IBM Support

PK59896: ENABLING MULTIPLE LDAPS CAUSES ACCESS CONTROL PROBLEMS

Fixes are available

6.0.1.7 Download: WebSphere Portal and Web Content Manager V6.0.1, fix pack 7
6.0.1.5 Download: WebSphere Portal and Web Content Management V6.0.1 fix pack 5

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After particular configuration tasks (like setting up multiple
LDAPs or deleting and recreating the same users or groups
directly in the LDAP), user or group specific information such
as customized pages or portlets, wires, credentials, or access
control settings can get lost. This behavior comes along with
duplicate entries for the same distinguished name in the
USER_DESC table in the Portal release domain.

Local fix

  • Install fix

Problem summary

  • After particular configuration tasks (like setting up multiple
LDAPs (i.e. horizontal partitioning) or deleting and recreating
the same users or groups directly in the LDAP), user or group
specific information such as customized pages or portlets,
wires, credentials, or access control settings can get lost.
This behavior comes along with duplicate entries for the same
distinguished name in the USER_DESC table in the Portal release
domain.

Problem conclusion

  • After particular configuration tasks (like setting up multiple
LDAPs or migrating LDAPs or deleting and recreating the same
users or groups directly in the LDAP), user or group specific
information such as customized pages or portlets, wires,
credentials, or access control settings can get lost. This
behavior comes along with duplicate entries for the same
distinguished name in the USER_DESC table in the Portal release
domain. To use the new capability, first run the cleanup user
export as described in the Portal InfoCenter
(http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/topic/com.i
bm.wp.ent.doc/wps/admxmsmp.html#admxmsmp__cln_usr). With
PK59896, the resulting XML file will accept an additional
attribute migrate-users="true" for the request element.
Simply use this new attribute to migrate users. After
successfull migration, use the cleanup-users attribute to remove
all duplicate entries.

This attribute can be set independently of the cleanup-users
attribute.
The following combinations are generally possible:

- cleanup-users="true" (or cleanup-users="invalid" as of version
6.0.1) and migrate-users not set or set to "false": Only the
cleanup is performed (former behavior)

- cleanup-users not set, set to "false", or set to "none" as of
version 6.0.1 and migrate-users="true": Only the migration of
user and group related content is performed. The cleanup can
then be performed separately by another run of the script with
the appropriate attribute setting. Use this option if you first
want to check the result of the migration before deleting the
users and groups from the Portal database.

- cleanup-users="true" (or cleanup-users="invalid" as of version
6.0.1) and migrate-users="true": The user and group specific
information is migrated and the old representations of the users
and groups are deleted afterwards.

Re-start the Portal server after executing the script with the
XML configuration interface.

Failing Module(s):
   Database

Affected Users:
   All Users

Version Information:
  Portal Version(s): 6.0.0.1
   Pre-Requisite(s): PK36290 PK43157 PK28591 PK39802
    Co-Requisite(s): ---

  Portal Version(s): 6.0.1.0
   Pre-Requisite(s): PK43445 PK57031 PK44723
    Co-Requisite(s): ---

  Portal Version(s): 6.0.1.1
   Pre-Requisite(s): PK56559 PK57031 PK44723 PK56541
    Co-Requisite(s): ---

  Portal Version(s): 6.0.1.3
   Pre-Requisite(s): PK56559 PK57031
    Co-Requisite(s): ---

Platform Specific:
   This fix applies to all platforms.

A fix is available from Fix Central:
http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?apar=PK59896&productid=WebSphere%20Portal&brandid=5

You may need to type or paste the complete address into your Web
browser.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK59896
    • 

  • Reported component name
    WEBSPHERE PORTA
    • 

  • Reported component ID
    5724E7600
    • 

  • Reported release
    60A
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2008-01-24
    • 

  • Closed date
    2008-08-13
    • 

  • Last modified date
    2008-08-13
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBSPHERE PORTA
    • 

  • Fixed component ID
    5724E7600
    • 



Applicable component levels


    

  • R601  PSY
       UP
    • 

  • R60A  PSY
       UP
    • 

  • R60E  PSY
       UP
    • 

  • R60G  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.0.1","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            13 August 2008
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback