PQ72328: WAS IS HAVING PROBLEMS AUTHENTICATING WITH IDAR

 Fixes are available

5.0.1: WebSphere Application Server Version 5.0 Fix Pack 1 (Version 5.0.1)
5.0.1: WebSphere Application Server Enterprise Edition Version 5.0 Fix Pack 1



APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server (WAS) 4.0.1 through 4.0.4 (and
possibly 4.0.5)
   iPlanet LDAP server with iDAR
.
Description:
   iDAR has a defect which causes WAS to fail authenticating
using the JNDI interface.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have  *
*                 enabled security and are using LDAP as the   *
*                 user registry.                               *
****************************************************************
* PROBLEM DESCRIPTION: Intermittant errors encountered in      *
*                      user authentication.                    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Intermittant errors encountered in user authentication.  The
errors were caused by an LDAP search periodically
returning the error "could not decode search request".
One possible cause for this specific error is the search
request returning attributes which do not conform with LDAP
standard defined in RFC 2251.
Problem conclusion
The specifc search Wesphre was performaing did not require any
attributes to be returned.  WebSphere was using an empty
string per the JNDI specifications to request no attributes
be returned.  The LDAP specifications require the string be
set to "1.1" if attributes should not be returned.  The Sun
JNDI LDAP service provider does not properly handle this
scenario.  WebSphere code was changed to conform with the LDAP
specifications instead of the JNDI specifications since LDAP
service provider does not handle this scenario properly.

A fix for this APAR will be contained in any security
cumulative eFix dated after the closure date of this APAR.
Temporary fix
provide testing fix
Comments
APAR information
APAR number PQ72328
Reported component name WAS BASE 5.0
Reported component ID 5630A3600
Reported release 00W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2003-03-21
Closed date 2003-03-21
Last modified date 2003-03-21

APAR is sysrouted FROM one or more of the following:
PQ68922

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Publications Referenced

Fix information
Fixed component name WAS BASE 5.0
Fixed component ID 5630A3600

Applicable component levels
R00S PSY    UP
R00A PSY    UP
R00W PSY    UP
R00H PSY    UP
R003 PSY    UP
R00I PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PQ72328
IBM Group: Software Group
Modified date: Mar 21, 2003