 则会显示错误消息要使用该新功能, 必须使用脚本对对象数据存储进行手动升级针对工作项的批量操作对于该版本的 CA Identity Manager, 可以针对选定的工作项执行下列批量操作 : 批准拒绝保留释放在用户控制台中, 配置工作列表选项卡得以增强, 现在包括一个新的支持批量工作流操作复选框如果启用该复选框, 用户则可以批量批准拒绝释放和保留他们拥有的工作项, 或查看我的工作列表屏幕中指派人的工作项然而, 管理员只能代表管理用户工作项屏幕上的现有用户执行批量保留或释放 Smart Provisioning 增强建议角色功能现在可用于创建用户任务以及修改用户任务 (CA Identity Manager r12.5 中已支持 ) CA Identity Manager 与 CA Role and Compliance Manager (CA RCM) 集成时, 建议角色功能向管理员提供可适于分配给用户的配给角色列表配给角色列表是 CA RCM 根据管理员输入的条件确定的建议配给角色有助于确保用户具有正确的权限, 同时能够保持公司的角色模型注意 : 有关建议角色的详细信息, 请参阅 Administration Guide ( 管理指南 ) 16 版本说明

在 Identity Manager 用户会话中更改语言在 Identity Manager 用户会话中更改语言 CA Identity Manager r12.5 SP1 包括新的功能, 在环境支持多种语言时, 允许用户更改显示在登录屏幕和用户控制台中的语言用户可以在登录屏幕和用户控制台的选择语言字段中选择要查看的语言用户不需要为了使显示的更改生效而注销环境注意 : 有关更改语言的详细信息, 请参阅 User Console Design Guide ( 用户控制台设计指南 ) 第 1 章 : CA Identity Manager r12.5 SP1 中的新功能 17

第 2 章 :CA Identity Manager r12.5 中的新功能此部分包含以下主题 : CA Role & Compliance Manager 集成 (p. 19) CA Enterprise Log Manager 集成 (p. 23) Identity Manager 目录配置向导 (p. 24) 帐户管理功能增强 (p. 24) 需要配给管理器的端点类型 (p. 24) 安装和升级功能增强 (p. 25) 自动化的任务持久性无用单元收集和存档 (p. 25) 任务持久性迁移工具 (p. 26) Connector Xpress 增强 (p. 26) 批加载程序允许多个操作 (p. 27) 角色和任务导入功能增强 (p. 27) 报告数据源 (p. 28) 新的默认报告 (p. 28) 工作流增强功能 (p. 29) 查看提交的任务功能增强 (p. 31) 配置文件屏幕增强 (p. 31) 对 Microsoft Visual Studio 2008 的支持 (p. 32) 身份策略功能增强 (p. 32) 配给角色所有者任务 (p. 33) CA Role & Compliance Manager 集成 CA Role & Compliance Manager (CA RCM) 是一个身份生命周期管理产品, 使用该产品可以快速准确地开发维护和分析角色模型该产品还提供了集中式的身份遵从策略控制, 并对与符合遵从性和安全需求有关的过程进行了自动化使用 CA RCM, 可执行以下操作 : 验证用户是否具有适当授权确保授予的权限符合安全策略监控身份管理控制的效率了解组织中存在哪些角色, 然后建立适合您的组织的角色模型随着业务的不断发展分析和维护该角色模型第 2 章 : CA Identity Manager r12.5 中的新功能 19

CA Role & Compliance Manager 集成 CA Identity Manager 与 CA RCM 以两种方式进行集成 : CA Identity Manager 连接器 CA Identity Manager 连接器对 CA Identity Manager 和 CA RCM 之间的基于角色的权限数据进行同步通过使用该连接器, 可以将数据从 CA Identity Manager 导入 CA RCM, 或将数据从 CA RCM 导出到 CA Identity Manager 注意 : 注意 : 有关 CA Identity Manager 连接器的详细信息, 请参阅 CA RCM Connector for CA Identity Manager Guide Smart Provisioning 将 CA Identity Manager 与 CA RCM 集成后, 还可以配置其他功能, 从而使您能够使用角色和遵从性信息 ( 位于角色模型中 ) 来支持身份管理日常操作在 CA Identity Manager 所作的更改会动态更新 CA RCM 中的角色模型 Smart Provisioning Smart Provisioning 是一个功能集, 它简化了 CA Identity Manager 与 CA RCM 集成后的配给角色分配功能包括 : 建议配给角色 CA Identity Manager 可向管理员提供一个适合分配给用户的配给角色列表配给角色列表是 CA RCM 根据管理员输入的条件确定的建议配给角色将确保用户具有正确的权限, 同时能够保持公司的角色模型策略验证 CA Identity Manager 管理员可以在提交更改之前根据 CA RCM 中的角色模型验证提议的更改提交更改前先进行验证有助于公司维护为其运作所定义的角色模型用户可以验证对配给角色的已建议更改 ( 对其分配或删除 ) 以及用户属性的更改 CA Identity Manager 执行两种类型的策略验证 : 遵从根据 CA RCM 角色模型来验证提议更改, 看这些更改是否违反 CA RCM 中明确的预先定义的业务策略规则模式将已建议更改和 CA RCM 角色模型作比较, 以查看这些更改是否有可能变为非模式 CA Identity Manager 也将确保这些更改不会明显改变该角色模型中已建立的模式您可以对 CA Identity Manager 进行配置, 使其在用户执行特定任务时自动执行验证, 或者让用户手工启动验证一旦 CA RCM 中已建立角色模型 ( 基于 Identity Manager 数据 ), 即可在 Identity Manager 环境中实施 Smart Provisioning 20 版本说明

CA Role & Compliance Manager 集成 Identity Manager 连接器 - 支持的端点在该版本中, Identity Manager 连接器支持以下端点其中某些端点是通过预定义的端点处理程序实现支持的, 就像 CA Identity Manager r12 一样, 而其他端点则使用在该版本中引进的可自定义的基于 xml 的端点处理程序端点支持资源备注 Unix (ETC) 可自定义处理程序 UNIXETC 组无已知限制 Windows (N16) Oracle 数据库 (ORA) 可自定义处理程序 NT 组更新限制用户软件包, 用户角色, 用户过程, 以及管理软件包导出局限于特定的端点规则 OS400 (AS4) 可自定义处理程序配置文件组和成员组用户必须具有主要组才能具有常规组必须首先配置主要组, 然后才能向用户添加常规组与之相似, 请首先删除所有常规组, 然后再删除主要组 Microsoft SQL 可自定义处理程序 DBAccess 和服务器角色要从帐户模板删除资源或删除用户, 请首先删除数据库访问权限 LDAP 注意 :LDAP 不是配给中所支持的连接程序类型可自定义处理程序组无已知限制 SAP 预定义处理程序授权和角色授权, 但用户 - 资源检索链接操作除外角色, 但下列操作之外 : 帐户模板 - 资源检索链接用户 - 资源检索链接 DB2 预定义处理程序索引, 架构, 表, 表空间, 以及视图已删除用户 - 资源更新链接用户 - 资源链接未导入第 2 章 : CA Identity Manager r12.5 中的新功能 21

CA Role & Compliance Manager 集成端点支持资源备注 Active Directory (ADS) 可自定义处理程序 Active Directory 组 CA RCM 帐户模板处理必须基于 AD 帐户策略或 AD 联系策略连接器仅能轮询和更新这些策略类型之一帐户模板仅应参考一个端点在数据导出期间, 连接器无法精确解析审核卡中的一些更改条目配置连接器时, 必须对于导出的每种数据类型都分配一个 DN 字段 Identity Manager 连接器 - 更新限制使用可自定义端点处理程序的端点数据的成功更新需要完全了解目标端点类型的数据结构语法和规则为了避免出现问题, 当您配置处理程序和定义数据映射时必须考虑端点类型规定的数据结构当您使用可自定义端点处理程序将更新发送给 CA Identity Manager 时, 经常会出现以下问题 : 目标端点限制 - Identity Manager 允许密码保护配置, 和端点和端点类型的其他验证限制这些限制可能会导致在 Identity Manager 上创建实体失败 CA RCM 在更新期间不会验证新实体的创建是否成功,CA RCM 连接器可能不会在日志中记录这些活动帐户模板 - 下列限制与 CA RCM 和 Identity Manager 如何处理资源端点和帐户模板有关 : 不要在 CA RCM 中重命名帐户模板重命名帐户模板时,CA RCM 会尝试通过删除现有模板并创建新的模板的方式来更新端点这会意外修改许多模板属性一个端点的资源更改会反映到同类型的所有端点中例如, 如果您删除了某个帐户模板中的管理权限资源, 并向某个特定的 Microsoft SQL Server 端点发送该模板的更新, 则该管理权限资源将从具有该资源的每个 Microsoft SQL Server 端点删除 CA RCM 不会验证某个 Identity Manager 帐户模板是否可用于某个目标端点或端点类型您必须首先确认该帐户模板可用, 然后再更新某个特定类型的端点 22 版本说明

CA Enterprise Log Manager 集成默认帐户模板 ( 被 CA RCM 参考为新帐户模板模型的 Identity Manager 帐户模板 ) 在静态配置文件中指定 CA RCM 不验证该设置, 也不检测该默认帐户模板是否已在 Identity Manager 中被删除或更改错误记录 - 在某些情况下, 更新期间的错误不会记录在连接器作业的日志文件中 CA Enterprise Log Manager 集成 CA Enterprise Log Manager 使用 CA Common Event Grammar (CEG) 将源自各种系统的事件映射为一个标准格式, 并储存所有事件以便进行复查和分析, 即使那些尚未映射的事件也会储存而且,CA Enterprise Log Manager 向用户提供了大量的解决方案, 用于管理和报告收集的数据以及使用可配置数据库查询和 / 或报告来搜索各种类型的信息和事件 CA Enterprise Log Manager 对于非管理系统以及超出 CA Identity Manager 能力和控制之外的系统提供了更好更宽和更深的洞察, 并且还能让您深入调查身份通过与 CA Identity Manager 进行集成, 您可以使用 Identity Manager 用户控制台查看 CA Enterprise Log Manager 用户控制台中的 CA Enterprise Log Manager 以身份中心的报告和 / 或动态查询在该用户控制台中, 您可以配置查看和修改现有 CA Identity Manager/Enterprise Log Manager 报告和 / 或查询的方式, 同时还能深入调查某个特定的身份 CA Enterprise Log Manager 报告默认情况下 CA Enterprise Log Manager 角色定义附带了以下 CA Enterprise Log Manager 报告 : 任务系统所有事件 ( 按用户 ) 调用报告 CA Identity Manager - 按用户 ID 筛选的系统所有事件帐户管理 ( 按主机 ) 帐户管理 ( 按主机 ) 帐户创建 ( 按帐户 ) 帐户创建 ( 按帐户 ) 帐户删除 ( 按帐户 ) 帐户删除 ( 按帐户 ) 帐户锁定 ( 按帐户 ) 帐户锁定 ( 按帐户 ) 认证过程活动 ( 按主机 ) 密码策略修改活动 CA Identity Manager - 过程活动 ( 按主机 ) CA Identity Manager - 策略修改活动第 2 章 : CA Identity Manager r12.5 中的新功能 23

Identity Manager 目录配置向导 Identity Manager 目录配置向导在该版本中提供了一个新的向导, 该向导将引导管理员完成为其 LDAP 用户存储或配给服务器创建 Identity Manager 目录的过程, 并且有助于减少配置错误启动该向导之前, 必须首先上载一个 Identity Manager LDAP 目录配置模板这些模板预先配置了一些常用属性和必需属性为您的 LDAP 用户存储或配给服务器输入连接详细信息之后, 可以选择 LDAP 属性映射常用属性, 以及为这些属性输入元数据完成属性映射时, 单击完成即可创建该目录帐户管理功能增强在用户控制台中, 您现在可以执行大多数帐户管理任务例如, 您现在可以执行下列操作 : 浏览端点的内容并关联其帐户, 您也可以选择要浏览的端点子集创建并修改端点, 以便可以在帐户模板中使用这些端点为所有端点创建并修改帐户模板管理端点上的各个帐户以便对其进行解锁将其分配给新用户, 或执行几项其他任务此外, 您现在可以使用管理控制台来定义端点类型您可以为该端点类型导入包含屏幕任务和角色的角色定义文件您可以定义的端点类型包括在 Connector Xpress 中创建的动态端点类型以前这些功能仅在配给管理器中提供需要配给管理器的端点类型您现在可以使用用户控制台来管理大多数端点类型, 但下列端点类型仍在配给管理器中进行管理 : Entrust PKI CA SSO CA EEM Novell Netware Ingres NSK Safeguard 24 版本说明

安装和升级功能增强安装和升级功能增强我们对 CA Identity Manager r12.5 安装程序进行了以下功能改善 : 安装 : 安装前先决条件检查现在所有连接器都是默认安装的升级 : 新的升级向导具有下列功能 : 发现已安装的 CA Identity Manager 组件提供已安装组件的版本信息指出组件是否是最新的, 或是否有可用升级升级先决条件检查提供配给组件安装程序的直接启动通过错误检查验证升级是否成功自动化 CA Directory 升级从 Ingres 技术转移至 DXGrid 技术自动化 Identity Manager 目录和环境迁移自动化任务持久性迁移 JDBC 驱动程序自动添加自动化 WorkPoint 工作流升级, 并且可以选择人工升级 ( 如果有必要 ) 自动化数据源升级新功能和帐户屏幕角色定义文件的自动化导入自动化的任务持久性无用单元收集和存档在该版本中, 管理员能够使用特定参数对作业进行排定和修改, 以便通过清除已提交的任务任务来清除和存档任务持久性数据库中的任务和事件信息, 以及根据需要删除这些周期任务在系统选项卡中, 可以通过选择清除已提交任务启动一个向导然后, 该向导将引导您完成设置和排定作业, 以及是否存档数据的过程必要时, 您还可以通过选择系统选项卡中的删除周期任务选择删除这些周期作业通过对任务进行排定以清理和存档任务数据, 可以大大降低性能问题或系统运行中断的可能性通过使用存档功能, 您可以首先将任务备份到存档数据库中, 然后再将其从运行时数据库删除如果您需要返回来查看这些删除的任务, 请选择查看提交的任务中的搜索存档复选框, 来搜索和查看所有已删除和存档任务的列表第 2 章 : CA Identity Manager r12.5 中的新功能 25

任务持久性迁移工具任务持久性迁移工具对于该版本, 增加了一个新的迁移工具, 用于将任务持久性数据库从 r8.1 SP2 或 r12 迁移到 r12.5 该命令行工具是 Identity Manager 管理工具的一部分, 位于以下位置 : admin_tools/tools/tpmigration admin_tools 的默认位置为 : Windows:< 安装路径 >/tools UNIX:< 安装路径 2>/tools Connector Xpress 增强在 Connector Xpress 中, 您现在可以执行以下操作 : 使用可多值 JDBC 连接器 - 一个表的多个列中的值可以填充一个属性值, 而不用使用一个列中的值使用 JDBC 结构化类和辅助类使用一个灵活的新映射过程, 其中包括一个类和属性映射树, 代替了以前的连续向导过程这是您能够根据需要添加和编辑属性指定任意两个对象类之间的直接关联指定对象之间的间接关联例如, 两个对象之间的关联是双向的且包含在一个第三方实体 ( 如表 ) 中, 该实体将保存对象之间的关联链接创建方法和脚本样式操作绑定将操作绑定到其他对象和类组合将两个或两个以上 opbinding 绑定到同一个计时, 即同一个操作用于同样的目标对象类例如, 您可以对于帐户对象类的 Before Add 操作具有两个或两个以上的 opbinding 26 版本说明

批加载程序允许多个操作批加载程序允许多个操作 CA Identity Manager 中的批加载程序功能现在使您能够为不存在的对象指定备选操作映射以前 CA Identity Manager 允许您选择针对主要对象执行的操作如果该主要对象不存在, 并且指定的操作是修改或删除, 则会出现错误此外, 如果您对一个已存在于 CA Identity Manager 中的主要对象指定创建操作, 也会出现错误在 CA Identity Manager r12.5 中, 如果主要对象不存在, 您可以选择执行备选的创建 ( 或自行创建 ) 操作角色和任务导入功能增强管理控制台现在提供了选择一个或多个预定义角色定义文件, 以便创建或更新 Identity Manager 环境时从可用文件列表进行导入的功能这样就大大减少了设置环境的配置步骤第 2 章 : CA Identity Manager r12.5 中的新功能 27

