Fix (APAR):  PI82111

Status:  Fix

Release:  8.5.5.11

Operating System:  AIX,HP-UX,IBM i,Inspur K-UX,Linux,OS X,Solaris,Windows,iOS,z/OS

Supersedes Fixes:  

CMVC Defect:  xxxxxx

Byte size of APAR:  261530

Date: 2017-06-05

Abstract:  federated repositories fails to change password when JRE is Java 8

Description/symptom of problem:  
PI82111 resolves the following problem:

ERROR DESCRIPTION:                                              
When running on Java 8, Federated Repositories will fail to     
update user password in Active Directory                        

LOCAL FIX:                                                      
NONE                                                            

PROBLEM SUMMARY

USERS AFFECTED:
 IBM WebSphere Application Server users of
federated repositories

PROBLEM DESCRIPTION:
When running on Java 8, Federated
Repositories will fail to update user
password in Active Directory

RECOMMENDATION:
None

In the Java 8 release, the JRE was updated to use NIO
converters instead of IO converters, which were removed. The IO
converters handled the endian-ness based on the platform. When
moving to NIO, the Java specification was corrected to give
consistent behavior (big endian) for all platforms when using
the "UNICODE" charset.
The specification for encoding for the "unicodepwd" attribute
requires it to be little-endian. Therefore, it can be
expected, that on all little-endian platforms attempting to
change a password will result in a OperationNotSupported /
WILL_NOT_PEFORM exception being returned from Active Directory
Server.
[28/4/17 10:19:21:447 SGT] 00000164 LdapConnectio 1
com.ibm.ws.wim.adapter.ldap.LdapConnection
modifyAttributes(Name name, ModificationItem[] mods) Exception
caught:
javax.naming.OperationNotSupportedException: [LDAP: error code
53 - 0000001F: SvcErr: DSID-031A1248, problem 5003
(WILL_NOT_PERFORM), data 0
\u0000]; remaining name 'CN=rand,OU=Stephani,dc=pimqa,dc=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3220)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3093)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2900)
at
com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1487)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
ComponentDirContext.java:289)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttrib
utes(PartialCompositeDirContext.java:204)
at
org.apache.aries.jndi.DelegateContext.modifyAttributes(DelegateC
ontext.java:287)
at
javax.naming.directory.InitialDirContext.modifyAttributes(Initia
lDirContext.java:183)
at
com.ibm.ws.wim.adapter.ldap.LdapConnection.modifyAttributes(Ldap
Connection.java:2426)
at
com.ibm.ws.wim.adapter.ldap.LdapAdapter.updateByDataGraph(LdapAd
apter.java:1328)
at
com.ibm.ws.wim.adapter.ldap.LdapAdapter.update(LdapAdapter.java:
1476)
at
com.ibm.ws.wim.ProfileManager.updateImpl(ProfileManager.java:343
4)
at
com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(Profil
eManager.java:354)
at
com.ibm.ws.wim.ProfileManager.update(ProfileManager.java:439)
at
com.ibm.websphere.wim.ServiceProvider.update(ServiceProvider.jav
a:498)
.....

PROBLEM CONCLUSION:                                             
Updated the encoding for the "unicodepwd" attribute value to    
always use the "UTF-16LE" charset to ensure it is always        
little-endian.                                                  
                                                                
The fix for this APAR is currently targeted for inclusion in    
fix packs 8.0.0.14, 8.5.5.13 and 9.0.0.5.  Please refer to the  
Recommended Updates page for delivery information:              
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980   


Directions to apply fix:  
Fix applies to Editions:
Release 8.5
_X_ Application Server (Express or BASE)
_X_ Network Deployment (ND)
___ Liberty Core
___ Edge Components
_X_ Developer

Install Fix to all WebSphere installations unless special instructions are included below.

Special Instructions: None

NOTE:
The user must:
* Logged in with the same authority level when unpacking a fix, fix pack or refresh pack.
* Be at V1.4.3 or newer of the Installation Manager. Certain iFixes may require a newer version of the Installation Manager and the Installation Manager will inform you during the installation process if a newer version is required.

The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to apply the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before applying the iFixes.  Restart WebSphere Application Server after applying the iFixes.

Directions to remove fix:  

The IBM Knowledge Center can provide details, if needed, on the use of the Installation Manager to remove the iFixes.
http://publib.boulder.ibm.com/infocenter/install/v1r4/index.jsp.  Shutdown WebSphere Application Server before removing the iFixes.  Restart WebSphere Application Server after removing the iFixes.

Directions to re-apply fix:  
1) Shutdown WebSphere Application Server.

2) Follow the Fix instructions to apply the fix.

3) Restart WebSphere Application Server.



Additional Information: