PQ72328: WAS IS HAVING PROBLEMS AUTHENTICATING WITH IDAR | |||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Environment: WebSphere Application Server (WAS) 4.0.1 through 4.0.4 (and possibly 4.0.5) iPlanet LDAP server with iDAR . Description: iDAR has a defect which causes WAS to fail authenticating using the JNDI interface.Local fix Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server users who have * * enabled security and are using LDAP as the * * user registry. * **************************************************************** * PROBLEM DESCRIPTION: Intermittant errors encountered in * * user authentication. * **************************************************************** * RECOMMENDATION: * **************************************************************** Intermittant errors encountered in user authentication. The errors were caused by an LDAP search periodically returning the error "could not decode search request". One possible cause for this specific error is the search request returning attributes which do not conform with LDAP standard defined in RFC 2251.Problem conclusion The specifc search Wesphre was performaing did not require any attributes to be returned. WebSphere was using an empty string per the JNDI specifications to request no attributes be returned. The LDAP specifications require the string be set to "1.1" if attributes should not be returned. The Sun JNDI LDAP service provider does not properly handle this scenario. WebSphere code was changed to conform with the LDAP specifications instead of the JNDI specifications since LDAP service provider does not handle this scenario properly. A fix for this APAR will be contained in any security cumulative eFix dated after the closure date of this APAR.Temporary fix provide testing fixComments
APAR is sysrouted FROM one or more of the following: PQ68922 APAR is sysrouted TO one or more of the following: Modules/Macros
Publications Referenced
|
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PQ72328
IBM Group: Software Group
Modified date: Mar 21, 2003
(C) Copyright IBM Corporation 2000, 2008. All Rights Reserved.