PQ51294: WASSECK - SPECIAL CHARACTERS IN LDAP SERVER ENTRIES NOT HANDLED PROPERLY BY WEBSPHERE APP SER .


APAR

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server 3.x & 4.0
.
Description:Environment: WebSphere Application Server 3.x & 4.0.
This APAR is to address how WAS should handle special characters that are embedded in the value of the attribute of an LDAP server entry. Currently, WAS 3.x (and possibly 4.0) don't handle special characters (asterisk, comma, etc.) well. PMR 13953,499,000 where this APAR originates, addresses specifically a problem handling a CN attribute which is assigned to the last name followed by a comma and then followed by the first name. When assigning an LDAP group to the permissions for a method group, authorization failure occurs when trying to access the secured resources because of the comma embedded in the username.
Description:This APAR is to address how WAS should handle specialcharacters that are embedded in the value of the attribute of anLDAP server entry. Currently, WAS 3.x (and possibly 4.0) don'thandle special characters (asterisk, comma, etc.) well.PMR 13953,499,000 where this APAR originates, addressesspecifically a problem handling a CN attribute which is assignedto the last name followed by a comma and then followed by thefirst name. When assigning an LDAP group to the permissions fora method group, authorization failure occurs when trying toaccess the secured resources because of the comma embedded inthe username.
Local fix
Problem summary
A combination of a limit of the internal LDAP client and
WAS coding causes problems in authentication when the
LDAP entries use of special characters (/, *, etc.) in the
username attribute.
Problem conclusion
A fix is done in security coding to accept user name with
special characters.
Temporary fix
Comments
APAR information
APAR numberPQ51294
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-08-08
Closed date2001-08-21
Last modified date2003-04-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:

PQ56053

Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:PQ56053Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP
R300 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ51294
IBM Group: Software Group
Modified date: 2003-04-24