PQ56053: WASSECK - SPECIAL CHARACTERS IN LDAP SERVER ENTRIES NOT HANDLED PROPERLY BY WAS

APAR status
Closed as program error.

Error description
Environment:
WebSphere Application Server 3.x & 4.0
Description:
   This APAR is to address how WebSphere Application Server
should handle special
characters that are embedded in the value of the attribute of an
LDAP server entry. Currently, WebSphere Application Server 3.x
(and possibly 4.0)
don't handle special characters (asterisk, comma, and
others)
well.    PMR 13953,499,000 where this APAR originates, addresses
specifically a problem handling a CN attribute, which is
assigned
to the last name followed by a comma and then followed by the
first name. When assigning an LDAP group to the permissions for
a method group, authorization failure occurs when trying to
access the secured resources because of the comma embedded in
the username.
Local fix Problem summary
A combination of a limit of the internal LDAP client and
WAS coding causes problems in authentication when the
LDAP entries use of special characters (/, *, etc.) in the
username attribute.
Problem conclusion
A fix is done in security coding to accept user name with
special characters.
Temporary fix Comments
APAR information
APAR number PQ56053
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2001-12-18
Closed date 2001-12-18
Last modified date 2003-04-24

APAR is sysrouted FROM one or more of the following:
PQ51294

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ56053
IBM Group: Software Group
Modified date: Apr 24, 2003