Fixes are available
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as new function.
Error description
Virtual member manager (VMM) supports an external identifier - a unique id - to associate with each LDAP repository type. By default, the following unique id's are associated with the various LDAP types: The unique identifiers for the supported LDAP types are LDAP server type Unique ID IBM Tivoli Directory Server: ibm-entryUUID Microsoft Active Directory objectGUID Novell eDirectory GUID IBM Domino Server dominoUNID SunOne Directory Server nsuniqueId As part of a search, VMM tries to look up this unique identifier in the LDAP server - if, as in this case, the LDAP server doesn't support that attribute, then the search fails as is happening here. In WebSphere Application Server full profile, there is a way to specify a different unique id other than the default in the config; unfortunately, it doesn't look like the current metatype data supports doing that (looks like the runtime can handle, just not the metatype).
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server Liberty Core * **************************************************************** * PROBLEM DESCRIPTION: If the corresponding externalId * * attribute used by VMM for various * * LDAPs is not supported or is set to * * null for user/group an exception is * * thrown to the customers. * **************************************************************** * RECOMMENDATION: Set the default external Id attribute i.e * * ibm-entryUuid, objectGuid, nsUniqueId for * * the respective LDAP i.e TDS, AD, SUN for * * the users/groups that are stored in the * * LDAP. * **************************************************************** If virtual member manager (VMM) receives a null value for the externalId attribute from the backend LDAP for the user or group, it throws an exception to the customer rather than consuming the null value.
Problem conclusion
In this fix, the null value of externalId is consumed by the VMM for the corresponding user or group and it will not throw any exception. The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.3. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PI17042
Reported component name
WAS LIBERTY COR
Reported component ID
5725L2900
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-04-30
Closed date
2014-05-28
Last modified date
2014-05-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WAS LIBERTY COR
Fixed component ID
5725L2900
Applicable component levels
R855 PSY
UP
Document Information
Modified date:
27 April 2022