Fixes are available
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.5.5.1: WebSphere Application Server V8.5.5 Fix Pack 1
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
8.5.5.2: WebSphere Application Server V8.5.5 Fix Pack 2
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
APAR status
Closed as program error.
Error description
1) Displaying of attributes in the Administrative Console (ISC) under the panel 'Global security -> Federated repositories -> <LDAP_REPO_ID> ->LDAP attributes', has an issue which possibly deletes extra entry that is not specified. There is no CLI available to list particular attributes configuration. The only CLI available are listIdMgrLDAPAttrs, listIdMgrLDAPAttrsNotSupported and listIdMgrLDAPExternalIdAttrs, which lists all the attributes for the given LDAP_REPO_ID. 2) To delete an attribute mapping, we have a CLI 'deleteIdMgrLDAPAttr'. This takes either attribute 'name' OR 'propertyName' along with the LDAP_REPO_ID to delete the particular attribute. (CMD1) AdminTask.deleteIdMgrLDAPAttr('-id LDAP_REPO_ID -name samAccountName') -> This deletes all attributes in the repository 'LDAP_REPO_ID' that have the 'name=samAccountName' value. (CMD2) AdminTask.deleteIdMgrLDAPAttr('-id LDAP_REPO_ID -propertyName uid') -> deletes all attributes in the repository 'LDAP_REPO_ID' that are mapped with the 'propertyName=uid' value. So when there are two entries for 'samAccountName' one mapped to 'uid' for PersonAccount entity type and other mapped to 'cn' for Group entity type as below: <config:attributes name="samAccountName" propertyName="uid"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes defaultAttribute="cn" name="samAccountName"> <config:entityTypes>Group</config:entityTypes> </config:attributes> Running CLI command (CMD1), deletes both entries for 'samAccountName', however running command <CMD2> deletes only the first entry of 'samAccountName' which is mapped to 'uid' for PersonAccount entity type.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server administrative console federated * * repository LDAP attributes panel * **************************************************************** * PROBLEM DESCRIPTION: Attributes that do not have a * * property name cause issues for delete. * **************************************************************** * RECOMMENDATION: * **************************************************************** Attributes that do not have a property name cause issues for delete.
Problem conclusion
Added the entityType parameter to the delete task call so that the exact matching attribute is deleted. The fix for this APAR is currently targeted for inclusion in fix packs 8.0.0.7 and 8.5.5.1. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM87240
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-04-17
Closed date
2013-04-26
Last modified date
2013-04-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R800 PSY
UP
R850 PSY
UP
Document Information
Modified date:
12 January 2022