PQ74897: Intermittent authentication & authorization failures concurrent logins on 4.02. CNTR0019E findByPrivilegeAttributeId

 Fixes are available

4.0.7: WebSphere Application Server Version 4.0 Fix Pack 7
Security; V4.0.2-V4.0.7: Cumulative fix for security component
5.0.2: WebSphere Application Server Version 5.0 Fix Pack 2 (Version 5.0.2)



APAR status
Closed as program error.

Error description
Users encounter intermittent authorization failures under load.
Caused by multithreading defect in WebSphere 4.0x using LDAP
registry, fixed in cumulative efix for 4.05, but backport to
WebSphere 4.02 is required by customer.
Local fix
Use admin.config setting to disable caching
Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who have  *
*                 enabled security and configured an LDAP user *
*                 registry.                                    *
****************************************************************
* PROBLEM DESCRIPTION: Authentication or authorization fails   *
*                      intermittently due to search failure    *
*                      against the LDAP server.                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
   On high volume servers with multiple concurrent logins,
authentication or authorization failures may occur occasionally
due to concurrent access to the same DirContext used in LDAP
search.  In an administration server trace, a NullPointException
in JNDI code may be seen.  Another more common symptom not
visible in a trace is corruption of the user's security name or
group information.
   Both symptoms are highly intermittant.
Problem conclusion
LDAP user registry code used to share Directory Contexts
between multiple threads.  The algorithm has been modified to
supply a copy of a directory context to each thread or create
a new Directory context if necessary.
Temporary fix
Testing fix provided.
Comments
APAR information
APAR number PQ74897
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-06-04
Closed date 2003-06-17
Last modified date 2003-06-17

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ74897
IBM Group: Software Group
Modified date: Jun 17, 2003