IBM Support

PI82111: FEDERATED REPOSITORIES FAILS TO CHANGE PASSWORD WHEN JRE IS JAVA 8.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When running on Java 8, Federated Repositories will fail to
    update user password in Active Directory
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server users of   *
    *                  federated repositories                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: When running on Java 8, Federated       *
    *                      Repositories will fail to update user   *
    *                      password in Active Directory            *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In the Java 8 release, the JRE was updated to use NIO
    converters instead of IO converters, which were removed. The IO
    converters handled the endian-ness based on the platform. When
    moving to NIO, the Java specification was corrected to give
    consistent behavior (big endian) for all platforms when using
    the "UNICODE" charset.
    The specification for encoding for the "unicodepwd" attribute
    requires it to be little-endian. Therefore, it can be
    expected, that on all little-endian platforms attempting to
    change a password will result in a OperationNotSupported /
    WILL_NOT_PEFORM exception being returned from Active Directory
    Server.
    [28/4/17 10:19:21:447 SGT] 00000164 LdapConnectio 1
    com.ibm.ws.wim.adapter.ldap.LdapConnection
    modifyAttributes(Name name, ModificationItem[] mods) Exception
    caught:
    javax.naming.OperationNotSupportedException: [LDAP: error code
    53 - 0000001F: SvcErr: DSID-031A1248, problem 5003
    (WILL_NOT_PERFORM), data 0
    \u0000]; remaining name 'CN=rand,OU=Stephani,dc=pimqa,dc=local'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3220)
    at
    com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3093)
    at
    com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2900)
    at
    com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1487)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
    ComponentDirContext.java:289)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttrib
    utes(PartialCompositeDirContext.java:204)
    at
    org.apache.aries.jndi.DelegateContext.modifyAttributes(DelegateC
    ontext.java:287)
    at
    javax.naming.directory.InitialDirContext.modifyAttributes(Initia
    lDirContext.java:183)
    at
    com.ibm.ws.wim.adapter.ldap.LdapConnection.modifyAttributes(Ldap
    Connection.java:2426)
    at
    com.ibm.ws.wim.adapter.ldap.LdapAdapter.updateByDataGraph(LdapAd
    apter.java:1328)
    at
    com.ibm.ws.wim.adapter.ldap.LdapAdapter.update(LdapAdapter.java:
    1476)
    at
    com.ibm.ws.wim.ProfileManager.updateImpl(ProfileManager.java:343
    4)
    at
    com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(Profil
    eManager.java:354)
    at
    com.ibm.ws.wim.ProfileManager.update(ProfileManager.java:439)
    at
    com.ibm.websphere.wim.ServiceProvider.update(ServiceProvider.jav
    a:498)
    .....
    

Problem conclusion

  • Updated the encoding for the "unicodepwd" attribute value to
    always use the "UTF-16LE" charset to ensure it is always
    little-endian.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.0.0.14, 8.5.5.13 and 9.0.0.5.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI82111

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-05-24

  • Closed date

    2017-06-05

  • Last modified date

    2017-06-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
18 October 2021