IBM Support

PI79223: In Liberty VMM user registry cannot get groups for user from LDAP

Fixes are available

17.0.0.3: WebSphere Application Server Liberty 17.0.0.3
17.0.0.4: WebSphere Application Server Liberty 17.0.0.4
18.0.0.1: WebSphere Application Server Liberty 18.0.0.1
18.0.0.2: WebSphere Application Server Liberty 18.0.0.2
18.0.0.3: WebSphere Application Server Liberty 18.0.0.3
18.0.0.4: WebSphere Application Server Liberty 18.0.0.4
19.0.0.1: WebSphere Application Server Liberty 19.0.0.1
19.0.0.2: WebSphere Application Server Liberty 19.0.0.2
19.0.0.3: WebSphere Application Server Liberty 19.0.0.3
19.0.0.4: WebSphere Application Server Liberty 19.0.0.4
19.0.0.5: WebSphere Application Server Liberty 19.0.0.5
19.0.0.6: WebSphere Application Server Liberty 19.0.0.6
19.0.0.7: WebSphere Application Server Liberty 19.0.0.7
19.0.0.8: WebSphere Application Server Liberty 19.0.0.8
19.0.0.9: WebSphere Application Server Liberty 19.0.0.9
19.0.0.10: WebSphere Application Server Liberty 19.0.0.10
19.0.0.11: WebSphere Application Server Liberty 19.0.0.11
19.0.0.12: WebSphere Application Server Liberty 19.0.0.12
20.0.0.1: WebSphere Application Server Liberty 20.0.0.1
20.0.0.2: WebSphere Application Server Liberty 20.0.0.2
20.0.0.3: WebSphere Application Server Liberty 20.0.0.3
20.0.0.4: WebSphere Application Server Liberty 20.0.0.4
20.0.0.5: WebSphere Application Server Liberty 20.0.0.5
20.0.0.6: WebSphere Application Server Liberty 20.0.0.6
20.0.0.7: WebSphere Application Server Liberty 20.0.0.7
20.0.0.8: WebSphere Application Server Liberty 20.0.0.8
20.0.0.9: WebSphere Application Server Liberty 20.0.0.9
20.0.0.10: WebSphere Application Server Liberty 20.0.0.10
20.0.0.11: WebSphere Application Server Liberty 20.0.0.11
20.0.0.12: WebSphere Application Server Liberty 20.0.0.12
21.0.0.3: WebSphere Application Server Liberty 21.0.0.3
21.0.0.4: WebSphere Application Server Liberty 21.0.0.4
21.0.0.5: WebSphere Application Server Liberty 21.0.0.5
21.0.0.6: WebSphere Application Server Liberty 21.0.0.6
21.0.0.7: WebSphere Application Server Liberty 21.0.0.7
21.0.0.8: WebSphere Application Server Liberty 21.0.0.8
21.0.0.9: WebSphere Application Server Liberty 21.0.0.9
21.0.0.1: WebSphere Application Server Liberty 21.0.0.1
21.0.0.2: WebSphere Application Server Liberty 21.0.0.2
21.0.0.10: WebSphere Application Server Liberty 21.0.0.10
21.0.0.11: WebSphere Application Server Liberty 21.0.0.11
21.0.0.12: WebSphere Application Server Liberty 21.0.0.12
22.0.0.1: WebSphere Application Server Liberty 22.0.0.1
22.0.0.2: WebSphere Application Server Liberty 22.0.0.2
22.0.0.3: WebSphere Application Server Liberty 22.0.0.3
22.0.0.4: WebSphere Application Server Liberty 22.0.0.4

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • WebSphere Application Server liberty 16.0.0.4, Platform AIX,
    Linux, and Windows. I am able to log in to our product,
    Spectrum Control using an LDAP user but when we try to get
    groups for the LDAP user we get an EntryNotFoundException.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty- Virtual Member Manager      *
    *                  (VMM)                                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: User is able to log in but when trying  *
    *                      to retrieve groups for the user, an     *
    *                      EntryNotFoundException is returned      *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    User is able to log in but when trying to get groups for the
    user an EntryNotFoundException is returned.  If the user is
    federating a Basic Registry, a SAF Registry, a Custom User
    Registry, or the Quick Start Registry, the
    UserRegistry.getGroupsForUsers call fails because the code was
    not handling the expected case where groups were not found in
    one of the federated UserRegistrys.
    
