IBM Support

PH02868: AUTOMATIC DISCOVERY OF LDAP SERVERS FAILS WITH ENTRYNOTFOUNDEXCEPTION

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When Automatic discovery for LDAP servers is enabled (via the
    custom property DomainNameForAutomaticDiscoveryOfLDAPServers),
    looking up users fails with an EntryNotFoundException.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server with                                 *
    *                  DomainNameForAutomaticDiscoveryOfLDAPServer *
    *                  s                                           *
    *                  configured for an Ldap server in a          *
    *                  federated repository.                       *
    ****************************************************************
    * PROBLEM DESCRIPTION: When Automatic discovery for LDAP       *
    *                      servers is enabled, looking up users    *
    *                      fails with an EntryNotFoundException.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When Automatic discovery for LDAP servers is enabled (via the
    custom property DomainNameForAutomaticDiscoveryOfLDAPServers),
    looking up users fails with an EntryNotFoundException. The
    Ldap entry cannot be found because the request has the DN from
    the DomainNameForAutomaticDiscoveryOfLDAPServers property and
    from the base entry of the LDAP server appended together. This
    can be seen in an error message that looks like the following:
    CWWIM4520E The 'javax.naming.NameNotFoundException: [LDAP:
    error code 32 - 0000208D: NameErr: DSID-03100238, problem 2001
    (NO_OBJECT), data 0, best match of: 'DC=ibm,DC=com'];
    remaining name 'DC=ibm,DC=com'; resolved object
    com.sun.jndi.ldap.LdapCtx@b8521edb' naming exception occurred
    during processing.
    It can also be seen in a packet capture, for example using
    WireShark. If the DomainNameForAutomaticDiscoveryOfLDAPServers
    property is set to DC=ibm,DC=com and the base entry is also
    set to DC=ibm,DC=com, then DC=ibm,DC=com,DC=ibm,DC=com is sent
    to LDAP.
    

Problem conclusion

  • This LDAP request was fixed to avoid duplication of the DN. It
    also resolves issues with correctly checking authorization of
    a user and fetching attributes when
    DomainNameForAutomaticDiscoveryOfLDAPServers is set.
    
    To workaround, set the base entry for the LDAP configuration to
    "root" in the administrative console. This indicates that an
    empty string ("" or empty string appears in the wimconfig.xml)
    or the root of the tree should be used. When using root as the
    base DN, review the version level,  fix PI88438 may be
    required. This workaround may still fail while checking
    authorization.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 8.5.5.15 and 9.0.0.11.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PH02868

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-09-14

  • Closed date

    2018-11-19

  • Last modified date

    2018-12-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 October 2021