报告数据源预定义的角色定义文件会针对 CA Identity Manager 功能创建角色和任务, 其中包括 : Smart Provisioning Enterprise Log Manager 集成帐户管理注意 : 有关导入角色定义文件的详细信息, 请参阅 Configuration Guide 报告数据源在 CA Identity Manager r12.5 中可以为报告指定不同的数据源, 而不是快照数据库例如, 如果要访问审核信息, 现在您可以将审核数据库的连接信息提供给报告, 而报告将从审核数据库中获取其数据同样, 为数据源指定连接信息 ( 针对报告 ) 已经从管理控制台移至用户控制台 ( 位于系统, JDBC 连接管理下 ) 注意 : 有关报告的详细信息, 请参阅 Administration Guide 新的默认报告 CA Identity Manager 中添加了下列报告 : 报告说明源帐户详细信息显示帐户模板及其关联的配给角色端点类型端点和帐户的列表快照数据库管理显示管理员及其管理权限的列表快照数据库审核 - 分配 / 吊销配给角色显示配给角色事件的列表审核数据库审核 - 取消配给审核详细信息显示用户及其被取消配给帐户的列表显示任何核事件及其相关状态详细信息审核数据库审核数据库审核 - 未决批准任务显示待批准任务的列表审核数据库审核 - 重置密码显示某个特定的时间段已重置的用户密码的列表审核数据库 28 版本说明

工作流增强功能报告说明源端点详细信息显示所有端点类型端点和端点属性的列表快照数据库工作流增强功能 CA Identity Manager r12.5 包括了对于工作流功能的以下增强 WorkPoint 3.4.2 支持 CA Identity Manager r12.5 支持 Workpoint 3.4.2 以前的 CA Identity Manager r12 支持 Workpoint 3.3.2 基于策略的工作流通过基于策略的工作流, 可以根据规则评估将事件与工作流流程相关联这意味着, 与之前事件总是启动工作流流程不同, 仅当与该事件相关联的规则为真时, 工作流流程才会运行并生成工作项例如, 创建新组时, 您可以定义一个规则, 规定 : 仅当新组属于指定的父组织时才将 CreateGroupEvent 置于工作流控制之下并且创建工作项如果新组不属于该组织, 工作流流程则不会运行, 也不会创建任何工作项如果事件有多个规则, 那么与事件关联的所有工作流流程需要为要批准的事件获取批准与之相似, 如果与该事件相关联的某一个工作流流程被拒绝, 则该事件本身也会遭到拒绝工作流规则可以被赋予优先级值, 以便确定规则评估和工作流执行的顺序所有的默认 Identity Manager 工作流模板和预定义流程都支持工作流规则另外, 还可以创建自定义工作流流程以便与工作流规则一起使用注意 : 有关基于策略的工作流详细信息, 请参阅 Administration Guide 第 2 章 : CA Identity Manager r12.5 中的新功能 29

工作流增强功能工作流作业视图在该版本中, 您现在可以通过以下内容在用户控制台中查看任务和事件级工作流的 Workpoint 作业的运行时状态图形表示 : 批准任务查看提交的任务您还可以查看模板和旧式流程定义在新环境中, 批准任务默认包括查看作业选项卡只有对于在本版本中创建的事件或任务, 您才能在查看提交的任务中查看其作业映像对于在早期版本中创建的事件, 不能查看其作业映像 30 版本说明

查看提交的任务功能增强查看提交的任务功能增强查看提交的任务选项卡现在将显示由于 Identity Manager 用户控制台发起的操作而导致的更改相关信息例如, 当管理员在用户控制台中将配给角色分配给用户时, 查看提交的任务将显示哪些帐户创建成功可能已经发生的任何错误或失败的相关信息这些信息出现在事件详细信息屏幕的相关任务部分中下列的示例显示了一个分配用户配给角色事件的事件详细信息屏幕 : 注意 : 有关查看提交的任务选项卡的详细信息, 请参阅 Administration Guide 配置文件屏幕增强在 CA Identity Manager r12.5 中, 配置文件选项卡包括了几个新配置设置以支持新功能这些新设置将在以下各部分中进行说明确认字段 CA Identity Manager r12.5 现在支持确认字段, 您可以使用配置字段来验证配置文件屏幕上的两个字段值是否匹配例如, 确认密码和确认电子邮件就是两个确认屏幕注意 : 有关详细信息, 请参阅 User Console Design Guide 第 2 章 : CA Identity Manager r12.5 中的新功能 31

对 Microsoft Visual Studio 2008 的支持动态字段显示 CA Identity Manager 可以根据配置文件屏幕中其他字段的值, 来设置某些特定的字段显示属性使用 JavaScript, 您可以隐藏和显示某个字段, 或者启用和禁用某个字段例如, 如果员工类型设置为临时, 则可以使用 JavaScript 显示代理字段如果员工类型为全职或兼职, 则隐藏代理字段注意 : 有关使用该功能的信息, 请参见 User Console Design Guide 新对象选择器字段样式 CA Identity Manager r12.5 为配置文件屏幕上的字段包括了一个新的对象选择器样式选项该选项会显示一个控件, 管理员可以使用该控件来搜索并选择管理对象该样式通常用于帐户管理屏幕注意 : 有关使用该功能的信息, 请参见 User Console Design Guide 对 Microsoft Visual Studio 2008 的支持 CA Identity Manager 完全支持 Microsoft Visual Studio 2008 SP1 这意味着对于针对以前版本的 CA Identity Manager( 支持 Microsoft Visual Studio 2003) 编写的所有自定义代码, 必须使用 Visual Studio 2008 SP1 重新编译受影响的自定义代码可能包括以下内容 : C++ 自定义连接器 Java 自定义连接器的配给管理器插件公共程序出口 Universal Provisioning Option (UPO) 程序出口 Pluggable Authentication Module (PAM) DLL Universal Feed Option 程序出口身份策略功能增强您可以为策略集创建成员规则, 以便策略集仅适用于某些用户在评估集中的身份策略之前评估该规则, 这可以节省不少时间例如, 如果成员规则限制的身份策略评估为用户的 10%, 那么该规则将会节省 90% 的评估时间 32 版本说明

配给角色所有者任务配给角色所有者任务在用户控制台中, 可以使用一个新任务 : 创建配给角色的所有者策略您可以选择一个或多个配给角色, 然后分配所有者策略以便控制有权修改角色的用户该任务是重置配给角色所有者任务的备选, 后者一次只能针对一个角色使用第 2 章 : CA Identity Manager r12.5 中的新功能 33

第 3 章 : CA Identity Manager r12.5 SP1 中现有功能的更改此部分包含以下主题 : 包括在角色定义文件中的其他对象 (p. 35) 现在在安装过程中部署本地化文件 (p. 35) 增强的工作项指派 (p. 35) 增强的动态确定程序 (p. 36) 新任务重现模型 (p. 36) 包括在角色定义文件中的其他对象现在使用角色定义文件将以下其他对象导入和导出 : Policy Xpress 策略批量任务定义电子邮件通知策略反向 ( 新建和修改 ) 帐户策略现在在安装过程中部署本地化文件在 CA Identity Manager 的先前版本中, 可用于显示不同语言的 CA Identity Manager 的翻译资源绑定示例可以从管理工具中获取现在默认情况下, 会安装这些已翻译的资源绑定注意 : 有关创建本地化版本的 CA Identity Manager 的详细信息, 请参阅 User Console Design Guide ( 用户控制台设计指南 ) 增强的工作项指派在以前版本中, 您可以指定指派的开始时间, 但不能指定结束时间新创建的指派则将其指派日期均设置为真, 其中默认开始日期设置为现在修改时, 开始和结束日期均可更改默认结束时间是从开始日期起一周另外, 您还可以在创建或修改用户时, 从指派工作项选项卡执行同样操作第 3 章 : CA Identity Manager r12.5 SP1 中现有功能的更改 35

增强的动态确定程序增强的动态确定程序动态确定程序已得到增强, 将上一批准人添加到所支持的对象列表中如果选择了存储管理者信息的物理属性, 该配置则会将批准路由给管理者将上一批准人添加到确定程序的支持对象列表中实现动态确定程序与升级批准流程的结合使用因为所做的修改只是为了与升级批准流程一起使用, 所以不会单独列出真正执行批准的人员对于标识为当前作业上一工作项批准人的所有用户, 都会检查所请求的信息 ( 管理者 UID 等 ) 标识进行此检查的所有个人都是当前工作项 ( 升级 ) 的批准人新任务重现模型新的全局重现模型可用于执行浏览和关联任务和捕获快照数据任务新模型充当向导, 有以下两个步骤 : 1. 重现 - 允许您排定任务或立即执行任务 2. 任务 - 允许您指定任务参数注意 : 有关新重现模型的详细信息, 请参阅 Administration Guide ( 管理指南 ) 中的 Recurrence Tab ( 重现选项卡 ) 36 版本说明

第 4 章 :CA Identity Manager r12.5 中现有功能的变化此部分包含以下主题 : 快照数据库性能提高 (p. 37) 快照参数 XML 文件增强 (p. 37) 连接管理 (p. 38) 环境导出包括其他对象 (p. 38) CA Identity Manager 累积版本 (CR) 中的修补程序和增强 (p. 38) Active Directory 连接器现在支持 Win2003 R2 UNIX 属性 (p. 38) 端点类型属性映射文件移动 (p. 39) 默认 CleverPath 报告模板被删除 (p. 39) 已弃用的配给 SDK 和实用程序 (p. 39) 不再支持 irecorder (p. 40) Web 服务对于新环境中的所有任务均为禁用状态 (p. 41) 快照数据库性能提高将数据导出到快照数据库时, 性能得以很大提高要进一步改善性能, 请使用针对特定数据需求的快照参数 XML 文件, 如针对用于生成端点帐户报告的 Identity Manager 对象快照参数 XML 文件增强导出端点对象时, 现在可以使用 <exportattr> 和 <objattr> 元素来定义将与某个特定端点类型一起导出的帐户属性, 如下所示 : <exportattr objecttype="endpoint_type"> <objattr name="description"/> <objattr name="fullname"/> <objattr name="lastlogin"/> </exportattr> 第 4 章 : CA Identity Manager r12.5 中现有功能的变化 37

连接管理连接管理连接管理在 CA Identity Manager 中被替换为 JDBC 连接管理通过 JDBC 连接管理, 可以指定用于在 Identity Manager 中进行报告的备用数据源该功能允许您为不同的数据库提供连接详细信息, 并将其归为各种连接类型另外, 对于每种连接类型还可以指定一个默认连接重要说明! 由于性能方面的原因, 我们建议您不要使用 Identity Manager 对象存储数据库作为生成报告的数据源环境导出包括其他对象下列环境特定的管理对象现在将与角色和任务一起导出 : 连接 ( 包括 CA RCM 的连接对象,CA Enterprise Log Manager 和报告 ) 快照定义导出和关联定义如果导出包括具有 attributelevelencrypt 或 sensitive 数据分类的属性, CA Identity Manager 则会在导出的文件中加密这些属性 CA Identity Manager 累积版本 (CR) 中的修补程序和增强 CA Identity Manager r12.5 包括 CA Identity Manager r12 CR 1-6 中的修补程序和增强 Active Directory 连接器现在支持 Win2003 R2 UNIX 属性通过 Windows 2003 R2 UNIX 扩展与 CA Access Control UNIX 身份验证代理的结合, 您可以使用 Active Directory 来管理 UNIX 计算机和帐户 CA Identity Manager 会通过在 Active Directory 上填充这些属性来配给 UNIX 访问权限, 而不是配给每个 UNIX 服务器这样就大大简化了 UNIX 环境的配给和身份管理注意 : 该功能自从 CA Identity Manager r12 就已经合并, 仅在配给管理器中可用 38 版本说明

端点类型属性映射文件移动端点类型属性映射文件移动在 CA Identity Manager r12 中, 用于将 Identity Manager 扩展到 JIAM 属性的属性映射文件位于 IdentityMinder.ear\custom\provisioning\im2jiammapping 在 CA Identity Manager r12.5 中, 这些属性映射文件已经移到了各自的端点类型 jar 中这些 JAR 文件位于 IdentityMinder.ear\user_console.war\WEB-INF\lib 默认 CleverPath 报告模板被删除 CA Identity Manager r12.5 中删除了默认 CleverPath 报告模板支持 CA Identity Manager 现在支持 Business Objects Report Server CA Identity Manager r12.5 包括一系列用于 Business Objects Report Server 的报告模板有关详细信息, 请参见 Administration Guide 中的报告相关章节注意 : 您可以使用 Crystal Reports Developer 创建自定义报告模板, 该产品可从 Business Objects 购买已弃用的配给 SDK 和实用程序下列配给服务器 SDK 和接口在 CA Identity Manager r12.5 SP1 中已弃用 ; 然而, 它们仍然能够按照文档所描述的那样继续运行要使用 C++ 连接器 SDK 和 JIAM SDK, 请下载和安装 CA Identity Manager 12.5 SP1 旧版组件包其中包括 Programming Guide for Provisioning, 该指南描述了这些 SDK C++ 连接器 SDK 通过该 SDK 可以编写自定义静态 C++ 连接器现有的 C++ 连接器将继续用于 CA Identity Manager r12.5 SP1 注意 : 应当使用 Java 连接器 SDK 开发新的连接器, 如 Programming Guide for Java Connector Server 中所述 Java Identity and Access Management (JIAM) SDK JIAM SDK 在 CA Identity Manager 的先前版本中提供以下功能 : 配给服务器的 Java 接口开发自定义客户端应用程序的配给服务器功能抽象一个为多个客户端提供身份和访问管理功能访问权限的统一接口之所以弃用该 API, 是因为它只能提供对于部分 CA Identity Manager 功能的访问第 4 章 : CA Identity Manager r12.5 中现有功能的变化 39

不再支持 irecorder 该功能已被以下 CA Identity Manager 12.5 功能代替 : 用户控制台中的管理任务您可以使用管理任务对 Identity Manager 管理的大部分对象进行操作任务执行 Web 服务 (TEWS) CA Identity Manager 任务执行 Web 服务 (TEWS) 是一个 Web 服务接口, 使得第三方客户端应用程序将远程任务提交给 CA Identity Manager 进行执行该接口实施 WSDL 和 SOAP 开放标准, 从而提供对 CA Identity Manager 的远程访问管理对象接口 CA Identity Manager 为管理对象提供了多个接口, 可通过 CA Identity Manager 应用程序接口来访问有关管理任务的详细信息, 请参阅 Administration Guide 有关 TEWS 和管理对象接口的详细信息, 请参阅 Programming Guide for Java etautil 使用 etautil 批处理实用程序可执行与配给管理器同样的任务, 只是它是基于命令行界面的 etautil 实用程序是所安装 r12.5 SP1 软件的一部分此内容在 Provisioning Reference Guide 中说明该功能已被任务执行 Web 服务 (TEWS) 代替, 这部分内容位于 Programming Guide for Java Universal Provisioning Connector (UPC) UPC 为 Identity Manager 提供了一个机制, 用于在收到用户配给请求时调用用户指定的外部程序它使用程序出口来发送关于非管理系统 ( 非管理模式 ) 的报警, 以便管理员可以手动执行请求并更新帐户请求状态它还以同步模式 ( 管理模式 ) 使用出口, 以便提供对于远程端点类型的直接管理接口不再支持 irecorder CA Identity Manager r12.5 中不再支持 irecorder irecorder 功能已替换为 CA Enterprise Log Manager 40 版本说明

Web 服务对于新环境中的所有任务均为禁用状态 Web 服务对于新环境中的所有任务均为禁用状态从 CA Identity Manager 12.5 开始, 在环境创建期间通过使用选择默认角色选项创建的新任务, 或者通过导入可选角色定义插件创建的新任务, 在默认情况下会将 Web 服务设置为 false 在以前的 CA Identity Manager 版本中, 在默认情况下所有任务的 Web 服务都是启用的升级到 CA Identity Manager 12.5 之后, 以前启用了 Web 服务的现有环境中的任务, 将继续启用 Web 服务, 因为它们是以前版本的如果现有环境应用任何升级角色定义插件, 这些新的 12.5 任务在默认情况下会将 Web 服务标志设置为 false 第 4 章 : CA Identity Manager r12.5 中现有功能的变化 41

第 5 章 : 安装注意事项此部分包含以下主题 : 支持的升级路径 (p. 43) 将 ADAM 2008 作为用户存储 (p. 43) JBoss Enterprise Application Platform 4.2 上的其他安装步骤 (p. 44) 要求 Solaris 修补程序 (p. 44) Solaris 最低内核参数 (p. 44) 非 ASCII 字符会导致非英语系统上的安装失败 (p. 45) IPv6 支持 (p. 45) Windows 2008 上带有纯 IPv6 的配给目录不受支持 (p. 46) Linux 上的配给目录安装 (p. 47) 使用 WebLogic 时 Identity Manager EAR 不自动部署 (p. 47) 防火墙阻止 Windows 2008 SP2 部署中与 Identity Manager 组件的通信 (p. 47) Linux 64 位上的 CA Identity Manager 与 SiteMinder 连接错误 (p. 48) 支持的升级路径以下是针对到 CA Identity Manager r12.5 SP1 的升级有支持路径的产品和版本列表 : CA Identity Manager r8.1 SP2 CA Identity Manager r12 CA Identity Manager r12 Option Pack 1 CA Identity Manager r12.5 注意 : 不支持从 ACE 到 r12.5 SP1 的升级如果在群集环境中升级 CA Identity Manager, 请确保在开始升级过程之前查看 Upgrade Guide 总目录中有 Upgrade Guide, 您可以从 CA 支持站点下载将 ADAM 2008 作为用户存储如果您使用 ADAM 2008 作为 Identity Manager 用户存储, 且将 CA Identity Manager 与 SiteMinder 集成, 则需要 SiteMinder r6.0 SP6/r6.x QMR6 第 5 章 : 安装注意事项 43

JBoss Enterprise Application Platform 4.2 上的其他安装步骤 JBoss Enterprise Application Platform 4.2 上的其他安装步骤在 JBoss Enterprise Application Platform (EAP) 4.2 上安装 CA Identity Manager r12.5 SP1 之后, 在您启动 Identity Manager 服务器之前请修改 JBoss 部署说明注意 : 有关完整说明, 请参阅 CA 支持站点上的技术说明 (TEC509570) 如果您不修改部署说明, 则可以安装 CA Identity Manager 并创建环境, 但是尝试登录该环境会失败要求 Solaris 修补程序在 Solaris 9 或 10 上安装配给软件之前, 请下载并安装所需的修补程序为配给 SDK 下载 Sun Studio 10 修补程序 1. 转到以下 URL: http://developers.sun.com/prodtech/cc/downloads/patches/ss10_patches.html 2. 下载并安装修补程序 117830 注意 :Sun Studio 11 不需要修补程序为所有配给组件下载 Solaris 9 修补程序 1. 转到以下 URL: http://search.sun.com/search/onesearch/index.jsp 2. 下载并安装 9_recommended.zip Solaris 最低内核参数在 Solaris 上安装配给服务器时, 检查 /etc/system 并验证下列最小 IPC 内核参数值 : set msgsys:msginfo_msgmni=32 set semsys:seminfo_semmni=256 set semsys:seminfo_semmns=512 set semsys:seminfo_semmnu=256 set semsys:seminfo_semume=128 set semsys:seminfo_smmsl=128 set shmsys:shminfo_shmmni=128 set shmsys:shminfo_shmmin=4 44 版本说明

非 ASCII 字符会导致非英语系统上的安装失败非 ASCII 字符会导致非英语系统上的安装失败在 CA Identity Manager 安装过程中, 安装程序会将文件提取到一个 Temp 目录中在某些本地化系统中, 该 Temp 目录的默认路径包含非 ASCII 字符例如, 在西班牙语 Windows 系统上,Temp 目录的默认路径如下所示 : C:\Documents and Settings\Administrador\Configuración local\temp 非 ASCII 字符会导致安装程序显示空白的安装前摘要页面, 这会导致安装失败变通方法将 TMP 环境变量更改为指向仅包含 ASCII 字符的文件夹 IPv6 支持 CA Identity Manager 将在下列操作系统上支持 IPv6: Solaris 9 或更高版本 Windows XP SP2 或更高版本 Windows 2003 SP2 或更高版本 Windows 2008 或更高版本注意 :Java 连接器服务器不支持 Microsoft Windows 平台上的 IPv6 截止到 CA Identity Manager r12.5 SP1 的发布时间, 没有可用于 IPv6 的 JDK 如果发布了可用于 IPv6 的 JDK, 则将在 CA 支持站点上更新 CA Identity Manager 支持表 IPv6 JDK 要求需要以下 JDK 支持 IPv6: 应用程序服务器 JDK 要求 JBoss ( 独立 ) JDK 1.5 JBoss 群集使用 IPv4/IPv6 堆栈 JBoss 群集 JDK 1.5 仅 JDK 1.5 for Solaris WebLogic JDK 1.5 注意 : 对于 Windows, 没有 JDK 可用来与 IPv6 合作如果发布了可用于 IPv6 的 JDK, 则将在 CA 支持站点上更新 CA Identity Manager 支持表第 5 章 : 安装注意事项 45

Windows 2008 上带有纯 IPv6 的配给目录不受支持 WebSphere 至少 JDK 1.5 SR9 IPv6 配置注意事项配置支持 IPv6 的 Identity Manager 环境之前请注意以下内容 : 要使得 CA Identity Manager 能够支持 IPv6 地址,CA Identity Manager 实施中的所有组件 ( 包括操作系统 JDK 目录服务器和数据库 ) 也必须支持 IPv6 地址如果 CA Identity Manager 与 SiteMinder 进行集成, 则用于应用程序服务器的 Web 服务器插件也必须支持 IPv6 使用 JDBC 连接从 CA Identity Manager 连接 SiteMinder 或任何数据库时, 请指定主机名而不要指定 IP 地址报告服务器可以安装在双堆栈主机上 ( 支持 IPv4 和 IPv6), 但与该服务器的通信必须是 IPv4 在管理控制台中配置报告服务器连接时, 服务器名称须为 IPv4 格式 CA Identity Manager 不支持 IPv6 链接本地地址在 IPv4/6 环境中, 如果要将 CA Directory DSA 配置为侦听多个地址, 则必须将附加地址添加到 DSA 知识文件中有关详细信息, 请参阅 CA Directory 文档 Windows 2008 上带有纯 IPv6 的配给目录不受支持由于某个 Sun Java 系统限制, 不支持在卸载了 IPv6 网络服务的 Windows 2008 服务器上安装配给目录要规避该问题, 请在该系统上安装 IPv6 服务并将其保持禁用状态 46 版本说明

Linux 上的配给目录安装 Linux 上的配给目录安装如果您在 Linux 系统上安装配给目录, 即使打算在该系统上使用 IPv4, 系统也会自动使用 IPv6 地址所有 DSA 正在运行, 但是在您尝试通过 Jxplorer 连接到 DSA 或安装配给服务器时, 拒绝连接错误可能出现在 Linux 上禁用 IPv6 1. 在配给目录安装之前, 请遵循 Red Hat 知识库文章中的步骤禁用 LINUX 上的 IPv6 2. 请确保 /etc/hosts 没有针对该地址的条目 : 127.0.0.1 hostname 使用 WebLogic 时 Identity Manager EAR 不自动部署如果在生产模式中使用 WebLogic 9 或 WebLogic 10, 则安装或升级 Identity Manager EAR 后首次启动该应用程序服务器时,Identity Manager EAR 可能不会自动部署如果出现此种情况, 请从 user_projects\applications 文件夹中手工部署 IdentityMinder.ear 防火墙阻止 Windows 2008 SP2 部署中与 Identity Manager 组件的通信在 Windows 2008 SP2 部署的安装期间, 与 Identity Manager 组件 ( 如配给服务器 Java 连接程序服务器和 C++ 连接程序服务器 ) 的通信由防火墙阻挡变通方法添加端口异常或禁用 Windows 防火墙以在 Windows 2008 SP2 部署中访问分布式 Identity Manager 组件第 5 章 : 安装注意事项 47

Linux 64 位上的 CA Identity Manager 与 SiteMinder 连接错误 Linux 64 位上的 CA Identity Manager 与 SiteMinder 连接错误选择连接到 SiteMinder 时, 安装程序使用 Linux 64 位上的 CA Identity Manager 报告错误 SiteMinder 中必要的代理配置不正确注意 :SiteMinder 策略服务器可以在任何硬件 / 软件上且没有关联重要说明! 在部署任何目录 / 环境之前执行变通方法步骤变通方法 1. 请记住您在安装期间提供的代理名称和密码另外, 您可以读取以下 AgentName 属性值 : \IdentityMinder.ear\policyserver.rar\META-INF\ra.xml 2. 打开 SiteMinder WAM 用户界面, 并且使用代理名称创建代理验证您是否选中 4.x 代理复选框 3. 启动应用程序服务器, 并验证您没有发现策略服务器连接问题您应当查看行中没有任何异常, 如下所示 : 13:40:43,156 WARN [default] * Startup Step 2 : Attempting to start PolicyServerService 48 版本说明

第 6 章 : 已知问题此部分包含以下主题 : 常规 (p. 49) 升级 (p. 54) 报告 (p. 59) 配给 (p. 62) 常规下面是 CA Identity Manager r12.5 SP1 中的常规已知问题数据库未启动时 Identity Manager 以失败状态启动如果在您启动 Identity Manager 服务器时 CA Identity Manager 所需要的运行时数据库未启动,CA Identity Manager 则不管怎样都会尝试初始化, 并保持失败状态搜索大用户存储时, 可能发生内存不够错误针对大用户存储执行通配符 (*) 搜索时, 该任务可能会失败, 并出现 java.lang.outofmemoryerror: Java heap space 错误将许多对象 ( 如用户 ) 加载到内存时, 就会发生该问题变通方法增加应用程序服务器启动脚本中的堆设置考虑将堆大小增加到 1000 MB 分配值,1400 MB 最高值批加载程序工作流限制默认情况下 CA Identity Manager 目前不支持批加载程序的事件级工作流过程变通方法您可以为批加载程序启用任务级工作流, 然后使用常规的批准任务来实现同样的功能第 6 章 : 已知问题 49

常规创建带有配给的环境之后重新启动 CA Identity Manager 创建了包括配给的环境之后, 请重新启动 CA Identity Manager 安装于的应用程序服务器如果您在不重新启动应用程序服务器的情况下启动该环境, 则正如 Configuration Guide 中所描述的那样, 该环境不会注册到配给服务器如果该环境不包括配给, 则可以在不重新启动应用程序服务器的情况下启动该环境 JBoss 上的良性 JSF RI 错误在 JBoss 上实施 JSF RI 时, 应用程序服务器日志中会出现以下错误 : ERROR [org.apache.myfaces.shared_impl.config.myfacesconfig] Both MyFaces and the RI are on your classpath. 请确保仅使用两个 JSF 实施之一这是一个良性错误, 不需要修复 50 版本说明

常规 CA Identity Manager 连接器需要连接器配置更改默认情况下附带的 CA Identity Manager 连接器是 r12 连接器, 与 r12.5 SP1 不兼容因此, 需要下列连接器配置更改 : SourceName: 代理计算机上的数据源名称 - imsauditevent12 AnchorSQL:select max(id) from imsauditevent12 AnchorField:IMS_EVENTID EventSQL: select imsauditevent12.id as IMS_EVENTID,imsauditevent12.audit_time as IMS_AUDITTIME,imsauditevent12.envname as ENVNAME,imsauditevent12.admin_name as ADMINUNIQUENAME,imsauditevent12.admin_dn as ADMINID,imsauditevent12.tasksession_oid as TRANSACTIONID,imsauditevent12.event_description as EVENTINFO,imsauditevent12.event_state as EVENTSTATE,imsauditevent12.tasksession_oid as TASKOID,imsaudittasksession12.task_name as TASKNAME,imsauditeventobject12.object_type as OBJECTTYPE, imsauditeventobject12.object_name as OBJECTUNIQUENAME,imsauditobjectattributes12.attribute_na me as ATTRNAME,imsauditobjectattributes12.attribute_oldvalue as ATTROLDVALUE,imsauditobjectattributes12.attribute_newvalue as ATTRNEWVALUE,imsauditobjectattributes12.attribute_newvalu e as ATTRVALUE from imsaudittasksession12, imsauditevent12, imsauditeventobject12, imsauditobjectattributes12 where imsauditevent12.id >? and imsauditevent12.tasksession_id = imsaudittasksession12.id and imsauditevent12.tasksession_oid = imsaudittasksession12.tasksession_oid and imsauditeventobject12.parent_event_id = imsauditevent12.id and imsauditobjectattributes12.parent_object_id = imsauditeventobject12.id ORDER BY imsauditevent12.id ASC; 注意 :CA Enterprise Log Manager Identity Manager 连接器仅在 Windows 系统上运行配给角色名称更改不会在 CA RCM 中动态更新如果在 CA Identity Manager 中重命名某个配给角色, 该名称更改不会通过动态通知与 CA RCM 进行交流这可能会影响建议角色功能以及遵从性和策略验证变通方法使用 Identity Manager 连接器将 Identity Manager 数据导入到 CA RCM 第 6 章 : 已知问题 51

常规在特定部署中创建新环境时的未找到错误如果 CA Identity Manager 与 CA SiteMinder 6.0.5 CR 31 或更高版本进行了集成, 则当用户试图浏览某个新环境 URL 时, 可能会显示错误 404 - 未找到该问题是由于策略服务器中的高速缓存问题引起的变通方法要解决该错误, 请执行以下步骤 : 对于 Windows: 1. 在 SiteMinder 注册表中添加一个关键字 : a. 导航到 \\HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\Siteminder\ CurrentVersion\ObjectStore b. 添加带有以下设置的 ServerCmdMsec 键 : 类型 :DWORD 值 :1 c. 重新启动策略服务器 2. 重新启动应用程序服务器 3. 关闭所有浏览器实例然后, 使用新浏览器实例来访问该环境 URL 对于 Solaris: 1. 向 <CA_HOME folder>/netegrity/siteminder/registry/sm.registry 文件添加一行 ServerCmdMsec= 0x1 REG_DWORD 2. 重新启动策略服务器 3. 重新启动应用程序服务器 4. 关闭所有浏览器实例然后, 使用新浏览器实例来访问该环境 URL CA RCM 日志中的良性错误当 CA RCM 服务器收到来自 CA Identity Manager 的创建或修改用户或角色的请求时, 在 CA RCM 服务器日志中会显示以下错误 : ERROR [Call] No returntype was specified to the Call object! You must call setreturntype() if you have called addparameter(). 该错误是良性的, 可以安全忽略这些更改会在 CA RCM 中成功执行 52 版本说明

常规在 Identity Manager 中修改单值复合属性如果在 CA Identity Manager 修改动态端点的单值复合属性, 请仅指定一个值如果指定多个值, 现有值将被清除, 并且不会为属性提供值在配给管理器中不会发生这个问题 Linux 系统的 WebSphere 中的工作流启动问题如果将 LANG 在 Linux 系统上设置为 xxxutf-8, 在工作流启动过程中则可能出现 sun.io.malformedinputexception 错误在 Linux 的 WebSphere 中会有此类情况有关该错误的详细信息, 请参阅以下内容并且搜索 sun.io.malformedinputexception: http://www.ibm.com/developerworks/java/jdk/linux/142/runtimeg uide.lnx.en.html 变通方法 : 请在启动应用程序服务器之前将 LANG 变量设置为非 UTF8 ( 例如, 设置成 en_us 而不是 en_us.utf-8), 或者在用户配置文件中设置该变量例如 : [root@linux bin]# echo $LANG en_us.utf-8 [root@linux bin]# LANG=en_US [root@linux bin]# export LANG [root@linux bin]# echo $LANG en_us [root@linux bin]#./startserver.sh server1 在工作流批准屏幕上突出显示为已更改的属性在批准屏幕上, 即使管理员没有在原始任务中更改其他属性, 他们也可能突出显示为已更改这是因为屏幕可以包含脚本, 这些脚本可以更改包含在该屏幕中的各种属性值, 针对某些其他属性的更改作为屏幕初始化或屏幕验证的一部分第 6 章 : 已知问题 53

升级建议在导入角色定义文件时其他选项卡存在于环境中时出错症状 : 我使用 Connector Xpress 生成 CA Identity Manager 用户控制台帐户屏幕, 且在我把角色定义文件导入 CA Identity Manager 时, 收到一条错误消息 :Identity Manager 环境中存在具有相同名称的其他选项卡解决方案 : 将关联类型属性放置在相同选项卡时, 角色定义生成器试图以相同的名称创建两个选项卡例如, 将关联属性成员和成员置于相同选项卡时我们建议, 在您将角色定义文件导入 CA Identity Manager 环境之前, 将关联类型属性置于 Connector Xpress 的独立选项卡上升级下面是与 CA Identity Manager r12.5 SP1 升级相关的一些问题将群集从 CA Identity Manager r12 CR6 或更高版本进行升级时的问题如果将群集从 CA Identity Manager r12 CR6 或更高版本升级为 CA Identity Manager r12.5 SP1, 该升级可能会由于安装文件中的一些群集属性被清除而失败变通方法升级之前请验证 im-installer.properties 文件中是否存在下列属性 : WebSphere: 检查群集名称是否填充到了 DEFAULT_WAS_CLUSTER 中如果没有, 请手动添加 WebLogic: 检查群集名称是否填充到了 DEFAULT_BEA_CLUSTER 中如果没有, 请手动添加注意 : 该问题不影响 JBoss 群集默认情况下, 安装文件位于以下位置 : Windows:C:\Program Files\CA\CA Identity Manager\install_config_info\im-installer.properties Unix: /opt/ca/ca_identity_manager/install_config_info/im-installer.pr operties 54 版本说明

