Fix (APAR): PK63962 Status: Fix Release: 6.1.0.17,6.1.0.15 Operating System: AIX,HP-UX,i5/OS,Linux,Linux pSeries,Linux zSeries,OS/400,Solaris,Windows Supersedes Fixes: CMVC Defect: PK63962 Byte size of APAR: 20557 Date: 2008-04-22 Abstract: An exception is thrown when you login with multiple realms configured. Description/symptom of problem: PK63962 resolves the following problem: ERROR DESCRIPTION: In an environment with Federated Repositories (FileRegistry & 3 LDAPs) Login to a Realm that contains a File Registry & 1 LDAP fails for a valid LDAP user. The Virtual Memory Manager Login is performed in two steps: 1. Check Password for User 2. Load User The first step is successful (which proves that the user is found in LDAP), the second step fails with "EntityNotFoundException" because the user is Not Defined in the File Registry. This exception is thrown by FileAdapter. This - so far - is correct and working as designed. What is not correct is that the search DOES NOT go on in LDAP, but returns with that exception instead. -> Trace.log shows user is found in the LDAP registry. [03.04.08 12:20:10:343 CEST] 00000039 ProfileManage 2 com.ibm.ws.wim.ProfileManager loginImpl login successful. uid=ratadmin,cn=users,ou=Rational,o=software group,dc=raleigh,dc=ibm,dc=com -> Exception seen when going to file registry which is expected, as user is Not Defined. But, we do not see where we attempt to authenticate against the other 2 LDAP servers defined in the wmmconfig file. [03.04.08 12:20:10:875 CEST] 00000039 BridgeUtils < com.ibm.ws.wim.registry.util.BridgeUtils logException RETURN [03.04.08 12:20:10:875 CEST] 00000039 exception 1 com.ibm.ws.wim.security.authz.AuthPrivilegedException An error occured while performing a task as the super user com.ibm.ws.wim.security.authz.AuthPrivilegedException: An error occured while performing a task as the super user at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperU ser(Pr ofileSecurityManager.java:967) -> Looses name ans searches on a Null: [03.04.08 12:20:10:890 CEST] 00000039 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is null; nested exception is: com.ibm.websphere.security.EntryNotFoundException. ... Exception = java.rmi.RemoteException Source = com.ibm.websphere.security.auth.WSLoginFailedException probeid = 186 Dump of callerThis = Object type = com.ibm.websphere.security.auth.WSLoginFailedException java.rmi.RemoteException: null; nested exception is: com.ibm.websphere.security.EntryNotFoundException at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(U serRegistryimpl.java:825) at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServe rObject.java:775) LOCAL FIX: N/A PROBLEM SUMMARY USERS AFFECTED: All users of IBM WebSphere Application Server V6.1 who use federated repositories (Virtual Member Manager - VMM). PROBLEM DESCRIPTION: An exception is thrown when you login with multiple realms configured. RECOMMENDATION: None When you login with VMM multiple realms configuration, the login id appended with the realm name will cause the login() API to fail due to the following exception: Caused by: com.ibm.websphere.wim.exception.InvalidUniqueNameException: CWWIM0515E The 'uid=ratadmin,cn=users,ou=Rational,o=software group,dc=raleigh,dc=ibm,dc=com/Rational' entity is not in the scope of the 'defined' realm. at com.ibm.ws.wim.RepositoryManager.getRepositoryIndexByUniqueName( RepositoryManager.java:235) at com.ibm.ws.wim.RepositoryManager.getRepositoryID(RepositoryManag er.java:192) at com.ibm.ws.wim.ProfileManager.retrieveEntityFromRepository(Profi leManager.java:2396) at com.ibm.ws.wim.ProfileManager.retrieveEntity(ProfileManager.java :2512) at com.ibm.ws.wim.ProfileManager.getImpl(ProfileManager.java:1322) at com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(Profil eManager.java:280) at com.ibm.ws.wim.ProfileManager.get (ProfileManager.java:329) at com.ibm.websphere.wim.ServiceProvider.get(ServiceProvider.java:3 45) at com.ibm.ws.wim.registry.util.BridgeUtils.getEntityByIdentifier(B ridgeUtils.java:565) at com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(Uniq ueIdBridge.java:178) ... 164 more PROBLEM CONCLUSION: The problem has been fixed. The login() API will not fail with EntityNotFoundException. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.19. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 Directions to apply fix: Fix applies to Editions: Release 6.1 x_ Application Server (Express or BASE) x_ Network Deployment (ND) __ WebSphere Business Integration Server Foundation (WBISF) __ Edge Components __ Developer x_ Extended Deployment (XD) Install Fix to: Method: __ Application Server Nodes __ Deployment Manager Nodes x_ Both NOTE: The user must: * Have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * Logged in with the same authority level when unpacking a fix, fix pack or refresh pack. * Be at V6.1.0.13 or newer of the Update Installer. This can be checked by reviewing the level of the Update Installer in file /updateinstaller/version.txt. The Update Installer can be downloaded from the following link: http://www.ibm.com/support/docview.wss?rs=180&uid=swg21205991 For detailed instructions to Extract the Update Installer see the following Technote: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21205400 1) Copy 6.1.0.0-WS-WAS-IFPK63962.pak file directly to the maintenance directory 2) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that maintenance is being applied to. 3) Launch Update Installer 4) Enter the installation location of the WebSphere product you want to update. 5) Select the "Install maintenance package" operation. 6) Enter the file name of the maintenance package to install (6.1.0.0-WS-WAS-IFPK63962.pak file which was copied in the maintenance directory). 7) Install the maintenance package. 8) Restart WebSphere Directions to remove fix: NOTE: * The user must have Administrative rights in Windows, or be the Actual Root User in a UNIX environments. * FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED * DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED * YOU MAY REAPPLY ANY REMOVED FIX Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere Manually execute setupCmdLine.bat in Windows or . ./setupCmdLine.sh in Unix from the WebSphere instance that uninstall is being run against. 2) Start Update Installer 3) Enter the installation location of the WebSphere product you want to remove the fix. 4) Select "Uninstall maintenance package" operation. 5) Enter the file name of the maintenance package to uninstall (6.1.0.0-WS-WAS-IFPK63962.pak). 6) UnInstall maintenance package. 7) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere. 2) Follow the Fix instructions to apply the fix. 3) Restart WebSphere. Additional Information: