PM88444: IBM.APPCENTER.LDAP.SECURITY.BINDPWD PROPERTY NOT PROPERLY ENCODED

APAR status

• Closed as program error.

Error description

• The password is stored in clear text in the bootstrap.properties
  file for Liberty Profile or in the JVM custom properties for
  WebSphere Application Server V7.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * Administrators working with either the WebSphere Application *
  * Server v7 or Liberty Profile configurations where ACL        *
  * management uses an LDAP server that doesn't authorize        *
  * anonymous access.                                            *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * The password value of the                                    *
  * 'ibm.appcenter.ldap.security.bindpwd'  property is stored in *
  * clear text. Per a security policy, it could be required that *
  * this property be encoded with the WebSphere encoding tool.   *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  

Problem conclusion

• The fix allows the 'ibm.appcenter.ldap.security.bindpwd'
  property to be encoded with the WebSphere encoding tool.
  For Liberty Profile run the securityUtility command that
  generates an encoded password and set the
  'ibm.appcenter.ldap.security.bindpwd'  property with the encoded
  password in the boostrap.properties file.
  For WebSphere Application Server V7 run the
  PropFilePasswordEncoder utility  tool that generates an encoded
  password and set the 'ibm.appcenter.ldap.security.bindpwd'
  property with the encoded password in the JVM custom property.
  
  For the Liberty Profile the server.xml file will need to be
  edited to enable the classloader to load the encoder jar file.
  Edit the server.xml file and add the following entry inside the
  <application context-root="applicationcenter" > entry just
  before the </application> tag :
  
      <classloader delegation="parentLast">
              <commonLibrary>
                  <fileset dir="${wlp.install.dir}/lib"
  includes="com.ibm.ws.crypto.passwordutil_1.0.jar"/>
              </commonLibrary>
      </classloader>
  
  The fix for this APAR is currently targeted for inclusion in
  fixpack 5.0.6.1.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WORKLIGHT CONSU

• Fixed component ID

  5725I4301

Applicable component levels

• R505 PSY

     UP

• R506 PSY

     UP