升级升级之后重新映射 DYN 端点属性如果有在 r8.1sp2 或 r12 中创建的现有 DYN 命名空间, 那么您必须执行以下额外步骤以从 Identity Manager 用户控制台启用帐户管理变通方法使用 Connector Xpress 将任何 DYN 端点属性重新映射到帐户屏幕, 如下所示 : 1. 升级之后, 在 Connector Xpress 中打开旧的 DYN JDBC 项目 2. 将这些属性重新映射到帐户屏幕 3. 重新部署元数据 4. 运行角色定义生成器 5. 将相应的文件复制到应用程序服务器 6. 重新启动 CA Identity Manager 注意 : 有关使用 Connector Xpress 映射端点属性的详细信息, 请参阅 Connector Xpress Guide CA Directory 升级消息问题升级 CA Directory 时, 安装程序可能会请您关闭 cmd.exe, 但升级时要使用 cmd.exe 如果您遇到该消息, 请单击忽略并且继续升级基于 WebLogic 9.2.1 升级时的错误基于 WebLogic 9.2.1 从 CA Identity Manager r12 进行升级时, 可能会发生以下错误 : Unable to deploy EJB: C:\bea\user_projects\domains\base_domain\applications\Identi tyminder.ear\wpserver.jar from wpserver.jar: Unable to load a class specified in your ejb-jar.xml: com.workpoint.server.ejb.schemapvthome. Error while parsing the Tag Library Descriptor at "C:\bea\user_projects\domains\base_domain\servers\AdminSer ver\tmp\_wl_user\identityminder\wfq3pk\war\web-inf\lib\sta ndard.jar!/meta-inf/c-rt.tld". 第 6 章 : 已知问题 55

升级变通方法 1. 删除 WL_User 临时文件夹, 例如, domains\base_domain\servers\adminserver\tmp\_wl_user 注意 : 对于 WebLogic 群集, 需要清除每个管理节点上的缓存要清除的缓存位置为 WebLogic_folder\ common\nodemanager\servers\server\tmp\ _WL_user 2. 编辑位于 C:\bea\user_projects\domains\base_domain\bin 的 setdomainenv.cmd 文件并添加下列行 : set IDM_OPTS= %IDM_OPTS% -Djavax.xml.stream.XMLInputFactory=weblogic.xml.stax.XMLStreamInputFactor y 3. 重新启动应用程序服务器环境迁移错误如果您要从 CA Identity Manager r8.1 SP2, 或 r12 CR1 CR2 或 CR3 进行升级, 则在导入环境时可能会看到以下错误 : Attribute "accumulateroleeventsenabled" is not allowed to appear in element "Provisioning". 变通方法打开导出的 Env.zip 中的 envsettings.xml 文件, 将 accumulateroleeventsenabled 更新为 acumulateroleeventsenabled ( 删除 accumulate 中的第二个 c ) 升级 CA Directory 之前必要的修复要升级 Windows 系统上的 CA Directory, 必须在开始升级过程之前为 CA Directory 应用许可补丁程序如果不应用修补程序, 则升级过程可能会删除其他 CA 产品所需的许可文件可以在 CA 支持站点下载补丁程序查找补丁程序 1. 登录 support.ca.com 将打开 CA 支持站点 2. 单击该页面左侧的链接列表中的 Licensing 56 版本说明

升级 3. 单击 License Package 1.8 is Now Available 将打开一个说明许可包更改的页面, 其中包括下载许可包的链接 4. 按照说明下载并安装 Windows 补丁程序注意 : 如果计划手动卸载 etrust Directory r8, 也需要该补丁程序用于 z/os 连接器的升级后步骤由于性能原因, 已重新设计了 z/os 连接器 (CA ACF2 CA Top Secret 和 RACF) 的架构, 现在可以使用 CA LDAP Server for z/os 来替代 CA DSI Server on z/os 尝试配置任何 z/os 连接器之前, 必须安装 CA LDAP Server for z/os r12 ( 可从 support.ca.com 上下载 ) 升级到 CA Identity Manager r12.5 SP1 之后, 请对定义到系统的每个端点执行以下操作 : 1. 在对象类型中选择端点 CA ACF2 CA Top Secret 或 RACF 2. 单击搜索按钮右键单击端点, 然后选择属性填写以下信息 : 在大型机服务器信息部分中 : IP 地址 / 计算机名称指定配置和运行 CA LDAP 服务器所在的 RACF 管理系统的 IP 地址 LDAP 端口指定在安装 CA LDAP Server for z/os 时指定的端口号如果不确定大型机 LDAP 端口, 请参阅 Checking your CA LDAP Server for z/os Configuration Information ( 查看 CA LDAP Server for z/os 配置信息 ) 一节 LDAP 后缀指定要用于此端点的后缀单击获取后缀按钮后, 将自动使用所有有效的可用后缀填充此组合框为大型机 IP 地址 / 计算机名称字段和大型机 LDAP 端口字段提供有效值之后, 即可检索后缀第 6 章 : 已知问题 57

升级如果 Identity Manager 用户存储无法联系, 环境迁移则失败从 CA Identity Manager r8.1 SP2 进行升级时的环境迁移期间, 如果 Identity Manager 用户存储无法联系, 该环境将保持为未完成状态例如, 基础 URL 可能会缺失, 或者无法设置系统管理者变通方法 1. 删除受影响的环境 2. 将文件环境名称 EnvironmentMigrated.properties 重命名为环境名称 EnvironmentAutoMigrate.properties 该文件位于应用程序服务器部署位置 /IdentityMinder.ear/user_console.war/META-INF/ 3. 重新启动应用程序服务器 ( 仅 WebLogic) 更新选项包路径如果您正在使用 WebLogic, 请更新 Identity Manager 服务器的 Option Pack 文件夹的路径以成功启动更新 Option Pack 文件夹路径 1. 转到 weblogic_home\user_projects\domains\domain_name\bin 2. 打开 setdomainenv.cmd.bak 文件并复制始于 set JAVA_OPTIONS=%JAVA_OPTIONS% -DidFocusHomeDir 的行 3. 编辑 setdomainenv.cmd 文件, 并粘贴以上第二步中复制的行 set JAVA_OPTIONS=%JAVA_OPTIONS% setdomainenv.cmd 文件应读取如下 : set JAVA_OPTIONS=%JAVA_OPTIONS% -DidFocusHomeDir="<OP home folder>". set JAVA_OPTIONS=%JAVA_OPTIONS% 升级之后重新应用 WorkPoint 文件修改如果从 CA Identity Manager r8.1 SP2 或 r12 升级, 则将以下 WorkPoint 文件重命名为 filename.bak 并安装新版本文件升级之后重新应用对这些文件所做的任何修改 : 从 Workpoint/bin 目录 :Archive.bat/.sh Designer.bat/.sh init.bat/.sh 从 Workpoint/conf 目录 :workpoint-client.properties 58 版本说明

报告没有浏览和关联任务的搜索屏幕如果从 CA Identity Manager r12 升级或如果从 CA Identity Manager r12.5 升级并将浏览和关联任务迁移到新的重现模型 (p. 36), 那么浏览和关联任务中的浏览按钮不会正常工作变通方法为任务配置搜索屏幕, 以便单击新的浏览按钮时出现搜索屏幕报告下面是与 CA Identity Manager r12.5 SP1 报告相关的一些问题用户帐户报告生成失败如果记录数超过 20,000, 用户帐户报告则失败变通方法 1. 打开业务对象中央管理控制台 2. 单击服务器, 然后选择 servername.pageserver 3. 对于条目预览或刷新报告时要读取的数据库记录, 请选择无限记录 4. 使用 Crystal Reports Designer, 打开用户帐户报告 5. 在数据库设置数据库源位置下, 将数据库位置设置为 CA Identity Manager 快照数据库 6. 单击保存 7. 在数据库数据源专家下, 右键单击窗口右侧的命令 8. 输入报告模板的参数字段中显示的参数名 9. 更改左侧的查询并将该参数添加到查询, 例如, 如果您有 reportid 参数, 查询则显示如下 : Select * from endpointattributes, endpointview, imreport6 where endpointattributes.imr_endpointid = endpointview.imr_endpointid and endpointattributes.imr_reportid = endpointview.imr_reportid and endpointview.imr_reportid = imreport6.imr_reportid and imreport6.imr_reportid = {?reportid} 10. 保存该报告第 6 章 : 已知问题 59

报告使用 ExportAll.xml 捕获快照数据时出错使用 ExportAll.xml 快照定义捕获快照数据时, 该过程会失败, 并显示错误 java.lang.outofmemoryerror: Java heap space 当大量对象 ( 如用户 ) 加载到内存时, 就会发生该问题变通方法增加应用程序服务器启动脚本中的堆设置考虑将堆大小增加到 1000 MB 分配值,1400 MB 最高值此外, 在快照定义 XML 文件中, 考虑将对象的筛选条件拆分成多个条件例如, 请不要使用通配符 (*) 筛选器来加载所有用户, 而应指定多筛选, 如用户 ID 开始于 a, 用户 ID 开始于 b, 等捕获快照数据任务在完成时也显示为正在进行选中查看提交的任务的情况下, 尽管捕获快照数据任务已经完成, 但仍可能标记为正在进行然而, 如果您深入浏览捕获快照数据任务的详细信息部分, 则正确显示该任务已完成报告限制与单个报告任务关联的多个快照不能使用同一重现时间在 XML 文件中,Satisfy=All 运行不正常在快照参数 XML 文件中,satisfy=all 和 satisfy=any 均按照 satisfy=any ( 类似于 OR 运算符 ) 运行查看报告时会重定向到 Infoview 登录页在 CA Identity Manager 中查看报告时, 您可能会被重定向到 Business Objects Infoview 登录页变通方法 1. 请确保使用 CA Report Server (Business Objects) 的完全限定域名 2. 右键单击 Infoview 登录网页并且选择查看源文件 3. 查找该报告的 URL 4. 将该 URL 复制并粘贴到新的浏览器窗口 60 版本说明

报告 5. 如果看不到该报告, 则使用 http 跟踪工具来提供更多信息 6. 如果能看到该报告, 则尝试以下操作来修复浏览器设置 : 接受第三方 Cookie 允许会话 Cookie 删除高安全性设置为查看我的报告任务启用第三方 Cookie 要使用查看我的报告任务查看 CA Identity Manager 中的报告, 请在浏览器中启用第三方会话 Cookie 如果存在的记录多于 20,000 个, 生成用户帐户则失败如果存在的记录多于 20,000 个, 生成用户帐户报告则失败变通方法 1. 打开 Business Objects Central Management 控制台 2. 单击 Servers, 然后选择 servername.pageserver 3. 对于条目 Database Records To Read When Previewing Or Refreshing a Report 选择 Unlimited 记录数 4. 使用 Crystal Reports 设计器, 打开用户帐户报告 5. 使用 Database,Set Datasource Location, 将数据库位置设置为您的快照数据库 6. 保存该更改 7. 使用 Database,Datasource Expert, 右键单击窗口右侧的 Command 此时将在左侧显示 SQL 语法, 以及 Parameter 列表 8. 输入报告模板的 Parameters 字段中的属性名 9. 更改左侧的查询, 并在查询中添加该参数例如, 如果您有 reportid 参数, 该查询将为 : Select * from endpointattributes, endpointview, imreport6 where endpointattributes.imr_endpointid = endpointview.imr_endpointid and endpointattributes.imr_reportid = endpointview.imr_reportid endpointview.imr_reportid = imreport6.imr_reportid and imreport6.imr_reportid = {?reportid} 10. 保存该报告第 6 章 : 已知问题 61

配给对于 WebSphere, 非快照报告需要日期选取器非快照报告使用当前系统日期和时间值作为开始日期时间和结束日期时间然而, 这些值对于 WebSphere 不起作用当您单击排定报告时, 会出现错误变通方法使用日期选取器控件选择开始和结束日期时间配给下面是与 CA Identity Manager r12.5 SP1 配给相关的一些问题常规下面是 CA Identity Manager r12.5 SP1 中的常规配给问题高于 INFO 级别的 Solaris ECS 日志可能会影响配给服务器的性能启用高于 INFO 级别的 ECS 日志会导致在收到响应之前写入日志这会导致在写入日志时延迟请求变通方法如果遇到配给服务器性能不良时, 请将 ECS 日志关闭如果 JIAM 指定了错误的对象类名称,SPML 更新将失败全局用户名称中的特殊字符 JIAM API 有时可能会开始在发送至配给服务器的请求中使用错误删减的对象类名称, 配给服务器将拒绝该请求, 并生成错误配给服务器中内部一致性出错例如, 执行 etsbldirectory 对象更新时, 会将错误的对象类 etdirectory 发送至配给服务器可以通过重新启动 SPML 服务来解决此问题通过配给管理器, 您可以创建包含特殊字符 ( 例如反斜杠字符 [\]) 的全局用户名称不过,Identity Manager 服务器不支持带有特殊字符的用户名在配给管理器中创建名称中带有特殊字符的全局用户时,Identity Manager 将尝试在 Identity Manager 用户存储中创建相应用户 Identity Manager 用户存储中将出现错误, 并且创建用户任务将失败如果尝试在配给管理器中删除名称中带有特殊字符的全局用户, 也会出现错误 62 版本说明

配给添加端点时的已存在错误如果删除并重新添加名称完全相同的端点, 配给服务器有时会报告错误, 表明具有该名称的端点已存在如果将多个连接器服务器配置为管理该端点, 就会出现该错误该错误是由于在端点删除过程中出现问题 - 未向所有连接器服务器通知此删除变通方法重新启动所有已配置为管理该端点的连接器服务器配给服务器首选非本地 DNS 设置即使您将操作系统配置为首先采用本地主机表, 而非 DNS, 配给服务器安装程序仍然首选配给目录主机的 DNS 结果全局用户名的 SiteMinder 登录名限制如果某个全局用户需要登录 SiteMinder 策略服务器, 则该用户名不能包含下列字符或字符串 : & * : () 变通方法避免在全局用户名中使用这些字符某些 WebSphere 节点可能丢失对象在 WebSphere 群集中, 环境的更改可能不会显示在群集的一些节点上例如, 修改配给角色之后, 该更改可能不会显示在该 WebSphere 群集的其他节点上变通方法将服务集成总线从群集移至专用服务器上请参阅 Connecting Applications on the Service Integration Bus 上的 WebSphere 文档在 64 位 Linux 上更改密码不触发 UNIX PAM 服务 PAM 仅在 32 位 Linux 系统上受支持配给服务器包括过时的 SAWI/DAWI 引用配给服务器包括对于不再支持的 SAWI 和 DAWI 功能有控件的对话框使用 CA Identity Manager 自助功能, 而不是 SAWI 或 DAWI 第 6 章 : 已知问题 63

配给帐户同步在 CA Identity Manager 用户控制台中不可用症状 : 我无法验证帐户同步或无法同步 CA Identity Manager 用户控制台中的端点帐户解决方案 : CA Identity Manager 用户控制台不支持检查帐户同步或初始化帐户同步使用配给管理器为全局用户或角色验证帐户同步, 或为全局用户或角色启动帐户同步如果要为角色中的大量用户验证帐户同步, 那么请在父配给角色上验证同步这会检查包含在配给角色中的所有帐户模板上的同步要仅为一个端点同步帐户, 请创建端点帐户模板的一个配给角色, 并为该角色验证帐户同步配给管理器仅同步指定的端点帐户如果有不同步的帐户, 那么您可以同步所有帐户, 或从列表中选择要同步的帐户注意 : 有关帐户同步的详细信息, 请参阅配给管理器联机帮助创建链接到帐户模板的配给角色在 CA Identity Manager 中失败症状 : 我在 CA Identity Manager 12.5 到 CA Identity Manager 之前部署了使用 Connector Xpress 创建的 JNDI 项目并执行了浏览和关联我创建了帐户模板并添加了两个关联属性, 例如 : 管理者根据帐户模板创建配给角色并将配给角色分配给用户时, 我得到一条错误消息, 关联的帐户创建或更新失败解决方案 : CA Identity Manager 12.5 SP1 不支持在使用关联类型属性的 CA Identity Manager 12.5 之前使用 Connector Xpress 创建的 JNDI 项目我们建议您使用配给管理器来创建帐户模板 64 版本说明

配给影响挂起属性的反向同步策略 Java 连接器服务器 (Java CS) 如果您创建检测新建帐户并将其挂起的反向同步策略, 该挂起可遭到相关反向同步策略的拒绝请考虑以下示例 : 1. 管理员创建两个策略 : 检测新 Windows 帐户并挂起那些帐户的策略检测对 Windows 帐户中 N16SecurityFlag 属性所做的更改并拒绝该更改的策略 N16SecurityFlag 属性涉及帐户挂起 2. 端点用户使用端点上的本地工具创建 Windows 帐户 3. 新帐户策略将新帐户挂起升级过程中 connector.xml 文件重命名 4. 浏览和关联再次运行时, 它将检测帐户是否修改 5. 修改帐户策略检测对 N16SecurityFlag 属性所做的更改并拒绝该更改帐户不再被挂起该情况影响处理帐户挂起的任何端点类型在此示例中, 修改帐户策略应检测 etsuspend 中的更改而不是 n16securityflag 中的更改因此, 由于更改来自 etsuspend, 而 N16SecurityFlag 仅在端点上被更改且没有将其选为更改的属性下面是与 CA Identity Manager r12.5 SP1 中的 Java 连接器服务器相关的一些问题将 Java Connector Server 从 r8.1 SP2 升级到 r12.5 SP1 时, JCS_HOME/conf/override/* 之下的所有 connector.xml 文件将重命名为 connector.xml.orig 如果您使用这些 connector.xml 文件, 请在升级之后将这些文件重命名回原来的名称使用 " / 字符序列表示识别名时, 浏览 Java 连接器失败处理以下两字符序列时,Java CS 中存在未解决的问题 : "/ 以 JNDI API 标准使用的组合名称来表示跨越多种技术的识别名, 这种处理方法这非常重要第 6 章 : 已知问题 65

