APAR status
Closed as program error.
Error description
Customer is retrieving the full DN from LDAP
Active_Directory. They pass that to JAAS login as a parm. It
appears that special characters are not getting escaped
correctly. The following exception occurs:
[9/16/04 13:51:54:092 CDT] 52e76037 SystemOut O Attempting
to open new LDAP connection...
[9/16/04 13:51:54:342 CDT] 52e76037 SystemOut O User Id is
:CN=Walker\, Paul \"Skoo\",CN=Users,DC=agent0,DC=ad,DC=allstate
,DC=com
[9/16/04 13:51:55:173 CDT] 52e76037 LdapRegistryI E SECJ0352E:
Could not get the users matching the pattern CN=Walker\, Paul
\"Skoo\",CN=Users,DC=agent0,DC=ad,DC=allstate,DC=com because
of the following exception javax.naming.InvalidNameException:
CN=Walker\, Paul "Skoo",CN=Users,DC=agent0,DC=ad,DC=allstate,
DC=com: [LDAP: error code 34
- 0000208F: NameErr: DSID-031001AA, problem 2006 (BAD_NAME),
data 8349,best match of:'CN=Walker\, Paul
"Skoo",CN=Users,DC=agent0,DC=ad,DC=allstate,DC=com'
Local fix
As a work-around, customer can pass the following format to
websphere:
CN=walker\, paul \\"skoo\\",CN=Users,DC=austin,DC=ibm,DC=com
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server who have *
* enabled Global Security, have configured *
* Lightweight Directory Access Protocal *
* (LDAP) as the user registry and special *
* characters are used in the LDAP *
* Distingushed Names (DN) *
****************************************************************
* PROBLEM DESCRIPTION: Authentication may fail if a DN *
* conatins both JNDI and LDAP special *
* characters. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
If a DN contains special characrers both in LDAP and in JNDI,
such as double quote character and forward slash, an LDAP
registry search or authentication may fail.
Problem conclusion
Impplemented use of the JNDI CompositeName class to handle
JNDI special characters rather than programmatically
handling those special characters with String class.
The fix for this APAR is currently targeted for inclusion in
fixpack 5.0.2.10 and 5.1.1.4
Temporary fix Comments
APAR information |
APAR number |
PQ96953 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00S |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2004-11-09 |
Closed date |
2005-01-06 |
Last modified date |
2005-02-16 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|