PQ68882: CANNOT HAVE , AND () IN ADMIN CONSOLE USER NAME | |||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The customer cannot use user names that contain the comma character [,] and parentheses [()] in the DN as admin console users. The trace file contains the error message 'Invalid LDAP user'.Local fix There is no workaround for users whose DN contains a comma and parentheses characters.Problem summary **************************************************************** * USERS AFFECTED: WebSphere Application Server security users * * who has used a comma (, ASII 44) or open * * parenthese (ASII 40) or close parenthese * * (ASII 41) in a user's security name. * **************************************************************** * PROBLEM DESCRIPTION: If a user name or attributes in a DN * * (if LDAP is the user registry) contain * * comma or open parenthese or close * * parenthese, authorization for the DN * * may fail. * **************************************************************** * RECOMMENDATION: * **************************************************************** If user name or attribute in DN (if using LDAP registry) contain comma or open parenthese or close parenthese, user name was improperly truncated as security use those characters as delimiter, which results authorization error. If a Custom Registry is in use, this also applies to names returned by the following methods: List getUsers() List getUsers(String pattern) String getUserDisplayName(String userName) String getUniqueUserId(String userName) List getUniqueUserIds(String uniqueGroupId) String getUserSecurityName(String uniqueUserId)Problem conclusion Comma's and parenthesis were used internally as delimeters. The use of parenthesis as delimiters has been removed. Commas are now treated properly by escaping them. A fix for this APAR will be contained in any security cumulative eFix dated after the closure date of this APAR.Temporary fix A test fix was provided.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ66022 Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68882
IBM Group: Software Group
Modified date: Dec 26, 2002
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.