配给有关传递给 Java CS 的识别名中其他特殊字符的详细信息, 请参阅 http://ietf.org 上和 javax.naming.ldap.ldapname 的 JavaDoc 中的 LDAP RFC 2253 使用 Windows 服务重新启动 Java CS 服务失败使用 Windows 服务重新启动 Java CS 服务时, 可能会在其尚未完全关闭之前启动 Java CS 服务, 从而导致该服务失败变通方法在 JNDI 帐户名称中不应使用保留字符请使用 Windows 服务控制面板中的停止和开始按钮, 而不要使用重新启动按钮创建 JNDI 帐户时, 请不要在帐户名称中使用保留字符, 包括反斜线 (/) 尝试删除这些字符时, 会发生错误 JNDI 帐户管理屏幕 - 使用多个结构化对象类创建帐户失败不能使用多个结构化对象类创建帐户端点类型常规下面是与 CA Identity Manager r12.5 SP1 中管理端点类型相关的一些问题以下各节描述各种连接器的已知问题 : 使用重试自动锁定的端点必须配置较大的重试限制对于具有 N 次重试自动锁定行为的端点, 用于使用 Java CS 连接该端点的帐户应配置为较大的 ( 或者不受限制的 ) N 次数, 因为连接尝试次数会被 Java CS 很快用完当帐户由于超过 N 次数而被本机锁定时, 可能需要使用本机工具对其进行解锁, 然后才能重新获取该端点这取决于该端点的具体本机锁定行为 66 版本说明

配给对于用户控制台中的创建或修改任务, 帐户模板与帐户不同步使用用户控制台时, 不支持显式帐户同步变通方法使用配给管理器将帐户与帐户模板进行同步在端点和配给服务器之间导入时, 直接修改端点会导致故障 Active Directory 直接修改端点时 ( 不使用配给服务器 ), 由于端点和配给服务器之间的数据不一致, 所以在导入时会返回故障两个示例包括 : 有人使用本地工具从 MSSQL 端点中删除表, 这样会导致一些用户得到不再存在的资源要解决这个故障, 请使用配给服务器再次浏览端点有人删除端点上的某些服务器角色, 仍旧分配那些服务器角色的帐户模板就会收到在端点上不再存在的额外角色要解决这个故障, 请从帐户模板中手工删除那些已删除的服务器角色以下各节描述 Active Directory 连接器的已知问题 : 使用 Active Directory 连接器搜索子树时的不正确结果对包含多个组织单元 ( 每个组织单元中包含大量对象 ) 的子树执行子树搜索时, 搜索可能错误地不返回任何对象例如, 如果搜索限制大小设置为 500, 而每个组织单元中的对象数均超过该限制, 将不返回任何结果即使搜索筛选将搜索限制大小缩小到 500 以内, 搜索可能仍错误地不返回任何对象变通方法增加搜索限制大小 ADS2008 端点的端点说明显示为数字使用用户控制台查看或修改 ADS2008 端点时, 该 ADS 服务器选项卡上的域控制器域和林字段值均显示作为数字将 Office Communication Server 属性设置为真时的所需字段如果将启用 Office Communication Server 属性设置为真, 则需要以下三个字段, 并在使用 ADS 端点时将他们进行设置 : 主服务器 SIP URI 第 6 章 : 已知问题 67

配给 DB2 和 DB2 for z/os 获取 DB2 z/os 端点导致 CCS 崩溃以下各节描述 DB2 和 DB2 for z/os 连接器的已知问题 : DB2 UDB 连接器和 DB2 z/os 连接器必须将请求路由至不同的 C++ 连接器服务器 (CCS) 变通方法在一台单独的计算机上另安装一个 CCS, 以便每个 DB2 UDB 连接器和 DB2 z/os 连接器都在各自的 C++ 连接器服务器上进行托管 DB2 帐户模板中授权机构授予的属性是功能属性 UNIX ETC 和 UNIX NIS 配给服务器中 DB2 帐户模板中授权机构授予的属性当前显示为初始属性, 但实际上是功能属性以下各节描述 UNIX ETC 和 UNIX NIS 连接器的已知问题 : S390 上运行的 Linux 操作系统上的 ETC 远程代理出现故障 OpenVMS 在 S390 主机上运行的 Linux 操作系统上尝试安装 ETC 远程代理时出现故障, 出现以下错误 : #./IdentityManager.LinuxS390.sh lsm.exe: error while loading shared libraries: libncurses.so.4: cannot open shared object file: No such file or directory." 变通方法您需要找到并安装用于该操作系统的版本 4 ncurse 以下各节描述 OpenVMS 连接器的已知问题使用 SPML 对 VMS 的删除帐户权限进行修改时失败您无法使用 SPML 删除 VMS 帐户上 accountrights 属性中的值 SPML 客户端将返回一条成功消息, 但是帐户不会更新变通方法使用配给管理器来执行此类修改 68 版本说明

配给无法为 OpenVMS 帐户设置辅助密码 OpenVMS 远程代理工具 vmsautil 不会强制执行用户帐户的 OpenVMS 主要 / 辅助密码的语义如果在未设置主要密码的情况下尝试指定辅助密码, 操作将失败, 并显示错误消息密码太短变通方法 VMS 属性 etvmspwdlifetime 显示为不同步无法设置 VMS 密码标志尝试为帐户设置辅助密码之前, 总是首先重置主要密码如果将帐户模板属性永不过期设置为 True ( 选中 ), 则执行检查帐户同步操作之后, 密码使用期 (etvmspwdlifetime) 属性将显示为不同步如果帐户添加或修改操作请求未对 etvmsaccessflags 设置值, 则执行此类操作时, 不会正确设置 etvmspwdflags 属性变通方法 VMS 迁移密码属性显示为不同步权限属性 NDS NDS 连接器无法浏览新容器添加或修改请求应包含 etvmsaccessflags 属性和 etvmspwdflags 属性的值字段 MIGRATEPW 设置为 True ( 选中 ) 的所有 VMS 帐户或帐户模板在执行检查帐户同步操作之后, 都会将 etvmspwdflags 显示为不同步由于连接器问题, 权限属性不在反向同步策略中发挥作用避免在反向同步策略中使用该属性以下各节描述 NDS 连接器的已知问题获取 NDS 端点后, 首次浏览尝试找到并添加容器如果使用 NDS 本地工具添加容器, 然后尝试重新浏览端点, 则新添加的容器及其子条目将不显示在树中变通方法从配给服务器删除该端点, 然后重新获取并浏览该端点, 以查看这些新容器第 6 章 : 已知问题 69

配给 NDS 连接器说明为单值字段 E2Kx 管理邮箱权限时显示 E2K CAFT 错误初始创建后 E2K7 邮箱不同步在 NDS 连接器中, 帐户说明为单值字段, 但在 NDS 端点中, 帐户说明为多值字段以下各节描述 E2Kx 连接器的已知问题 : 管理邮箱权限时可能会返回错误消息 CAFT 消息 : 访问被拒绝 - 或无法执行命令 ( 即使正确配置了 Exchange 远程代理 ) 如果邮箱权限列表中存在针对同一对象的多个权限, 可能会出现此问题, 如果受管理的 Exchange 对象从父对象继承权限, 通常会发生此问题在选中使用强同步的情况下创建帐户模板并将某个全局用户与该帐户模板同步之后, 右键单击该全局用户, 然后选择帐户同步此时邮箱权限不会同步变通方法启用电子邮件组中未设置电子邮件地址选择 Exchange 高级, 邮箱权限, 添加 ( 使用 SHIFT+ 添加方式 ), NT 授权 \ 已验证用户, 仅读取权限创建组并选中创建 Exchange 电子邮件地址的情况下, 不会为该组设置电子邮件地址变通方法创建该组之后, 转到电子邮件地址选项卡, 在此处应用新的电子邮件地址尝试修改一个具有 E27K 邮箱的帐户时显示错误消息尝试创建 E2Kx 邮箱时错误消息显示不足尝试修改一个具有 E27K 邮箱的帐户时显示错误消息该错误是良性的, 可以忽略对于 INT 字段中的字符显示一条不足错误消息错误 [-]?[\d]* 表示该必填字段必须是数字 70 版本说明

配给消息限制不允许在配给管理器中同时选择 Only From 和 From Everyone Except PKI PKI 帐户显示为重复创建 PKI 帐户时显示电子邮件通知警告 Exchange Server 2007 允许管理员同时选择仅接受来自下列列表中发件人的邮件和拒绝来自下列列表中配给管理器则只允许选择一个这是 Exchange 2003 中的行为如果在 Exchange 2007 中就已经两个都选中, 该功能在配给管理器中将失效以下各节描述 PKI 连接器的已知问题 : PKI 连接器不支持 Entrust PKI 层级端点, 并将所有帐户存储在展开列表中因此, 具有相同名称的一个唯一 Entrust PKI 帐户将显示为 PKI 连接器的重复内容如果获取了使用代理配置文件的 PKI 端点, 并打开了电子邮件通知, 则在未指定创建配置文件选项的情况下无法创建新的 PKI 帐户变通方法请执行下列操作之一 : 不使用代理配置文件获取该端点获取该端点时禁用电子邮件通知, 然后转至该端点手工查看参考编号 PKI 连接器不支持国际化 SAP 分配 SAP 合约用户类型配给管理器中无法正确显示带有非 7 位 ASCII 字符的帐户, 因为 PKI 连接器不支持国际化以下各节描述 SAP 连接器的已知问题在许可数据选项卡中将合约用户类型分配给用户时, 更改只能应用于主系统, 而无法应用于任何子系统变通方法您可以在本地为这些子系统更改合约许可类型第 6 章 : 已知问题 71

配给 SAP 端点不从 SAPlogon.ini 文件进行预填充配给管理器在 Windows 2008 上运行时,SAP 的端点详细信息不会从 SAPlogon.ini 文件进行预填充注意 : 该问题仅针对运行在 Windows 2008 上的配给管理器变通方法 SAP 合约用户类型属性中的强制字段您必须将 SAPlogon.ini 的内容手动输入到配给管理器中对于可在帐户的许可数据选项卡上指定的合约用户类型, 除 LIC_TYPE 字段之外不能具有其他强制字段例如, 如果必须指定 SAP R3 系统 (SYSID) 的名称才能使用合约用户类型, 则分配将失败, 并将出现错误, 表明 SAP R3 系统的名称中缺少一个值帐户许可数据选项卡中的合约用户类型属性无法用于所有许可类型 Siebel 在多个端点上创建帐户时的 SBL 错误 Lotus Notes/Domio 注册过程中不创建 LND 帐户邮件文件从可用列表中选择某个用户类型时, 只有一些用户类型起作用一些许可类型会出现 BAPI 函数引用错误原因是一些用户类型包含无法识别的多余字段以下各节描述 Siebel 连接器的已知问题列出多个端点的帐户模板只能列出存在于所有端点上的 Siebel 组以下各节描述 Lotus Notes/Domino 连接器的已知问题 : 在配给管理器 LND 帐户创建窗口的配置文件选项卡页面中, 包含一个称为创建副本的复选框管理群集环境中的 Domino 端点时, 如果选中了创建副本复选框, 则应在群集环境中创建帐户的副本及其相关联的邮件文件在此版本中, 不在注册过程中创建副本邮件文件 72 版本说明

配给 CA SSO Connector for Advanced Policy Server 以下各节描述 CA SSO Connector for Advanced Policy Server 的已知问题 : 指定 etplscountry 的情况下 PLS 帐户搜索返回不存在的帐户在 PLS 帐户的搜索请求中包括 etplscountry 属性时, 该搜索响应将返回条目, 即使在端点或配给存储库中不存在具有该名称的帐户也是如此 PLS 连接器无法向应用程序添加 2000 以上的帐户 ACF2 RACF 和 CA Top Secret 您一次不得向应用程序添加 2000 以上的帐户如果您有超过 2000 的帐户要进行添加, 则必须将这些帐户拆分成多个操作以下各节描述大型机连接器的已知问题 : CA LDAP Server for z/os 在使用 RACF 连接器或在 r12.0 和以上版本中使用创建 / 删除别名处理之前必须应用适当维护如果您正在使用 RACF 连接器的任何功能, 或如果您正在使用 ACF2 或 TSS 连接器中的创建 / 删除别名处理, 请联系技术支持进行适当维护当您联系技术支持时, 请确保指定正在使用哪个 r12.5 版本的 CA Identity Manager, 以及正在使用 CA LDAP Server for z/os 的哪个版本 CA LDAP Server r12 和 CA LDAP Server r14 有不同的修正, 我们要确保提供正确的模块用户控制台中创建的 ACF2 和 TSS 帐户模板不支持用户定义的字段 RSA SecurId 7 使用用户控制台对于 ACF2 和 TSS 用户定义的字段的支持不可用您可以使用配给管理器继续管理这些字段以下各节描述 RSA SecurId 7 连接器的已知问题 : 第 6 章 : 已知问题 73

配给将配给角色分配给全局用户以创建 RSA 信任用户帐户失败 Salesforce.com 在 Windows 和 Solaris 上有效症状 : 将配给角色分配给全局用户以在 CA Identity Manager 中创建 RSA 信任用户时, 帐户创建失败解决方案 : 帐户创建失败的原因是帐户模板包含不是 RSA 信任用户所需的默认规则字符串 %P% %UL% 和 %XD% 在您首次创建模板并删除不必要的规则字符串时, 规则字符串会在分配模板时再次出现为 RSA 信任用户创建模板时, 请执行以下内容 1. 使用默认规则字符串创建模板, 然后单击提交 2. 修改帐户模板, 并在帐户选项卡上删除密码和启动日期字段中的 %P% %XD% 规则字符串 3. 在用户选项卡上删除启动日期字段中的规则字符串 %UL% 4. 提交模板 Salesforce.com - 帐户删除和挂起 5. 将配给角色重新分配给全局用户以下各节描述 Salesforce.com 连接器的已知问题本部分包含以下主题 : 删除 Salesforce.com 帐户时出现错误消息删除 Salesforce.com 帐户时出现错误消息 (p. 74) 帐户挂起 (p. 75) 端点设置选项卡的联机帮助不与屏幕上的选项匹配 (p. 75) 症状 : 在我试图删除 Salesforce.com 帐户时, 收到错误消息, 无法执行 DeleteSalesforceUser 尝试进行直接或间接删除 Salesforce.com 帐户的操作时, 错误就会发生例如, 删除创建该帐户的角色 74 版本说明

配给解决方案 : 如果在 CA Identity Manager 用户控制台中的端点设置选项卡上选择帐户将从配给目录和管理端点中删除 (Salesforce 不支持 ) 选项, 则会生成该消息该选项不适用于 Salesforce.com 连接器, 因为 Salesforce.com 不支持帐户删除默认情况下, 要执行 Salesforce.com 帐户上的删除操作, 应选择将挂起帐户选项要指定 Salesforce.com 帐户上启动的所有删除操作将挂起 Salesforce.com 端点上的帐户, 请执行以下操作 : 1. 在 CA Identity Manager 用户控制台中的端点设置选项卡上, 请选择将挂起帐户这指定在 Salesforce.com 帐户上启动的所有将来的删除操作将挂起 Salesforce.com 端点上帐户, 并将其置于 DeletePending 状态 2. 重新删除帐户该帐户在 Salesforce.com 端点上挂起, 并在 CA Identity Manager 中显示为 DeletePending 状态帐户挂起您不得使用 Salesforce.com 连接器来删除 Salesforce.com 用户, 因为 Salesforce.com 不支持帐户删除默认情况下, 已将 CA Identity Manager 配置为挂起 Salesforce.com 端点上的帐户, 并在尝试直接或间接删除 Salesforce.com 帐户的任何操作发生时将该帐户置于 DeletePending 状态例如, 删除创建该帐户的角色默认情况下, 将挂起帐户选项在 CA Identity Manager 用户控制台的端点设置选项卡上为选中状态注意 : 有关挂起和恢复用户帐户的详细信息, 请参阅 CA Identity Manager 用户控制台联机帮助端点设置选项卡的联机帮助不与屏幕上的选项匹配症状 : 在我显示有关 Salesforce.com 端点的端点设置选项卡的联机帮助时, 联机帮助中显示的字段与我在屏幕上看到的选项不匹配解决方案 : 正确的字段是 : 将挂起帐户 ( 默认 ) 指定在 Salesforce.com 帐户上启动的任何删除操作会挂起 Salesforce.com 端点上的帐户帐户被放入 CA Identity Manager 的 DeletePending 状态第 6 章 : 已知问题 75

