APAR status
Closed as program error.
Error description
This is to work-around a limitation in OS LDAP when working
with RACF, in which, A subtree search with a base above the
leaf level returns entries that just contain the DN. The
entries do not contain any other attributes, such as
racfid or racfconnectgroupname. Due to this limitation, WebS
phere security was unable to find attributes required to build u
ser's security credential.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security *
* users using zOS LDAP with RACF *
****************************************************************
* PROBLEM DESCRIPTION: When using zOS LDAP with RACF, *
* authorization with group may fail *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When using zOS SDBM backend (RACF based) LDAP, authorization
with group may fail. This is due to a limitation in zOS LDAP
that a subtree search with a base above the leaf level
returns entries that just contains an DN, and user's group
attribute is not returned.
Problem conclusion
WebSphere security will work around the zOS LDAP limitation by
converting login ID to an DN and performing an object scope
search.
The fix for this APAR is currently targeted for inclusion in
fixpack 5.0.2.14 and 5.1.1.8. Please refer to the Recommended
Updates page for delivery dates:
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP
&uid=swg27004980
Temporary fix Comments
APAR information |
APAR number |
PK12578 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
10A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-09-27 |
Closed date |
2005-09-28 |
Last modified date |
2005-09-29 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
PK12723
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS BASE 5.0 |
Fixed component ID |
5630A3600 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
R103 PSY |
UP |
R10A PSY |
UP |
R10H PSY |
UP |
R10I PSY |
UP |
R10P PSY |
UP |
R10S PSY |
UP |
R10W PSY |
UP |
|