PQ60772: WSCP BUG IN VALIDATING THE USER AND GROUP NAME ON ROLE-USER/GROUP MAPPING WHEN USES THE LDPA AUTHENTICATION. | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description . When using wscp a full DN must be used, however the full DN fails in the wscp script where as the short name will install correctly but a 403 is issued when accessing the bean. This works properly during installation thru the Admin Gui console. The full DN needs to be allowed by wscp when using LTPA.Local fix Workaround: Install thru the console and select the correct role mapping which is stored in the xmi file. This ear file can be exported thru the console and manual updates to the xmi file can be done to install to another domain. This is very inefficient and this defect needs to be addressed and corrected.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server 4.0.2/4.0.3 * * users of WSCP. * **************************************************************** * PROBLEM DESCRIPTION: WSCP bug in validating the user and * * group name on role-user/group mapping * * when uses the LTPA authentication. * **************************************************************** * RECOMMENDATION: * **************************************************************** When using wscp a full DN must be used, however the full DN fails in the wscp script where as the short name will install correctly but a 403 is issued when accessing the bean. This works properly during installation thru the Admin Gui console.Problem conclusion It is the wscp bug in validating user/group name on all query commands of role-user/group mapping (addUserRoleMapping, addGroupRoleMapping, deleteUserRoleMapping and deleteGroupRoleMapping). In order to avoid the name confusion (short name vs full DN name) and the typo error in entering full DN name, the efix will only allow to use the short name on all role-user/group mapping. For example: wscp>SecurityRoleAssignment addGroupRoleMapping /EnterpriseApp:app1/ -grouproles {role1 user1}Temporary fix The testfix is posted on the wasdoc0\apars. Wait for feedback.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ60772
IBM Group: Software Group
Modified date: Jun 28, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.