配给帐户将从配给目录和管理的端点中删除 (Salesforce 不支持 ) 重要说明!Salesforce.com 不支持删除帐户我们建议您不使用该选项用于 Salesforce.com 帐户 Salesforce.com - 配给管理器中不支持帐户和端点管理配给管理器不支持 Salesforce.com 对象的管理使用 CA Identity Manager 用户控制台来管理 Salesforce.com 对象 Salesforce.com - 用户在密码重置时不会从 Salesforce.com 接收到带有临时密码的电子邮件症状 : 我使用 CA Identity Manager 用户控制台中的 Salesforce.com 连接器的帐户选项卡中的重置密码复选框重置用户密码用户没有从 Salesforce.com 接收到带有临时密码的电子邮件用户帐户被锁定解决方案 : Salesforce.com 存在已知问题, 防止您通过 CA Identity Manager 用户控制台重置用户密码通过 CA Identity Manager 用户控制台的帐户选项卡上的密码和确认密码字段设置用户密码于是您可以手工将新密码传递给用户 Salesforce.com - 将配给角色分配给挂起的帐户不会自动恢复该帐户症状 : 在我将配给角色分配给 CA Identity Manager 中的挂起帐户时, 配给角色获得重新分配, 但不会自动恢复如果您使用端点设置选项卡中的将挂起帐户选项, 会发生该错误解决方案 : CA Identity Manager 在将配给角色重新分配给帐户时不支持恢复挂起的帐户将角色分配给 Salesforce.com 连接器的 CA Identity Manager 帐户之后, 请执行以下操作 : 1. 在 CA Identity Manager 中, 找到修改用户的端点帐户, 并选择要恢复的端点帐户 2. 单击恢复 3. 系统提示确认要恢复的帐户时, 请单击是即恢复该帐户 76 版本说明

配给 Salesforce.com - 创建 Salesforce.com 帐户时出现错误消息症状 : Salesforce.com - 会话超时在我创建 Salesforce.com 帐户时, 我收到错误消息 : 无法执行已经创建的 Salesforce.com 用户 CreateSalesforceUser, 但一些其他操作失败我找不到在 CA Identity Manager 用户控制台中创建的帐户解决方案 : 您创建用户帐户时, 在以下情况下会发生错误 : 您指定的密码没有满足 Salesforce.com 最小的密码复杂性要求例如, 您指定的密码长度不到八个字符这发生的原因是因为 Salesforce.com 允许您创建帐户, 而没有指定密码该帐户在 CA Identity Manager 中创建, 但是由于没有与全局用户关联, 而无法查看该帐户出现在 Salesforce.com 组织中, 但是尚未设置密码您将该用户指定为不存在公共组的成员在以下情况下会发生这种情况 : 该组在 Salesforce.com 端点上被删除, 但是您没有在 CA Identity Manager 中执行浏览和关联用来创建用户的帐户模板指定不存在的组 CA Identity Manager 忽略所有无效的组成员身份请执行下列操作之一 : 如果您收到错误消息, 说明在创建帐户时指定的密码没有满足最小的密码复杂性要求, 那么请在 CA Identity Manager 用户控制台中设置满足最小的密码复杂性要求的密码您创建的用户帐户在 CA Identity Manager 中与全局用户关联并立即可见如果您收到错误消息, 说明用户是不存在公共组的成员, 则将用户添加到正确的组中本部分包含以下主题 : 错误 : 无法将字符串转换到 Salesforce.com 或在 SessionHeader 中发现无效会话 ID (p. 78) 配置 Salesforce.com 连接器会话超时值 (p. 78) 指定验证活动会话的方式 (p. 79) 错误消息 - 主机不接受在 nnnn 毫秒超时之内的连接 (p. 79) 第 6 章 : 已知问题 77

配给错误 : 无法将字符串转换到 Salesforce.com 或在 SessionHeader 中发现无效会话 ID 症状 : 在我创建 Salesforce.com 帐户时, 我收到消息 : 无法将字符串转换到 Salesforce.com 或在 SessionHeader 中发现无效会话 ID 解决方案 : 配置 Salesforce.com 连接器会话超时值默认情况下,CA Identity Manager 不验证 Salesforce.com 会话的有效性, 该会话可以超时为了减少会话超时的可能性, 我们建议您按照以下顺序尝试以下解决方案 : 1. 配置 Salesforce.com 连接器会话超时值 (p. 78) 2. 如果配置 Salesforce.com 连接器会话超时值没有解决这个问题, 您可以尝试指定验证活动会话的方式 (p. 79) 为了减少会话超时的问题, 我们建议您首先验证值不冲突, 这些值指定 CA Identity Manager 和 Salesforce.com 之间的会话仍然有效的时间长度在 Salesforce.com 连接器的 connector.xml 文件中指定的会话超时应等于或小于 Salesforce.com 组织中指定的会话超时配置 Salesforce.com 会话超时值 1. 在您的 Salesforce.com 组织中, 获取为 Salesforce.com 组织指定的会话超时值注意 : 有关详细信息, 请参阅 Salesforce.com 组织中管理设置下的会话设置 2. 在 Salesforce.com 的 connector.xml 文件中, 请验证 minevictableidletimemillisis 值等于或小于在 Salesforce.com 组织中指定的会话超时例如, 如果 Salesforce.com 会话超时值是 15 分钟, 那么在 connector.xml 文件中指定的会话超时值应等于或小于 900000 毫秒 3. 如果会话超时值大于在 Salesforce.com 组织中指定的会话超时值, 则在 connector.xml 文件中编辑 minevictableidletimemillis 值注意 : 有关自定义 connector.xml 文件的详细信息, 请参阅 Java Connector Server Implementation Guide ( Java 连接器服务器实施指南 ) 4. 如果继续体验会话超时, 请尝试指定验证活动会话的方式 (p. 79) 78 版本说明

配给指定验证活动会话的方式要减少会话超时, 您可以指定验证活动会话的方式减少会话超时 1. 如果配置 Salesforce.com 连接器会话超时值 (p. 78) 没有解决超时问题, 那么我们建议您首先尝试指定会话在池中空闲时不时对其进行验证在 connector.xml 中, 请设置以下属性 : testonborrow = false testwhileidle= true 就 API 调用而言, 此解决方案比指定为每次从池中借用会话时对其进行验证的方法要便宜, 且可以解决会话超时的问题 2. 如果前面的解决方案没有解决该问题, 则请尝试指定每次从池中借用会话时对其进行验证的方法这种方法解决该问题的同时, 它也是相当昂贵的 ; 因为每次从池中借用会话时都会执行一次其他 API 调用在针对用户的单个操作过程中可以多次借用连接在 connector.xml 中, 请设置以下属性 : testonborrow = true testwhileidle= false 错误消息 - 主机不接受在 nnnn 毫秒超时之内的连接症状 : 注意 : 我们建议您不要将两个属性均设置为 true, 否则这会增加 API 调用的次数注意 : 有关自定义 connector.xml 文件的详细信息, 请参阅 Java Connector Server Implementation Guide ( Java 连接器服务器实施指南 ) 我收到错误消息, 说明主机没有接受在 nnnn 毫秒超时之内的连接解决方案 : SOAP 客户端已经超时增加 Salesforce.com connector.xml 文件中 timeoutinmilliseconds 属性值一分钟, 直到解决这个问题这会增加 Axis2 客户端超时值, 并可以解决该问题注意 : 有关自定义 connector.xml 文件的详细信息, 请参阅 Java Connector Server Implementation Guide ( Java 连接器服务器实施指南 ) 第 6 章 : 已知问题 79

配给 Salesforce.com - 对象显示为 CA Identity Manager 用户控制台中的 Salesforce 症状 : RSA ACE (SecurID) 连接器在 CA Identity Manager 用户控制台中, 我仅看到 Salesforce 对象, 而不是下拉列表中的 Salesforce.com 对象解决方案 : 在 CA Identity Manager 用户控制台中, 使用 Salesforce 作为描述符显示 Salesforce.com 对象, 而不是 Salesforce.com 例如,Salesforce.com 端点在下拉列表中显示为 Salesforce 该错误是显示错误, 并不影响对 Salesforce.com 端点的管理以下各节描述 RSA ACE (SecurID) 连接器的已知问题 : 80 版本说明

配给安装或者升级 RSA 远程代理时由于 ECS 问题而失败在 Windows 和 Solaris 上有效症状 : 在我安装或升级 RSA 远程代理时, 由于 ECS 问题有时会失败远程代理升级和全新安装失败, 消息为应用转换时发生错误请验证指定的转换路径是否有效安装回滚, 且没有安装代理解决方案 : 1. 请执行以下操作 : a. 在尝试安装 ECS 之前重新启动计算机 b. 检查是否有足够的磁盘空间 c. 确保没有其他会话的安装软件包正在运行 d. (Windows) 验证在后台没有 Windows 自动更新正在运行 2. 如果在启动升级 RSA 代理之前,ECS 安装损坏, 则请执行以下操作 : a. (Windows) cd RemoteAgent\RSA\windows\ CA Enterprise Common Services.exe CA Enterprise Common Services Setup Maintenance 程序启动选择删除, 然后遵循提示操作 (Solaris) 卸载 ECS: cd /opt/ca/ecs/scripts./ecsuninstall.sh b. (Solaris) 如果卸载脚本失败, 请手工删除 ECS: rm -rf /opt/ca/ecs rm -f /etc/.ecspath rm -f /opt/ca/sharedcomponents/lib c. 找到 ECS: (Windows) cd RemoteAgent\RSA\windows\ (Solaris) cd RemoteAgent/RSA/solaris/ecs-installation d. 运行 ECS: (Windows) CA Enterprise Common Services.exe CA Enterprise Common Services Setup Maintenance 程序启动选择修复, 请遵循提示, 使用默认选项第 6 章 : 已知问题 81

配给 (Solaris)./eCSinstall.sh /opt/ca/ecs ECS 完成 3. 运行 RSA 代理安装程序本地副本即升级 82 版本说明

第 7 章 : 已修复问题 CA Identity Manager r12.5 SP1 包括下表中的修正该版本也包括来自 CA Identity Manager r12 CR 1-8 的修正和增强支持票据 1697804 7 1714500 5 1866409 2 1875837 3 1872621 0 1872685 0 1874518 3 1875108 7 1824071 8 1862443 6 1894218 2 不可用不可用摘要从 etrust Admin 8.1 SP2 升级至 Identity Manager r12.5 后, 升级之前获取的所有 Microsoft SQL 或 Oracle 端点均需要使用配给管理器手工重新配置, 以使用 JDBC URL 替代数据源名称 (DSN) 尝试在配给管理器中打开 PKI 组属性页时, 将显示错误消息无法显示请求的属性页在单独的服务器上安装 SiteMinder 扩展时, 系统仅为 SiteMinder 安装目录提示用户使用 Connector Xpress 来为 Oracle Internet 目录建立连接器时, 在映射过程中出现错误到 SiteMinder 的 CA Identity Manager 扩展在 Linux 上不可用在 WebSphere 群集上部署 CA Identity Manager 后,JDBC 密码被存储为纯文本本地化示例包含本地化和 location2 文件夹, 令人混淆添加到 AD 连接器的新选项卡在配给管理器中可见, 但不在用户控制台中将 imr_attrvalue 列设置为 20 个字符长度时, 捕获快照任务失败使用 RoleDefGenerator 为 LDAP DYN 端点类型生成屏幕任务和角色时, 发生异常针对启用 / 禁用用户或修改用户任务, 将帐户同步设置为 OnEveryEvent, 且更新了用户的启用状态, 那么发送到配给服务器的请求丢失 etsyncaccounts=1, 因此没有同步新值与关联的帐户如果将 LANG 在 Linux 系统上设置为 xxxutf-8, 在工作流启动过程中则可能出现 sun.io.malformedinputexception 错误在 Linux 的 WebSphere 中会有此类情况第一次单击查看用户活动任务中用户启动选项卡时, 会发生错误第 7 章 : 已修复问题 83

配给不可用不可用不可用不可用如果在 CA Identity Manager 升级期间尝试目录和环境的自动迁移, 则可能会收到一个 SiteMinder 错误如果更改了默认的 SiteMinder 身份验证端口 (44442), 安装程序则会错误检测到 SiteMinder 未在运行, 并不允许您继续如果更改其中一个指定的配给服务器,CA Identity Manager 可能会将故障转移请求发送到最初的配给服务器, 而不是新的配给服务器安装 CA Identity Manager 时, 必须使用完全限定 URL 如果在生产模式中使用 WebLogic 9 或 WebLogic 10, 则安装或升级 Identity Manager EAR 后首次启动该应用程序服务器时, Identity Manager EAR 可能不会自动部署不可用升级映射 DYN 属性将元数据重新部署到 DYN 端点类型中之后, 使用 RoleDef 生成器工具生成的端点屏幕上的第一个选项卡不会显示不可用在配给管理器中, 在包含日语字符的组织和组织单元中创建的帐户不在成员选项卡中显示其组员资格 84 版本说明

第 8 章 : 文档以下是 CA Identity Manager 指南的文件名称 : 指南名版本说明 Implementation Guide Installation Guide for WebLogic Installation Guide for WebSphere Installation Guide for JBoss Upgrade Guide Configuration Guide Administration Guide User Console Design Guide Programming Guide for Java Provisioning Reference Guide Connectors Guide Connector Xpress Guide Java Connector Server Implementation Guide Programming Guide for Java Connector Server Glossary 总目录文件名 im_release_chs.pdf im_impl_enu.pdf im_install_weblogic_enu.pdf im_install_websphere_enu.pdf im_install_jboss_enu.pdf im_upgrade_enu.pdf im_config_enu.pdf im_admin_enu.pdf im_uc_design_enu.pdf im_dev_enu.pdf im_provisioning_reference_enu.pdf im_connectors_enu.pdf im_connector_xpress_enu.pdf im_jcs_impl_enu.pdf im_jcsprog_enu.pdf im_glossary.pdf im_bookshelf_enu.zip 此部分包含以下主题 : 总目录 (p. 86) 在线帮助功能增强 (p. 86) etrust 到 CA 的品牌重塑 (p. 87) 术语更改 (p. 87) 文档更改 (p. 88) 第 8 章 : 文档 85

总目录总目录通过总目录, 可从一个界面访问所有 CA Identity Manager 文档总目录包括以下内容 : 所有 HTML 格式的指南内容的可展开列表所有指南的全文搜索, 其中搜索结果分级排序, 搜索术语在内容中突出显示允许您链接到更高级别主题的页面地址导航所有指南中主题的单一 HTML 索引用于打印的 PDF 版本指南的链接使用总目录 1. 从 CA 支持站点下载总目录 2. 提取总目录 ZIP 文件的内容注意 : 要获得最佳性能, 在远程系统上安装总目录时, 请将总目录设置为可以从 Web 服务器进行访问 3. 按以下方式查看总目录 : 如果总目录位于本地系统上, 且您使用的是 Internet Explorer, 请打开 Bookshelf.hta 文件如果总目录位于远程系统上, 或如果您使用的是 Mozilla Firefox, 请打开 Bookshelf.html 文件注意 : 要获得最佳性能, 在远程系统上安装总目录时, 请将总目录设置为可以从 Web 服务器进行访问总目录需要使用 Internet Explorer 6 Internet Explorer 7 或 Mozilla Firefox 2 要查看 PDF 指南的链接, 需要使用 Adobe Reader 7 或 Adobe Reade 8 可以从 www.adobe.com 下载 Adobe Reader 注意 :r12 和 r6.0 SP5 的 CA SiteMinder 总目录已使用 CA Identity Manager 所使用的同一总目录格式发布到 CA 支持站点上在线帮助功能增强现在, 用户控制台在线帮助和管理控制台在线帮助具有以下功能 : 页面地址导航指明您在帮助层次结构中的位置, 使导航更加便捷它们位于帮助页面的顶部 86 版本说明

etrust 到 CA 的品牌重塑搜索突出显示在结果页面中, 用黄色突出显示您搜索的上下文导航按钮显示上一页和下一页箭头按钮, 使导航更加便捷它们位于帮助页面的顶部, 页面地址导航下方 etrust 到 CA 的品牌重塑目前, 某些 CA 安全产品的品牌正从 etrust 转变为 CA 在此转变期间, 文档中可能会同时提及 etrust 产品和 CA 产品例如,eTrust Directory 现在的品牌名称为 CA Directory 文档内提及的任何 etrust 产品相当于使用新 CA 品牌的同一产品术语更改现在的 etrust Admin 客户可能会注意到, 由于 etrust Admin 成为了 CA Identity Manager 的一部分, 现在某些术语已经发生了变化下表对这些变化进行了说明 : etrust Admin 术语 etrust Admin 服务器 etrust Admin 管理器目录命名空间策略或配给策略角色分布式超级代理框架超级代理选项管理目录或管理存储库 Identity Manager 企业目录企业用户 Identity Manager 中的新术语配给服务器配给管理器端点端点类型帐户模板配给角色连接器服务器框架 C++ 连接器服务器连接器配给目录 Identity Manager 用户存储入站管理员第 8 章 : 文档 87

文档更改文档更改以下内容是我们从 CA Identity Manager r12.5 起对文档集做出的更改 Installation Guide 和 High Availability Guide CA Identity Manager 的高可用性内容已合并到了每种应用程序服务器的 Installation Guide 中不再提供单独的指南来介绍高可用性内容 Upgrade Guide CA Identity Manager r12.5 中的一个新指南所有与 CA Identity Manager 升级有关的内容均已从 Installation Guide 中分离出来, 被单独放入到了 Upgrade Guide 中 User Console Design Guide 该新指南主要面向在安装之后初次配置 Identity Manager 环境的系统管理员该指南包括自定义任务 ( 包括任务导航和屏幕设计 ) 商标和本地化方面的信息 Programming Guide for Provisioning 该指南描述了一些已弃用的配给 API (p. 39), 已从总目录中删除现在该指南与这些 API 的安装包一起提供 88 版本说明

附录 A: 第三方声明此部分包含以下主题 : Apache (p. 89) ANTLR 2.7.5H# (p. 96) ASM 3 (p. 97) DOM4J (p. 97) HSQLDB 1.7.3 (p. 99) HSQLDB 1.8.0 (p. 101) IBM DB2 Driver for JDBC and SQLJ (p. 102) Jaxen 1.3 (p. 102) JDOM 1.11 (p. 104) JSON 1.0 (p. 105) jtopen 5.1.1 (p. 105) libcurl 7.15.0 (p. 106) MX4J 3.0.2 (p. 107) Oracle JDBC Driver 10g Release 2 (p. 109) Rhino 1.5R5 (p. 110) Rhino 1.7R1 (p. 119) SAAJ 1.2 (p. 131) SAXPath 1.1 (p. 132) SpiderMonkey 1.5 (p. 133) Sun JDK 1.6.0 (p. 134) Xinha.96 Beta 2 (p. 142) Apache Portions of this product include software developed by the Apache Software Foundation. Apache Ant 1.6.5 Apache Axis 1.1 Apache Axis 1.2 Apache Axis 1.2.1 Apache Axis 1.4 Apache Axis2/Java 1.5 Apache Bean Scripting Framework 2.4.0 Apache Jakarta Commons BeanUtils 1.6.1 and 1.7 Apache Commons Cli 1.0 附录 A: 第三方声明 89

Apache Apache Jakarta Commons Codec 1.3 Apache Jakarta Commons Collections 3.1 Apache Jakarta Commons DBCP 1.2.1 Apache Jakarta Commons Validator 1.2 Apache Commons Digester 1.7 Apache Commons Discovery 0.2 Apache Commons EL 1.0 Apache Commons File Upload 1.2 Apache Commons IO 1.3.1 Apache Commons Lang 2.1 Apache Commons Logging 1.0.4 Apache Commons Pool 1.3 Apache Derby 10.4.2 Apache ehcache 1.2.4 Apache Jakarta Taglibs 1.0.6 Apache Jakarta ORO 2.0.8 Apache Jakarta Slide 2.1 Apache Log4j 1.2.8 Apache HttpClient 3.0 Apache MyFaces 1.1.5 Apache JSTL Taglib 1.1 Apache POI 3.2 Apache Quartz 1.5.2 Apache Spring Framework 1.2.8 Apache StAX 1.2 90 版本说明

Apache Apache Struts 1.2.7 and 1.2.9 Apache Velocity 1.4 Apache Xalan-C 1.9.0 Apache Xalan-J 2.6.0 Apache xmltask 1.13 The Apache software is distributed in accordance with the following license agreement. Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. 'License' shall mean the terms and conditions for use, reproduction,and distribution as defined by Sections 1 through 9 of this document. 'Licensor' shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. 'Legal Entity' shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, 'control' means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 'You' (or 'Your') shall mean an individual or Legal Entity exercising permissions granted by this License. 'Source' form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. 'Object' form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and versions to other media types. 附录 A: 第三方声明 91

Apache 'Work' shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work(an example is provided in the Appendix below). 'Derivative Works' shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. 'Contribution' shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, 'submitted' means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as 'Not a Contribution.' 'Contributor' shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 92 版本说明

Apache 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s)with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a 'NOTICE' text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 附录 A: 第三方声明 93

Apache 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 94 版本说明

Apache 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/license-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 附录 A: 第三方声明 95

ANTLR 2.7.5H# ANTLR 2.7.5H# Portions of this product include software developed by the ANTLR.org. The ANTLR software is distributed in accordance with the following license agreement. ANTLR 2.7.5H# License [The BSD License] Copyright (c) 2005, Terence Parr All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 96 版本说明

ASM 3 ASM 3 This product includes ASM v.3, which is distributed in accordance with the following license: Copyright (c) 2000-2005 INRIA, France Telecom All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holders nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. DOM4J Portions of this product include software developed by the DOM4J Project (http://dom4j.org/) and is distributed in accordance with the following license agreement. 附录 A: 第三方声明 97

DOM4J BSD Style License Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain copyright statements and notices. Redistributions must also contain a copy of this document. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. The name "DOM4J" must not be used to endorse or promote products derived from this Software without prior written permission of MetaStuff, Ltd. For written permission, please contact dom4j-info@metastuff.com. Products derived from this Software may not be called "DOM4J" nor may "DOM4J" appear in their names without prior written permission of MetaStuff, Ltd. DOM4J is a registered trademark of MetaStuff, Ltd. Due credit should be given to the DOM4J Project - http://www.dom4j.org THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL METASTUFF, LTD. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright 2001-2005 (C) MetaStuff, Ltd. All Rights Reserved. 98 版本说明

HSQLDB 1.7.3 HSQLDB 1.7.3 This product includes HSQLDB v.1.7.3, which is distributed in accordance with the following license: For content, code, and products originally developed by Thomas Mueller and the Hypersonic SQL Group: Copyright (c) 1995-2000 by the Hypersonic SQL Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Hypersonic SQL Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of the Hypersonic SQL Group. For work added by the HSQL Development Group (a.k.a. hsqldb_lic.txt): Copyright (c) 2001-2005, The HSQL Development Group All rights reserved. 附录 A: 第三方声明 99

HSQLDB 1.7.3 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the HSQL Development Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 100 版本说明

HSQLDB 1.8.0 HSQLDB 1.8.0 This product includes HSQLDB v.1.8.0, which is distributed in accordance with the following license: For content, code, and products originally developed by Thomas Mueller and the Hypersonic SQL Group: Copyright (c) 1995-2000 by the Hypersonic SQL Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Hypersonic SQL Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of the Hypersonic SQL Group. For work added by the HSQL Development Group (a.k.a. hsqldb_lic.txt): Copyright (c) 2001-2005, The HSQL Development Group All rights reserved. 附录 A: 第三方声明 101

IBM DB2 Driver for JDBC and SQLJ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the HSQL Development Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. IBM DB2 Driver for JDBC and SQLJ "CONTAINS Runtime Modules of IBM DB2 Driver for JDBC and SQLJ (c) Copyright IBM Corporation 2006 All Rights Reserved" Jaxen 1.3 Portions of this product include software developed by the Jaxen Project (http://www.jaxen.org/) and is distributed in accordance with the following license agreement. /* $Id: LICENSE.txt,v 1.3 2003/06/29 18:22:02 ssanders Exp $ Copyright 2003 (C) The Werken Company. All Rights Reserved. 102 版本说明

Jaxen 1.3 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain copyright statements and notices. Redistributions must also contain a copy of this document. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name "jaxen" must not be used to endorse or promote products derived from this Software without prior written permission of The Werken Company. For written permission, please contact bob@werken.com. 4. Products derived from this Software may not be called "jaxen" nor may "jaxen" appear in their names without prior written permission of The Werken Company. "jaxen" is a registered trademark of The Werken Company. 5. Due credit should be given to The Werken Company. (http://jaxen.werken.com/). THIS SOFTWARE IS PROVIDED BY THE WERKEN COMPANY AND CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE WERKEN COMPANY OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 附录 A: 第三方声明 103

JDOM 1.11 JDOM 1.11 This product includes software developed by the JDOM Project (http://www.jdom.org/). The JDOM software is distributed in accordance with the following license agreement. $Id: LICENSE.txt,v 1.11 2004/02/06 09:32:57 jhunter Exp $ Copyright (C) 2000-2004 Jason Hunter & Brett McLaughlin. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the disclaimer that follows these conditions in the documentation and/or other materials provided with the distribution. 3. The name "JDOM" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact. 4. Products derived from this software may not be called "JDOM", nor may "JDOM" appear in their name, without prior written permission from the JDOM Project Management. In addition, we request (but do not require) that you include in the end-user documentation provided with the redistribution and/or in the software itself an acknowledgement equivalent to the following: "This product includes software developed by the JDOM Project (http://www.jdom.org/)." Alternatively, the acknowledgment may be graphical using the logos available at http://www.jdom.org/images/logos. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 104 版本说明

JSON 1.0 This software consists of voluntary contributions made by many individuals on behalf of the JDOM Project and was originally created by Jason Hunter and Brett McLaughlin. For more information on the JDOM Project, please see. JSON 1.0 Portions of this product include software developed by JSON.org. The JSON software is distributed in accordance with the following license agreement. Copyright (c) 2002 JSON.org Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. The Software shall be used for Good, not Evil. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. jtopen 5.1.1 JTOpen is distributed by CA for use with the CA product without any Contribution or change, addition or modification to the Program. The source code for JTOpen may be found here http://prdownloads.sourceforge.net/jt400/jtopen_5_1_1_source.zip?download or here http://opensrcd.ca.com/ips/3279_1. 附录 A: 第三方声明 105

libcurl 7.15.0 libcurl 7.15.0 Copyright - License Curl and libcurl are true Open Source/Free Software and meet all definitions as such. It means that you are free to modify and redistribute all contents of the curl distributed archives. You may also freely use curl and libcurl in your commercial projects. Curl and libcurl are licensed under a MIT/X derivate license, see below. Curl and libcurl does not contain any GPL source. I don't agree with the "viral" aspects of GPL. Another reason it doesn't contain GPL source is that it would limit users of libcurl. There are other computer-related projects using the name curl as well. For details, check out our position on the curl name issue. COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996-2004, Daniel Stenberg,. All rights reserved. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder. 106 版本说明

MX4J 3.0.2 MX4J 3.0.2 This product includes software developed by the MX4J project (http://mx4j.sourceforge.net)." The MX4J software is distributed in accordance with the following license agreement. /* ========================================= =========================== * The MX4J License, Version 1.0 * * Copyright (c) 2001-2004 by the MX4J contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * MX4J project (http://mx4j.sourceforge.net)." 附录 A: 第三方声明 107

MX4J 3.0.2 * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The name "MX4J" must not be used to endorse or promote * products derived from this software without prior written * permission. * For written permission, please contact biorn_steedom@users.sourceforge.net * * 5. Products derived from this software may not be called "MX4J", * nor may "MX4J" appear in their name, without prior written * permission of Simone Bordet. * * THIS SOFTWARE IS PROVIDED ``AS IS &"& AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE MX4J CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 108 版本说明

Oracle JDBC Driver 10g Release 2 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ========================================= =========================== * * This software consists of voluntary contributions made by many * individuals on behalf of the MX4J project. For more information on * MX4J, please see * http://mx4j.sourceforge.net. */ Oracle JDBC Driver 10g Release 2 This Product is distributed with Oracle JDBC Driver 10G Release 2 (10.2.0.1.0)from Oracle USA, Inc. (?Oracle?) The following additional terms and conditions apply to your use of the Oracle software product ("Oracle Product"): (1) you may only use the Oracle Product to run the CA Product; (2) to the extent permitted by applicable law, Oracle disclaims liability for any damages, whether direct, indirect, incidental, or consequential, arising from your use of the Oracle Product; (3) at the termination of this Agreement, you must discontinue use and destroy or return to CA all copies of the Product; (4) Oracle is not obligated to provide technical support, phone support, or updates to the Oracle Product hereunder; (5) CA reserves the right to audit your use of the Oracle Product and report such use to Oracle or to assign this right to audit your use of the Oracle Product to Oracle; (6) Oracle shall be a third party beneficiary of this Agreement. 附录 A: 第三方声明 109

Rhino 1.5R5 Rhino 1.5R5 Rhino 1.5R5 Rhino is distributed by CA for use with this CA product in unmodified, object code form in accordance with the Netscape Public License 1.0. Source code for Rhino may be obtained from its authors at http://www.mozilla.org/rhino/download.html. Any provisions in the CA license agreement that differ from the NPL are offered by CA alone and not by any other party. NETSCAPE PUBLIC LICENSE Version 1.0 --------------------------------------------------------------------------- ----- 1. Definitions. 1.1. ``Contributor &"& means each entity that creates or contributes to the creation of Modifications. 1.2. ``Contributor Version &"& means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. ``Covered Code &"& means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. ``Electronic Distribution Mechanism &"& means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. ``Executable &"& means Covered Code in any form other than Source Code. 1.6. ``Initial Developer &"& means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. ``Larger Work &"& means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. ``License &"& means this document. 110 版本说明

Rhino 1.5R5 1.9. ``Modifications &"& means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. 1.10. ``Original Code &"& means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.11. ``Source Code &"& means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or a list of source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. ``You &"& means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, ``You &"& includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, ``control &"& means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of fifty percent (50%) or more of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, or as part of a Larger Work; and (b) under patents now or hereafter owned or controlled by Initial Developer, to make, have made, use and sell (``Utilize &"& ) the Original Code (or portions thereof), but solely to the extent that any such patent is reasonably necessary to enable You to Utilize the Original Code (or portions thereof) and not to any greater extent that may be necessary to Utilize further Modifications or combinations. 2.2. Contributor Grant. Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: 附录 A: 第三方声明 111

Rhino 1.5R5 (a) to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code or as part of a Larger Work; and (b) under patents now or hereafter owned or controlled by Contributor, to Utilize the Contributor Version (or portions thereof), but solely to the extent that any such patent is reasonably necessary to enable You to Utilize the Contributor Version (or portions thereof), and not to any greater extent that may be necessary to Utilize further Modifications or combinations. 3. Distribution Obligations. 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. 3.3. Description of Modifications. You must cause all Covered Code to which you contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters 112 版本说明

Rhino 1.5R5 (a) Third Party Claims. If You have knowledge that a party claims an intellectual property right in particular functionality or code (or its utilization under this License), you must include a text file with the source code distribution titled ``LEGAL &"& which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If you obtain such knowledge after You make Your Modification available as described in Section 3.2, You shall promptly modify the LEGAL file in all copies You make available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. (b) Contributor APIs. If Your Modification is an application programming interface and You own or control patents which are reasonably necessary to implement that API, you must also include this information in the LEGAL file. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code, and this License in any documentation for the Source Code, where You describe recipients' rights relating to Covered Code. If You created one or more Modification(s), You may add your name as a Contributor to the notice described in Exhibit A. If it is not possible to put such notice in a particular Source Code file due to its structure, then you must include such notice in a location (such as a relevant directory file) where a user would be likely to look for such a notice. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 附录 A: 第三方声明 113

Rhino 1.5R5 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 4. Inability to Comply Due to Statute or Regulation. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Application of this License. This License applies to code to which the Initial Developer has attached the notice in Exhibit A, and to related Covered Code. 6. Versions of the License. 114 版本说明

Rhino 1.5R5 6.1. New Versions. Netscape Communications Corporation (``Netscape &"& ) may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. 6.3. Derivative Works. If you create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), you must (a) rename Your license so that the phrases ``Mozilla &"&, ``MOZILLAPL &"&, ``MOZPL &"&, ``Netscape &"&, ``NPL &"& or any confusingly similar phrase do not appear anywhere in your license and (b) otherwise make it clear that your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN ``AS IS &"& BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 附录 A: 第三方声明 115

Rhino 1.5R5 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. The Covered Code is a ``commercial item, &"& as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of ``commercial computer software &"& and ``commercial computer software documentation, &"& as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in, the United States of America: (a) unless otherwise agreed in writing, all disputes relating to this License (excepting any dispute relating to intellectual property rights) shall be subject to final and binding arbitration, with the losing party paying all costs of arbitration; (b) any arbitration relating to this Agreement shall be held in Santa Clara County, California, under the auspices of JAMS/EndDispute; and (c) any litigation relating to this Agreement shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. 116 版本说明

Rhino 1.5R5 12. RESPONSIBILITY FOR CLAIMS. Except in cases where another Contributor has failed to comply with Section 3.4, You are responsible for damages arising, directly or indirectly, out of Your utilization of rights under this License, based on the number of copies of Covered Code you made available, the revenues you received from utilizing such rights, and other relevant factors. You agree to work with affected parties to distribute responsibility on an equitable basis. AMENDMENTS Additional Terms applicable to the Netscape Public License. I. Effect. These additional terms described in this Netscape Public License -- Amendments shall apply to the Mozilla Communicator client code and to all Covered Code under this License. II. ``Netscape's Branded Code &"& means Covered Code that Netscape distributes and/or permits others to distribute under one or more trademark(s) which are controlled by Netscape but which are not licensed for use under this License. III. Netscape and logo. This License does not grant any rights to use the trademark ``Netscape &"&, the ``Netscape N and horizon &"& logo or the Netscape lighthouse logo, even if such marks are included in the Original Code. IV. Inability to Comply Due to Contractual Obligation. Prior to licensing the Original Code under this License, Netscape has licensed third party code for use in Netscape's Branded Code. To the extent that Netscape is limited contractually from making such third party code available under this License, Netscape may choose to reintegrate such code into Covered Code without being required to distribute such code in Source Code form, even if such code would otherwise be considered ``Modifications &"& under this License. V. Use of Modifications and Covered Code by Initial Developer. V.1. In General. The obligations of Section 3 apply to Netscape, except to the extent specified in this Amendment, Section V.2 and V.3. V.2. Other Products. Netscape may include Covered Code in products other than the Netscape's Branded Code which are released by Netscape during the two (2) years following the release date of the Original Code, without such additional products becoming subject to the terms of this License, and may license such additional products on different terms from those contained in this License. 附录 A: 第三方声明 117

