APAR status |
Closed as program error.
| Error description
Environment:
WebSphere Application Server 3.x & 4.0
.
Description:Environment: WebSphere Application Server 3.x & 4.0.
This APAR is to address how WAS should handle special
characters that are embedded in the value of the attribute of an
LDAP server entry. Currently, WAS 3.x (and possibly 4.0) don't
handle special characters (asterisk, comma, etc.) well.
PMR 13953,499,000 where this APAR originates, addresses
specifically a problem handling a CN attribute which is assigned
to the last name followed by a comma and then followed by the
first name. When assigning an LDAP group to the permissions for
a method group, authorization failure occurs when trying to
access the secured resources because of the comma embedded in
the username. Description:This APAR is to address how WAS should handle specialcharacters that are embedded in the value of the attribute of anLDAP server entry. Currently, WAS 3.x (and possibly 4.0) don'thandle special characters (asterisk, comma, etc.) well.PMR 13953,499,000 where this APAR originates, addressesspecifically a problem handling a CN attribute which is assignedto the last name followed by a comma and then followed by thefirst name. When assigning an LDAP group to the permissions fora method group, authorization failure occurs when trying toaccess the secured resources because of the comma embedded inthe username. Local fixProblem summary
A combination of a limit of the internal LDAP client and
WAS coding causes problems in authentication when the
LDAP entries use of special characters (/, *, etc.) in the
username attribute. Problem conclusion
A fix is done in security coding to accept user name with
special characters. Temporary fixComments
APAR information | APAR number | PQ51294 | Reported component name | WAS ADVANCED AI | Reported component ID | 5648C8400 | Reported release | 350 | Status | CLOSED PER | PE | NoPE | HIPER | NoHIPER | Submitted date | 2001-08-08 | Closed date | 2001-08-21 | Last modified date | 2003-04-24 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:
PQ56053
Modules/Macros APAR is sysrouted TO one or more of the following:PQ56053Modules/Macros
|
Fix information |
Fixed component name | WAS ADVANCED AI | Fixed component ID | 5648C8400 |
Applicable component levels | R350 PSY | UP | R300 PSY | UP |
|