APAR status
Closed as program error.
Error description
When using URBridge adapter setting the com.ibm.websphere.security.ldap.groupBaseDn property causes a login failure: javax.naming.NamingException: [LDAP: error code 80 - ICH31005I NO ENTRIES MEET SEARCH CRITERIA]; remaining name 'profiletype=group,cn=myracf' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3315) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3217) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3008) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1887) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1810) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Compo nentDirContext.java:404) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search( PartialCompositeDirContext.java:370) at org.apache.aries.jndi.DelegateContext.search(DelegateContex t.java:360) at javax.naming.directory.InitialDirContext.search(InitialDirC ontext.java:287) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.performA uthentication(LdapRegistryImpl.java:2467) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(L dapRegistryImpl.java:2438) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(L dapRegistryImpl.java:2374) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getGroup s(LdapRegistryImpl.java:848) at com.ibm.ws.wim.adapter.urbridge.URBridge.getEntityTypeFromU niqueName(URBridge.java:1031) at com.ibm.ws.wim.adapter.urbridge.URBridge.validateEntity(URB ridge.java:983) at com.ibm.ws.wim.adapter.urbridge.URBridge.get(URBridge.java:444)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * * using federated repositories with a * * repository * * connected via the URBridge adapter and * * using * * the custom property * * com.ibm.websphere.security.ldap.groupBaseDn * * . * **************************************************************** * PROBLEM DESCRIPTION: Login fails after setting * * com.ibm.websphere.security.ldap.groupBa * * se * * Dn * **************************************************************** * RECOMMENDATION: * **************************************************************** After setting the custom property com.ibm.websphere.security.ldap.groupBaseDn in a repository using the URBridge adapter, login fails with javax.naming.NamingException: [LDAP: error code 80 - ICH31005I NO ENTRIES MEET SEARCH CRITERIA]; remaining name 'profiletype=group,cn=myracf.' This specific error is from a customer using z/OS LDAP which is the most likely case.
Problem conclusion
Previously, we performed a user search and a group search on any entity we do not have the entity type for. Now we no longer do a group search on an entity if we found a user result, and we are certain we are not searching for a group. The fix for this APAR is targeted for inclusion in fix pack 8.5.5.23 and 9.0.5.14. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH49752
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-09-22
Closed date
2022-10-19
Last modified date
2022-10-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
20 October 2022