IBM Support

PI26630: LIBERTY PROFILE ON Z/OS SUPPORTS LDAP BUT DOES NOT PROPERLY MAP LDAP IDENTITIES TO SAF-BASED IDS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Liberty Profile on z/OS does not profile the capability to map
a distributed identity ( e.g. LDAP DN) to a SAF identity.  This
prevents LTPA  identity propagation to z/OS resources via WOLA.

Inability to fully utilize WOLA functionality to invoke CICS
transactions with client identity.

Local fix

  • Ø
n/a

Problem summary

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server Liberty Profile for z/OS             *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere Application Server for z/OS   *
*                      Liberty Profile supports LDAP but does  *
*                      not properly map LDAP identities to SAF-*
*                      based ids.                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Distributed identities are not mapped to SAF userids
because the calls to initialize ACEE are not passing a
distributed identity area.

Problem conclusion

  • Added an new attribute mapDistributedIdentities to the
safCredentials configuration element.
<safCredentials mapDistributedIdentities="true"/>
When mapDistributedIdentities="true" is specified a distributed
identity will be mapped to a z/OS SAF userid.
The default for mapDistributedIdentities is false.

The fix for this APAR is currently targeted for inclusion in fix
pack 8.5.5.5.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI26630
    • 

  • Reported component name
    LIBERTY - Z/OS
    • 

  • Reported component ID
    5655W6514
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2014-09-29
    • 

  • Closed date
    2014-12-17
    • 

  • Last modified date
    2014-12-17
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    LIBERTY - Z/OS
    • 

  • Fixed component ID
    5655W6514
    • 



Applicable component levels


    

  • R850  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 December 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback