PM87240: ATTRIBUTES FOR FEDERATED REPOSITORIES IN THE CONSOLE DO NOT DISPLAY AS THEY SHOULD AND CANNOT BE REMOVED INDIVIDUALLY.

Fixes are available

APAR status

Closed as program error.

Error description

1) Displaying of attributes in the Administrative Console (ISC)
under the panel 'Global security -> Federated repositories ->
<LDAP_REPO_ID> ->LDAP attributes', has an issue which possibly
deletes extra entry that is not specified.

There is no CLI available to list particular attributes
configuration. The only CLI available are listIdMgrLDAPAttrs,
listIdMgrLDAPAttrsNotSupported and listIdMgrLDAPExternalIdAttrs,
which lists all the attributes for the given LDAP_REPO_ID.

2) To delete an attribute mapping, we have a CLI
'deleteIdMgrLDAPAttr'.
This takes either attribute 'name' OR 'propertyName' along with
the LDAP_REPO_ID to delete the particular attribute.

(CMD1) AdminTask.deleteIdMgrLDAPAttr('-id LDAP_REPO_ID -name
samAccountName') -> This deletes all attributes in the
repository 'LDAP_REPO_ID' that have the 'name=samAccountName'
value.
(CMD2) AdminTask.deleteIdMgrLDAPAttr('-id LDAP_REPO_ID
-propertyName uid') -> deletes all attributes in the repository
'LDAP_REPO_ID' that are mapped with the 'propertyName=uid'
value.

So when there are two entries for 'samAccountName' one mapped to
'uid' for PersonAccount entity type and other mapped to 'cn' for
Group entity type as below:

<config:attributes name="samAccountName" propertyName="uid">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
<config:attributes defaultAttribute="cn" name="samAccountName">
<config:entityTypes>Group</config:entityTypes>
</config:attributes>


Running CLI command (CMD1), deletes both entries for
'samAccountName', however running command <CMD2> deletes only
the first entry of 'samAccountName' which is mapped to 'uid' for
PersonAccount entity type.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server administrative console federated     *
*                  repository LDAP attributes panel            *
****************************************************************
* PROBLEM DESCRIPTION: Attributes that do not have a           *
*                      property name cause issues for delete.  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Attributes that do not have a property name cause issues for
delete.

Problem conclusion

Added the entityType parameter to the delete task call so that
the exact matching attribute is deleted.

The fix for this APAR is currently targeted for inclusion in
fix packs 8.0.0.7 and 8.5.5.1.  Please refer to the
Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PM87240
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-04-17
Closed date
2013-04-26
Last modified date
2013-04-26

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R800 PSY
UP
R850 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
12 January 2022

Tips

PM87240: ATTRIBUTES FOR FEDERATED REPOSITORIES IN THE CONSOLE DO NOT DISPLAY AS THEY SHOULD AND CANNOT BE REMOVED INDIVIDUALLY.

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R800 PSY

R850 PSY

Document Information

Share your feedback

Need support?