PQ68882: CANNOT HAVE , AND () IN ADMIN CONSOLE USER NAME

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
The customer cannot use user names that contain the comma
character [,] and parentheses [()] in the DN as admin console
users.  The trace file contains the error message 'Invalid LDAP
user'.
Local fix
There is no workaround for users whose DN contains a comma and
parentheses characters.
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server security users  *
*                 who has used a comma (, ASII 44) or open     *
*                 parenthese (ASII 40) or close parenthese     *
*                 (ASII 41) in a user's security name.         *
****************************************************************
* PROBLEM DESCRIPTION: If a user name or attributes in a DN    *
*                      (if LDAP is the user registry) contain  *
*                      comma or open parenthese or close       *
*                      parenthese, authorization for the DN    *
*                      may fail.                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If user name or attribute in DN (if using LDAP registry)
contain comma or open parenthese or close parenthese, user
name was improperly truncated as security use those
characters as delimiter, which results
authorization error.

If a Custom Registry is in use, this also applies to names
returned by the following methods:
List getUsers()
List getUsers(String pattern)
String getUserDisplayName(String userName)
String getUniqueUserId(String userName)
List getUniqueUserIds(String uniqueGroupId)
String getUserSecurityName(String uniqueUserId)
Problem conclusion
Comma's and parenthesis were used internally as delimeters.
The use of parenthesis as delimiters has been removed.
Commas are now treated properly by escaping them.

A fix for this APAR will be contained in any security
cumulative eFix dated after the closure date of this APAR.
Temporary fix
A test fix was provided.
Comments
APAR information
APAR number PQ68882
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-12-06
Closed date 2002-12-26
Last modified date 2002-12-26

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ66022

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68882
IBM Group: Software Group
Modified date: Dec 26, 2002