    Partial sample stack trace:
    
    
    javax.servlet.ServletException:
    com.ibm.websphere.security.EntryNotFoundException: CWIML4001E:
    The user registry operation could not be completed. The USERNAME
    entity was not found. Specify the correct entity or create the
    missing entity.
            at
    vmm.RegistryServlet.writeOutput(RegistryServlet.java:61)
            at vmm.RegistryServlet.doGet(RegistryServlet.java:31)
            at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
            at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
            at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWr
    apper.java:1290)
            at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser
    vletWrapper.java:778)
            at
    com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(Ser
    vletWrapper.java:475)
            at
    com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters
    (WebAppFilterManager.java:1161)
            at
    com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:
    4893)
            at
    com.ibm.ws.webcontainer31.osgi.webapp.WebApp31.handleRequest(Web
    App31.java:525)
            at
    com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(
    DynamicVirtualHost.java:297)
            at
    com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.
    java:1003)
            at
    com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVir
    tualHost.java:262)
            at
    com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$T
    askWrapper.run(HttpDispatcherLink.java:958)
            at
    com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.w
    rapHandlerAndExecute(HttpDispatcherLink.java:357)
            at
    com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.r
    eady(HttpDispatcherLink.java:317)
            at
    com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleD
    iscrimination(HttpInboundLink.java:471)
            at
    com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleN
    ewRequest(HttpInboundLink.java:405)
            at
    com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.process
    Request(HttpInboundLink.java:285)
            at
    com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(H
    ttpInboundLink.java:256)
            at
    com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.
    sendToDiscriminators(NewConnectionInitialReadCallback.java:174)
            at
    com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.
    complete(NewConnectionInitialReadCallback.java:83)
            at
    com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(
    WorkQueueManager.java:504)
            at
    com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQu
    eueManager.java:574)
            at
    com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQu
    eueManager.java:929)
            at
    com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQ
    ueueManager.java:1018)
            at
    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec
    utor.java:1153)
            at
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe
    cutor.java:628)
            at java.lang.Thread.run(Thread.java:785)
    Caused by: com.ibm.websphere.security.EntryNotFoundException:
    CWIML4001E: The user registry operation could not be completed.
    The USERNAME entity was not found. Specify the correct entity or
    create the missing entity.
            at
    com.ibm.ws.security.intfc.internal.UserRegistryWrapper.getGroups
    ForUser(UserRegistryWrapper.java:250)
            at
    vmm.RegistryServlet.writeUserOutput(RegistryServlet.java:73)
            at
    vmm.RegistryServlet.writeOutput(RegistryServlet.java:54)
            ... 28 more
    Caused by: com.ibm.ws.security.registry.EntryNotFoundException:
    CWIML4001E: The user registry operation could not be completed.
    The USERNAME entity was not found. Specify the correct entity or
    create the missing entity.
            at
    com.ibm.ws.security.wim.registry.util.MembershipBridge.getGroups
    ForUser(MembershipBridge.java:301)
            at
    com.ibm.ws.security.wim.registry.WIMUserRegistry.getGroupsForUse
    r(WIMUserRegistry.java:441)
            at
    com.ibm.ws.security.intfc.internal.UserRegistryWrapper.getGroups
    ForUser(UserRegistryWrapper.java:246)
            ... 30 more
    Caused by:
    com.ibm.websphere.security.wim.exception.EntityNotFoundException
    : CWIML4001E: The user registry operation could not be
    completed. The USERNAME entity was not found. Specify the
    correct entity or create the missing entity.
            at
    com.ibm.ws.security.wim.registry.util.MembershipBridge.getGroups
    ForUser(MembershipBridge.java:201)
            ... 32 more
    

Problem conclusion

  • The code has been updated to handle the situation where no
    results are returned from a UserRegistry.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 17.0.0.3  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI79223

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-03-31

  • Closed date

    2017-07-04

  • Last modified date

    2017-07-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 May 2022