Rhino 1.5R5 V.3. Alternative Licensing. Netscape may license the Source Code of Netscape's Branded Code, including Modifications incorporated therein, without such additional products becoming subject to the terms of this License, and may license such additional products on different terms from those contained in this License. VI. Arbitration and Litigation. Notwithstanding the limitations of Section 11 above, the provisions regarding arbitration and litigation in Section 11(a), (b) and (c) of the License shall apply to all disputes relating to this License. EXHIBIT A. ``The contents of this file are subject to the Netscape Public License Version 1.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/npl/ Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is Mozilla Communicator client code, released March 31, 1998. The Initial Developer of the Original Code is Netscape Communications Corporation. Portions created by Netscape are Copyright (C) 1998 Netscape Communications Corporation. All Rights Reserved. Contributor(s):. &"& [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. This is due to time constraints encountered in simultaneously finalizing the License and in preparing the Original Code for release. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] 118 版本说明

Rhino 1.7R1 Rhino 1.7R1 Rhino 1.7R1 Rhino is distributed by CA for use with this CA product in unmodified, object code form in accordance with the Mozilla Public License 1.1. Source code for Rhino may be obtained from its authors at http://www.mozilla.org/rhino/download.html. Any provisions in the CA license agreement that differ from the MPL are offered by CA alone and not by any other party. MOZILLA PUBLIC LICENSE Version 1.1 1. Definitions. 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. "Executable" means Covered Code in any form other than Source Code. 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. "License" means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 附录 A: 第三方声明 119

Rhino 1.7R1 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. B. Any new file that contains any part of the Original Code or previous Modifications. 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: or (a) under intellectual property rights (other than patent 120 版本说明

Rhino 1.7R1 trademark) Licensable by Initial Developer to use, reproduce, Original and/or modify, display, perform, sublicense and distribute the Code (or portions thereof) with or without Modifications, as part of a Larger Work; and or practice, (b) under Patents Claims infringed by the making, using selling of Original Code, to make, have made, use, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. license is Code; 2) caused (d) Notwithstanding Section 2.1(b) above, no patent granted: 1) for code that You delete from the Original separate from the Original Code; or 3) for infringements by: i) the modification of the Original Code or ii) the devices. combination of the Original Code with other software or 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license or modify, (a) under intellectual property rights (other than patent trademark) Licensable by Contributor, to use, reproduce, 附录 A: 第三方声明 121

Rhino 1.7R1 display, perform, sublicense and distribute the Modifications on an Code created by such Contributor (or portions thereof) either unmodified basis, with other Modifications, as Covered and/or as part of a Larger Work; and or alone portions have (b) under Patent Claims infringed by the making, using, selling of Modifications made by that Contributor either and/or in combination with its Contributor Version (or of such combination), to make, use, sell, offer for sale, made, and/or otherwise dispose of: 1) Modifications made by that of Contributor (or portions thereof); and 2) the combination Modifications made by that Contributor with its Contributor Version (or portions of such combination). (c) the licenses granted in Sections 2.2(a) and 2.2(b) are Use of effective on the date Contributor first makes Commercial the Covered Code. license is (d) Notwithstanding Section 2.2(b) above, no patent from the Version; granted: 1) for any code that Contributor has deleted Contributor Version; 2) separate from the Contributor 3) for infringements caused by: i) third party modifications of 122 版本说明

Rhino 1.7R1 Contributor Version or ii) the combination of Modifications made of the Claims made by by that Contributor with other software (except as part Contributor Version) or other devices; or 4) under Patent infringed by Covered Code in the absence of Modifications that Contributor. 3. Distribution Obligations. 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. 3.3. Description of Modifications. 附录 A: 第三方声明 123

Rhino 1.7R1 You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters (a) Third Party Claims. party's rights If Contributor has knowledge that a license under a third intellectual property rights is required to exercise the granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code the will distribution titled "LEGAL" which describes the claim and party making the claim in sufficient detail that a recipient know whom to contact. If Contributor obtains such knowledge after 3.2, copies the Modification is made available as described in Section Contributor shall promptly modify the LEGAL file in all Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) Covered reasonably calculated to inform those who received the Code that new knowledge has been obtained. (b) Contributor APIs. 124 版本说明

Rhino 1.7R1 If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. (c) Representations. to Contributor represents that, except as disclosed pursuant Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 3.6. Distribution of Executable Versions. 附录 A: 第三方声明 125

Rhino 1.7R1 You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 4. Inability to Comply Due to Statute or Regulation. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Application of this License. This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions. 126 版本说明

Rhino 1.7R1 Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7. DISCLAIMER OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. 附录 A: 第三方声明 127

Rhino 1.7R1 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such to Participant, or (ii) withdraw Your litigation claim with respect the Contributor Version against such Participant. If within 60 days not of notice, a reasonable royalty and payment arrangement are mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. 128 版本说明

Rhino 1.7R1 (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken minto account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. 附录 A: 第三方声明 129

Rhino 1.7R1 The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. 12. RESPONSIBILITY FOR CLAIMS. As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. 13. MULTIPLE-LICENSED CODE. Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. EXHIBIT A -Mozilla Public License. ``The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/mpl/ 130 版本说明

SAAJ 1.2 Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is. The Initial Developer of the Original Code is. Portions created by are Copyright (C). All Rights Reserved. Contributor(s):. Alternatively, the contents of this file may be used under the terms of the license (the "[ ] License"), in which case the provisions of [ ] License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the [ ] License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [ ] License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the [ ] License." [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] SAAJ 1.2 SAAJ v.1.2 For the above software the following terms and conditions shall apply: This product contains certain files (the CDDL Files) which are governed by the Common Development and Distribution License, Version 1.0. The source code for the CDDL Files may be found here: http://opensrcd.ca.com. 附录 A: 第三方声明 131

SAXPath 1.1 SAXPath 1.1 This product includes SAXPath 1.0 distributed in accordance with the following terms: /*-- $Id: LICENSE,v 1.1 2002/04/26 17:43:56 jstrachan Exp $ Copyright (C) 2000-2002 werken digital. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the disclaimer that follows these conditions in the documentation and/or other materials provided with the distribution. 3. The name "SAXPath" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact license@saxpath.org. 4. Products derived from this software may not be called "SAXPath", nor may "SAXPath" appear in their name, without prior written permission from the SAXPath Project Management (pm@saxpath.org). In addition, we request (but do not require) that you include in the end-user documentation provided with the redistribution and/or in the software itself an acknowledgement equivalent to the following: "This product includes software developed by the SAXPath Project (http://www.saxpath.org/)." Alternatively, the acknowledgment may be graphical using the logos available at http://www.saxpath.org/ 132 版本说明

SpiderMonkey 1.5 THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE SAXPath AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software consists of voluntary contributions made by many individuals on behalf of the SAXPath Project and was originally created by bob mcwhirter and James Strachan. For more information on the SAXPath Project, please see. */ SpiderMonkey 1.5 This product includes SpiderMonkey 1.5. The source code version of SpiderMonkey 1.5 is licensed under the Mozilla Public License, Version 1.1 and is available at http://www.mozilla.org/js/spidermonkey/. 附录 A: 第三方声明 133

Sun JDK 1.6.0 Sun JDK 1.6.0 SUN JDK v.1.6 This product contains files from the Sun Java Development Kit v.1.6, which is licensed and distributed in accordance with the following terms: Sun Microsystems, Inc. Binary Code License Agreementfor the JAVA SE DEVELOPMENT KIT (JDK), VERSION 6SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT. INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON AT THE BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE. 1. DEFINITIONS. "Software" means the identified above in binary form, any other machine readable materials (including, but not limited to, libraries, source files, header files, and data files), any updates or error corrections provided by Sun, and any user manuals, programming guides and other documentation provided to you by Sun under this Agreement. "Programs" mean Java applets and applications intended to run on the Java Platform, Standard Edition (Java SE) on Java-enabled general purpose desktop computers and servers. 2. LICENSE TO USE. Subject to the terms and conditions of this Agreement, including, but not limited to the Java Technology Restrictions of the Supplemental License Terms, Sun grants you a non-exclusive, non-transferable, limited license without license fees to reproduce and use internally Software complete and unmodified for the sole purpose of running Programs. Additional licenses for developers and/or publishers are granted in the Supplemental License Terms. 134 版本说明

Sun JDK 1.6.0 3. RESTRICTIONS. Software is confidential and copyrighted. Title to Software and all associated intellectual property rights is retained by Sun and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. You acknowledge that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Sun Microsystems, Inc. disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms. 4. LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90) days from the date of purchase, as evidenced by a copy of the receipt, the media on which Software is furnished (if any) will be free of defects in materials and workmanship under normal use. Except for the foregoing, Software is provided "AS IS". Your exclusive remedy and Sun's entire liability under this limited warranty will be at Sun's option to replace Software media or refund the fee paid for Software. Any implied warranties on the Software are limited to 90 days. Some states do not allow limitations on duration of an implied warranty, so the above may not apply to you. This limited warranty gives you specific legal rights. You may have others, which vary from state to state. 5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. 6. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid by you for Software under this Agreement. The foregoing limitations will apply even if the above stated warranty fails of its essential purpose. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be applicable to you. 附录 A: 第三方声明 135

Sun JDK 1.6.0 7. TERMINATION. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software. This Agreement will terminate immediately without notice from Sun if you fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon Termination, you must destroy all copies of Software. 8. EXPORT REGULATIONS. All Software and technical data delivered under this Agreement are subject to US export control laws and may be subject to export or import regulations in other countries. You agree to comply strictly with all such laws and regulations and acknowledge that you have the responsibility to obtain such licenses to export, re-export, or import as may be required after delivery to you. 9. TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iplanet trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iplanet-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks inures to Sun's benefit. 10. U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government's rights in Software and accompanying documentation will be only as set forth in this Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and 12.212 (for non-dod acquisitions). 11. GOVERNING LAW. Any action related to this Agreement will be governed by California law and controlling U.S. federal law. No choice of law rules of any jurisdiction will apply. 12. SEVERABILITY. If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted, unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate. 136 版本说明

Sun JDK 1.6.0 13. INTEGRATION. This Agreement is the entire agreement between you and Sun relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be binding, unless in writing and signed by an authorized representative of each party. SUPPLEMENTAL LICENSE TERMS These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement. Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement. These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software. A. Software Internal Use and Development License Grant. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software "README" file incorporated herein by reference, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce internally and use internally the Software complete and unmodified for the purpose of designing, developing, and testing your Programs. B. License to Distribute Software. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software README file, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software, (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. 附录 A: 第三方声明 137

Sun JDK 1.6.0 C. License to Distribute Redistributables. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software README file, including but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute those files specifically identified as redistributable in the Software "README" file ("Redistributables") provided that: (i) you distribute the Redistributables complete and unmodified, and only bundled as part of Programs, (ii) the Programs add significant and primary functionality to the Redistributables, (iii) you do not distribute additional software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (v) you only distribute the Redistributables pursuant to a license agreement that protects Sun's interests consistent with the terms contained in the Agreement, (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. D. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or similar convention as specified by Sun in any naming convention designation. 138 版本说明

Sun JDK 1.6.0 E. Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the restrictions and obligations contained in the Agreement, in addition to the license granted in Paragraph 1 above, Sun hereby grants to you a non-exclusive, nontransferable limited right to reproduce complete and unmodified copies of the Software on electronic media (the "Media") for the sole purpose of inclusion and distribution with your Publication(s), subject to the following terms: (i) You may not distribute the Software on a stand-alone basis; it must be distributed with your Publication(s); (ii) You are responsible for downloading the Software from the applicable Sun web site; (iii) You must refer to the Software as JavaTM SE Development Kit 6; (iv) The Software must be reproduced in its entirety and without any modification whatsoever (including, without limitation, the Binary Code License and Supplemental License Terms accompanying the Software and proprietary rights notices contained in the Software); (v) The Media label shall include the following information: Copyright 2006, Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Sun, Sun Microsystems, the Sun logo, Solaris, Java, the Java Coffee Cup logo, J2SE, and all trademarks and logos based on Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. This information must be placed on the Media label in such a manner as to only apply to the Sun Software; (vi) You must clearly identify the Software as Sun's product on the Media holder or Media label, and you may not state or imply that Sun is responsible for any third-party software contained on the Media; (vii) You may not include any third party software on the Media which is intended to be a replacement or substitute for the Software; (viii) You shall indemnify Sun for all damages arising from your failure to comply with the requirements of this Agreement. In addition, you shall defend, at your expense, any and all claims brought against Sun by third parties, and shall pay all damages awarded by a court of competent jurisdiction, or such settlement amount negotiated by you, arising out of or in connection with your use, reproduction or distribution of the Software and/or the Publication. Your obligation to provide indemnification under this section shall arise provided that Sun: (a) provides you prompt notice of the claim; (b) gives you sole control of the defense and settlement of the claim; (c) provides you, at your expense, with all available information, assistance and authority to defend; and (d) has not compromised or settled such claim without your prior written consent; and (ix) You shall provide Sun with a written notice for each Publication; such notice shall include the following information: (1) title of Publication, (2) author(s), (3) date of Publication, and (4) ISBN or ISSN numbers. Such notice shall be sent to Sun Microsystems, Inc., 4150 Network Circle, M/S USCA12-110, Santa Clara, California 95054, U.S.A, Attention: Contracts Administration. 附录 A: 第三方声明 139

Sun JDK 1.6.0 F. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this Agreement. Source code may not be redistributed unless expressly provided for in this Agreement. G. Third Party Code. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions of any third party opensource/freeware license identified in the THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and limitation of liability provisions in paragraphs 5 and 6 of the Binary Code License Agreement shall apply to all Software in this distribution. H. Termination for Infringement. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. I. Installation and Auto-Update. The Software's installation and auto-update processes transmit a limited amount of data to Sun (or its service provider) about those specific processes to help Sun understand and optimize them. Sun does not associate the data with personally identifiable information. You can find more information about the data Sun collects at http://java.com/data/. For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. ADDITIONAL TERMS AND CONDITIONS FOR THE USE OF Sun JDK 1.6 (JAVA 2 PLATFORM STANDARD EDITION RUNTIME ENVIRONMENT 6.0) Licensee agrees that the following terms (in addition to the applicable provisions above) shall apply with respect to any open source code provided by Sun Microsystems, Inc. contained within the Product. Notwithstanding anything contained in the CA End User License Agreement, solely with respect to such open source, these terms are not superseded by any written agreement between CA and Licensee: "Software" means Java' 2 Platform Standard Edition Version 1.6_X and any user manuals, programming guides and other documentation provided to Licensee. 140 版本说明

Sun JDK 1.6.0 Title to Software and all associated intellectual property rights is retained by Sun Microsystems, Inc. ('Sun') and/or its licensors. Licensee acknowledges that Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Sun disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this agreement. The Software is provided "AS IS". As to any claim made by Licensee against Sun respecting Software, Licensee's exclusive remedy and Sun's entire liability under this limited warranty will be at Sun's option to replace Software media or refund the fee paid for Software by Licensee to Sun which Licensee acknowledges is $0. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. The foregoing limitations shall not affect any warranties provided in any other applicable agreement between Licensee and CA. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid for Software by Licensee to Sun which Licensee acknowledges is $0. The foregoing limitations will apply even if the above stated warranty fails of its essential purpose. Licensee acknowledges that Licensee's use of the Software will terminate immediately without notice if Licensee fails to comply with any provision of this agreement. Licensee acknowledges that Sun may terminate this agreement immediately should the Software become, or in Sun's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon termination, Licensee must destroy all copies of Software. Licensee acknowledges and agrees as between Licensee and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iplanet trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iplanet-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and Licensee agrees to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use Licensee makes of the Sun Marks inures to Sun's benefit. 附录 A: 第三方声明 141

Xinha.96 Beta 2 Notwithstanding anything to the contrary contained in any agreement between Licensee and CA, any action related to this agreement in which Sun is a party will be governed by California law and controlling U.S. federal law. No choice of law rules of any jurisdiction will apply. Licensee acknowledges that additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file. For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. Xinha.96 Beta 2 Copyright (c) 2002-2004, interactivetools.com, inc. Copyright (c) 2003-2004 dynarch.com All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3) Neither the name of interactivetools.com, inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 142 版本说明