LI83167: LDAP USER LOGIN DOESN'T COMPLETE WHILE GROUP MAPPING ENABLED

APAR status

• Closed as program error.

Error description

• When a particular LDAP user tries to login, if any of these 3
  user properties have changed in the LDAP (first name, last name,
  email), the login request gets stuck and status code 499 'client
  closed request' is returned by juhu.
  Other users can still log in successfully.
  
  Re-create steps:
  1. Login into the CMC as admin
  2. Create a new LDAP user-registry with external group mapping
  enabled
  3. Add the LDAP registry in the CMC login
  4. Create a custom role with the LDAP group details
  5. Try to login in the CMC and it should work
  6. Login into your Active Directory server
  7. Find the user that has been used for step-5
  8. Change the last name of the user
  9. Repeat the login step as step-5
  
  CMC UI will keep loading the submitting the user credentials
  and will throw a time out error.
  

Local fix

• Restart all apim, taskmanager, postgres pods to free up db
  locks, then remove the difference between user in API Connect
  vs. user
  in LDAP.  You can do this by deleting the user from API Connect.
  

Problem summary

• When a particular LDAP user tries to login, if any of these 3
  user properties have changed in the LDAP (first name, last name,
  email), the login request gets stuck and status code 499 'client
  closed request' is returned by juhu.  Other users can still log
  in successfully.
  

Problem conclusion

• Fix is targeted for 10.0.8.0, 10.0.5.8
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  API CONNECT ENT

• Fixed component ID

  5725Z2201

Applicable component levels