PQ68922: WAS IS HAVING PROBLEMS AUTHENTICATING WITH IDAR

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server (WAS) 4.0.1 through 4.0.4 (and
possibly 4.0.5)
   iPlanet LDAP server with iDAR
.
Description:
   iDAR has a defect which causes WAS to fail authenticating
using the JNDI interface.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have  *
*                 enabled security and are using LDAP as the   *
*                 user registry.                               *
****************************************************************
* PROBLEM DESCRIPTION: Intermittant errors encountered in      *
*                      user authentication.                    *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Intermittant errors encountered in user authentication.  The
errors were caused by an LDAP search periodically
returning the error "could not decode search request".
One possible cause for this specific error is the search
request returning attributes which do not conform with LDAP
standard defined in RFC 2251.
Problem conclusion
The specifc search Wesphre was performaing did not require any
attributes to be returned.  WebSphere was using an empty
string per the JNDI specifications to request no attributes
be returned.  The LDAP specifications require the string be
set to "1.1" if attributes should not be returned.  The Sun
JNDI LDAP service provider does not properly handle this
scenario.  WebSphere code was changed to conform with the LDAP
specifications instead of the JNDI specifications since LDAP
service provider does not handle this scenario properly.

A fix for this APAR will be contained in any security
cumulative eFix dated after the closure date of this APAR.
Temporary fix
provide testing fix
Comments
APAR information
APAR number PQ68922
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-12-06
Closed date 2002-12-26
Last modified date 2003-03-21

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ66143 PQ72328

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68922
IBM Group: Software Group
Modified date: Mar 21, 2003