Fixes are available
8.5.0.2: WebSphere Application Server V8.5 Fix Pack 2
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
APAR status
Closed as program error.
Error description
VMM does not treat SSL returned entries from ChildDomain as they're returned as with scheme ldaps. It fails with >> [7/11/12 8:53:00:201 CDT] 00000024 LdapConnectio > com.ibm.ws.wim.adapter.ldap.LdapConnection JNDI_CALL createDirContext(String, byte[]) ENTRY ldaps://<...>com:<port> [7/11/12 8:53:00:404 CDT] 00000024 LdapConnectio 1 com.ibm.ws.wim.adapter.ldap.LdapConnection createDirContext(String, byte[]) Exception caught: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772\u0000] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3053) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2801) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2715) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:305) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java :187)
Local fix
non
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V8.0 and V8.5 * **************************************************************** * PROBLEM DESCRIPTION: Users from a child domain are not able * * to login when the Parent Domain * * controller is configured to VMM with * * SSL settings. * **************************************************************** * RECOMMENDATION: * **************************************************************** In SSL settings with a Parent domain, users from Parent domain are able to login normally. But users from a child domain fail with javax.naming.AuthenticationException. Virtual Member Manager (VMM) was not able to resolve the correct userName/distinguishedName for the bind operation in order to login to the LDAP server.
Problem conclusion
VMM now resolves the correct distinguishedName and tries with the correct DN and password sent in. Issue is resolved with this fix. The fix for this APAR is currently targeted for inclusion in fix packs 8.0.0.6 and 8.5.0.2. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM68735
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-07-12
Closed date
2012-10-04
Last modified date
2013-02-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
29 October 2021