IBM Support

PI97871: CANNOT CHANGE ADMINISTRATIVE USER IN FEDERATED REPOSITORIES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the Federated Repositories input property for user
    security name is an identifier property (uniqueName, uniqueId,
    externalName, externalId) changing the administrative user
    fails because the search filter generated is invalid for VMM
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server users of   *
    *                  federated repositories                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Cannot change administrative user in    *
    *                      federated repositories                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    If the "userSecurityName" "Property for Input" in the "User
    repository attribute mapping" for Federated Repositories is
    "uniqueName", "uniqueId", "externalName", or "externalId", when
    trying to update the Federated Repositories "Primary
    administrative user name" the server will fail to validate
    that the user exists.
    The server will query for a password to create the
    (supposedly) missing user.
    Upon applying the password, the console will display the
    following error on the Federated Repositories panel:
    "ErrorThe Primary administrative user name does not exist in
    the user repository."
    This again occurs because it cannot validate that the user
    exists.
    If WIM trace is enabled, the problem can be diagnosed if an
    error similar to the following is seen in the trace files:
    [5/11/18 15:58:16:301 CDT] 0000006c FileXPathHelp 1
    com.ibm.ws.wim.adapter.file.was.FileXPathHelper
    evaluateXPathNode(propertyNode) Exception occurred:
    java.lang.IllegalArgumentException: Class 'PersonAccount' does
    not have a feature named 'uniqueName'
    at
    org.eclipse.emf.ecore.sdo.util.SDOUtil$Accessor.setFeatureName(S
    DOUtil.java:893)
    at
    org.eclipse.emf.ecore.sdo.util.SDOUtil$Accessor.process(SDOUtil.
    java:1079)
    at
    org.eclipse.emf.ecore.sdo.util.SDOUtil$Accessor.init(SDOUtil.jav
    a:760)
    at
    org.eclipse.emf.ecore.sdo.util.SDOUtil$Accessor.create(SDOUtil.j
    ava:680)
    at
    org.eclipse.emf.ecore.sdo.util.SDOUtil.isSet(SDOUtil.java:239)
    at
    org.eclipse.emf.ecore.sdo.impl.DynamicEDataObjectImpl.isSet(Dyna
    micEDataObjectImpl.java:126)
    at
    com.ibm.ws.wim.adapter.file.was.FileXPathHelper.evaluateXPathNod
    e(FileXPathHelper.java:335)
    at
    com.ibm.ws.wim.adapter.file.was.FileXPathHelper.evaluateXPathNod
    e(FileXPathHelper.java:273)
    at
    com.ibm.ws.wim.adapter.file.was.FileXPathHelper.evaluate(FileXPa
    thHelper.java:261)
    at
    com.ibm.ws.wim.adapter.file.was.FileData.search(FileData.java:82
    0)
    at
    com.ibm.ws.wim.adapter.file.was.FileAdapter.search(FileAdapter.j
    ava:2156)
    at
    com.ibm.ws.wim.SPIServiceProvider.searchRepository(SPIServicePro
    vider.java:670)
    at
    com.ibm.ws.wim.SPIServiceProvider.search(SPIServiceProvider.java
    :608)
    at
    com.ibm.ws.wim.registry.util.UserRegistryValidator.getUsers(User
    RegistryValidator.java:310)
    at
    com.ibm.ws.security.admintask.ValidateAdminName.afterStepsExecut
    ed(ValidateAdminName.java:534)
    at
    com.ibm.websphere.management.cmdframework.provider.AbstractTaskC
    ommand.executeReal(AbstractTaskCommand.java:855)
    at
    com.ibm.websphere.management.cmdframework.provider.AbstractTaskC
    ommand.execute(AbstractTaskCommand.java:807)
    at
    com.ibm.ws.console.security.Registry.UserRegistryDetailActionGen
    .validateAdminId(UserRegistryDetailActionGen.java:580)
    at
    com.ibm.ws.console.security.Registry.UserRegistryDetailActionGen
    .processAdminId(UserRegistryDetailActionGen.java:558)
    at
    com.ibm.ws.console.security.IdMgrRealm.AdminUserPasswordDetailAc
    tion.execute(AdminUserPasswordDetailAction.java:186)
    ...
    

Problem conclusion

  • The search was updated to default to principalName when a
    identifier property is used as the user security name input
    property.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.5.5.16 and 9.0.5.1.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI97871

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-05-11

  • Closed date

    2019-06-19

  • Last modified date

    2019-06-19

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R850 PSY

       UP

  • R900 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
24 November 2021