PQ60658: WASSEC - WEBSPHERE SECURITY ENABLES DEREFALIASES CAUSING PERFORMANCE DEGRADATION

Fixes are available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)
PQ60658, 3.5.4, 3.5.5, 3.5.6: Cumulative Interim Security Fix

APAR

APAR status
Closed as program error.

Error description
WebSphere security enables derefAliases. DerefAliases is the
main reason why LDAP search is slow. Authenticating to LDAP
can take several seconds.
Local fix
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users       *
*                 using security with LDAP as the user         *
*                 registry and needing to set LDAP             *
*                 properties.                                  *
****************************************************************
* PROBLEM DESCRIPTION: The IBM JNDI shipped with WebSphere     *
*                      3.5 does not read the jndi.properties   *
*                      file.                                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The IBM JNDI shipped with WebSphere 3.5 does not read the
jndi.properties file.  This file is read by Sun's JNDI (which
is used by WebSphere 4.x) and can be used to set and is used to
set JNDI and JNDI service provider specific properties.
Problem conclusion
Logic was added to read any property beginning with
"java.naming." and use these properties to instantiate
Initial Directory Contexts.  This provides the same facility
as the jndi.properties file.
Temporary fix
PQ60658-3.5.5-3.5.4-test.jar
Comments
APAR information
APAR numberPQ60658
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2002-04-30
Closed date2002-05-29
Last modified date2002-05-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:


Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ60658
IBM Group: Software Group
Modified date: 2002-05-29