PQ61381: WEBSPHERE AUTHENTICATION FAILS WHEN USERID BELONGS TO DOUBLE BYTE CHARACTER SET (DBCS) GROUP NAME

 A fix is available

PQ61381; 4.0.2,4.0.3: Authentication fails if userid belongs to DBCS LDAP group



APAR status
Closed as program error.

Error description
Problem occurs either:
- when logging into Websphere Application Server admin console
- when logging into portal server (WPS)
when the login userid is an ldap userid that belongs to a group
name that is double byte character set (I.E. Japanese, Korean,
Chinese dbcs group name).
Login fails authentication with message indicating userid or
password may be invalid. Adminserver orb tracing shows a marshal
exception.
Local fix
ORB team is working on efix for this issue on WAS 4.0.x
releases.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users of    *
*                 double byte characters, WPS, and Domino      *
*                 LDAP to get authentication.                  *
****************************************************************
* PROBLEM DESCRIPTION: User is authenticated by Domino LDAP    *
*                      to login to WPS. If the user has been   *
*                      registered to DBCS name group on        *
*                      Domino, a user cannot login to WPS      *
*                      due to invalid user id.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
A client talks to server(session bean) by RMI, both client
and server are running in Japanese machine.  In the server,
user uses IDL to create a credential object, and this object
contains some double byte char string.  However, this RMI call
can not return, and throw CORBA Marshal exception.
java.rmi.ServerException: RemoteException occurred in server
thread; nested exception is:
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested
exception is:
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested
exception is:
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
----- Begin backtrace for detail
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested
exception is:
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
----- Begin backtrace for detail
org.omg.CORBA.MARSHAL  minor code: 0  completed: No
Problem conclusion
Problem occurs when a local copy is made in the stubs of data
containing non default tcs.Util.copyObject(s).  The failure
occurs because there is no connection from which to get the
tcs, so default ASCII is used.  This is not appropriate for
Japanese codesets and other DBCS languages.  The solution is
to get the default tcs from the orb that was set via the
property com.ibm.CORBA.ORBCharEncoding and use this during
the copy.
Temporary fix Comments
APAR information
APAR number PQ61381
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-05-21
Closed date 2002-06-24
Last modified date 2002-06-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ORB          

SRLS

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ61381
IBM Group: Software Group
Modified date: Jun 24, 2002