PQ69702: NOT RESTARTING WAS AFTER ENABLING SECURITY AND THEN CLICKING FINISH AGAIN IN THE SECURITY CENTER LOSES SECURITY SETTINGS

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server 3.5.6 AE
.
Description:Environment:WebSphere Application Server 3.5.6 AE.
Steps to recreate problem:Description:
. 1. WAS 3.5.6 AE is already configured with security enabled using LTPA and connecting to a SecureWay LDAP server. He opened the admin console and then the "Configure Global Security Settings" wizard. Then he went to the User Registry tab and clicked on the Advanced button next to the Directory Type field. . 2. The LDAP Advanced Properties window appeared. He then modified any of User or Group filters or ID Maps (which are valid for the LDAP server), and he clicked OK to accept the changes and close the Window. He then clicked on the Finish button in the Set Global Security Wizard window to accept the changes and close that window (clicking OK after the dialog box stating that the changes won't take place until WAS is restarted). . 3. He then chose the "Configure Global Security Settings" wizard again to open the Set Global Security Wizard window again without restarting WAS first, and he just clicks on the Finish button. . 4. When opening the "Configure Global Security Settings" wizard a third time and going all the way the LDAP Advanced Properties window, you will see that the changes made in step 2 have been reverted back to the original settings. This shouldn't be happening at all.
Steps to recreate problem:.1. WAS 3.5.6 AE is already configured with security enabledusing LTPA and connecting to a SecureWay LDAP server. Heopened the admin console and then the "Configure GlobalSecurity Settings" wizard. Then he went to the User Registrytab and clicked on the Advanced button next to the DirectoryType field..2. The LDAP Advanced Properties window appeared. He thenmodified any of User or Group filters or ID Maps (which arevalid for the LDAP server), and he clicked OK to accept thechanges and close the Window. He then clicked on the Finishbutton in the Set Global Security Wizard window to accept thechanges and close that window (clicking OK after the dialog boxstating that the changes won't take place until WAS isrestarted)..3. He then chose the "Configure Global Security Settings" wizardagain to open the Set Global Security Wizard window againwithout restarting WAS first, and he just clicks on the Finishbutton..4. When opening the "Configure Global Security Settings" wizarda third time and going all the way the LDAP Advanced Propertieswindow, you will see that the changes made in step 2 have beenreverted back to the original settings. This shouldn't behappening at all.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: For WebSphere Application Server 3.5 users   *
****************************************************************
* PROBLEM DESCRIPTION: Not restarting WAS after enabling       *
*                      security and then clicking              *
*                      finish again, the Global Security       *
*                      loses security settings.                *
*                                                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The problem is reproducible in any WAS 3.5. Once the user
makes changes to the LDAP Advanced properties to be the custom
LDAP, the user registry properties will be replaced with the
default LDAP properties (it happens to be NetScape) if the
user then changes any settings in the User Registry panel
without changing the Advanced settings. The previous change in
the Advanced properties would be lost and replaced with the
default NetScape LDAP properties.

The steps to reproduce the problem:

1. WAS 3.5.6 AE is already configured with security enabled
using LTPA and connecting to a SecurityWay LDAP server. Opened
the admin console and then the "Configure Global Security
Settings" wizard. Then went to the User Registry tab and
clicked on the Advanced button next to the Directory Type field.

2. The LDAP Advanced Properties window appeared. Then modified
any of User or Group filters or ID Maps and clicked OK to accept
the changes and close the Window. Then clicked on the Finish
button in the Set Global Security Wizard window to accept the
changes and close that window (clicking OK after the dialog
box stating that the changes won't take effect util WAS is
restarted).

3. Then close the "Configure Global Security Settings" wizard
again to open the Set Global Security Wizard window again
without restarting WAS first, and just click the Finish button.

4. When opening the "Configure Global Security Settings" wizard
a third time and going all the way to the LDAP Advanced
properties window, you will see that the changes made in step 2
have been reverted back to the original settings. This
shouldn't be happening at all.
The steps to reproduce the problem:1. WAS 3.5.6 AE is already configured with security enabledusing LTPA and connecting to a SecurityWay LDAP server. Openedthe admin console and then the "Configure Global SecuritySettings" wizard. Then went to the User Registry tab andclicked on the Advanced button next to the Directory Type field.2. The LDAP Advanced Properties window appeared. Then modifiedany of User or Group filters or ID Maps and clicked OK to acceptthe changes and close the Window. Then clicked on the Finishbutton in the Set Global Security Wizard window to accept thechanges and close that window (clicking OK after the dialogbox stating that the changes won't take effect util WAS isrestarted).3. Then close the "Configure Global Security Settings" wizardagain to open the Set Global Security Wizard window againwithout restarting WAS first, and just click the Finish button.4. When opening the "Configure Global Security Settings" wizarda third time and going all the way to the LDAP Advancedproperties window, you will see that the changes made in step 2have been reverted back to the original settings. Thisshouldn't be happening at all.
Problem conclusion
The AdminGUI codes including
GlobalSecuritySettingsSmartGuide.java and
LDAPUserRegistryPanel.java were modified to load advanced LDAP
properties from repository instead of loading default LDAP
(NetScape) properties if users update the Global Security
Config setting without opening Advanced LDAP properties panel.
Temporary fix
Comments
APAR information
APAR numberPQ69702
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2003-01-09
Closed date2003-01-21
Last modified date2003-01-21

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
ADMINGUI
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ69702
IBM Group: Software Group
Modified date: 2003-01-21