IBM Support

PI75159: A BASE ENTRY OF "ROOT" DEFINED ON A MICROSOFT ACTIVE DIRECTORY LDAP SERVER IS NOT SUPPORTED.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In a federated repository, adding a base entry of "root"
    on a Microsoft Active Directory LDAP server causes
    login failures after server restart.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    *                  users of federated repositories             *
    ****************************************************************
    * PROBLEM DESCRIPTION: In a federated repository, adding a     *
    *                      base                                    *
    *                      entry of "root" on some LDAP servers    *
    *                      causes failures after server restart.   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In a federated repository, adding a base entry of "root" on some
    LDAP servers, such as Microsoft Active Directory, causes login
    failures after server restart.
    This error is seen in the dmgr JVM log.
    E
    com.ibm.ws.wim.adapter.ldap.LdapConnection search(String,
    String,Object[], SearchControls)
    com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E
    The 'javax.naming.NameNotFoundException: [LDAP: error code 32 -
    0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data
    0, best match of: '']; remaining name '/'; resolved object
    com.sun.jndi.ldap.LdapCtx@45564556' naming exception occurred
    during processing.
    

Problem conclusion

  • If root is entered in the administrative console for the unique
    distinguished name of the base entry field, the LDAP server
    type
    is checked. If the use of root to indicate an empty base entry
    name is not supported, an error message is displayed and the
    user must enter a valid base entry.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.0.0.14, 8.5.5.12 and 9.0.0.5.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI75159

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-01-18

  • Closed date

    2017-06-05

  • Last modified date

    2017-06-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
18 October 2021