PQ85243: Login fails when user name contains a forward slash | |||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description When trying to log into an application with a user name that contains a forward slash, the user is rejected. For example, if the user name as defined in the LDAP registry is: CN=Bob Smith AB/CD,DC=austin,DC=ibm,DC=com then you try to access the snoop servlet with security enabled, and when the login panel appears you type in: Bob Smith AB/CD as the user name, even if your password is correct the user will be rejected, because of the /. Note: This problem was reported on a 4.0.4 system with active directory as the LDAP server.Local fix There is no available work around for this issue.Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users who * * have enabled security and configured LDAP * * as their user registry. * **************************************************************** * PROBLEM DESCRIPTION: User names containing forward slashes * * ("/") fail to authenticate. * **************************************************************** * RECOMMENDATION: * **************************************************************** User names containing forward slashes ("/") fail to authenticate. The reason for this is the character has special meaning and needs to be escaped to preserve it in LDAP operations. Important note, this only addressed issues when using the LDAP registry. User names with forward slashes will still fail when used as the server ID, for EJB Run As mode or in a programatic login. This is an architectural limitation of the Secure Association Service (SAS) and a permanent restriction.Problem conclusion LDAP registry code now escapes forward slashes.Temporary fix Test fix was provided to customer.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ85243
IBM Group: Software Group
Modified date: Apr 1, 2004
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.