PK50929: THE IBM-ENTRYUUID FIELD WITH A FEDERATED REPOSITORY NEEDS TO BE DOCUMENTED

APAR status

• Closed as documentation error.

Error description

• The Information Center for WebSphere Application Server
  Version 6.1 needs to contain documentation on the
  ibm-entryuuid field as it relates to federated repositories.
  This field needs to be returned from the Lightweight Directory
  Access Protocol (LDAP) server. It is part of the system
  attributes. The bind distinguished name (DN) must have read
  access to system attributes.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: This APAR affects users of WebSphere         *
  *                 Application Server version 6.1 that          *
  *                 require additional information to            *
  *                 configure a Lightweight Directory Access     *
  *                 Protocol (LDAP) server in a federated        *
  *                 repository configuration.                    *
  ****************************************************************
  * PROBLEM DESCRIPTION: The Information Center for WebSphere    *
  *                      Application Server Version 6.1 does     *
  *                      not completely describe the process     *
  *                      to configure a Lightweight Directory    *
  *                      Access Protocol (LDAP) server in a      *
  *                      federated repository configuration.     *
  *                                                              *
  *                      The current documentation does not      *
  *                      describe how to return specific         *
  *                      search results from an LDAP server.     *
  *                      A connection is not properly            *
  *                      established or configured from the      *
  *                      gateway server to the LDAP server.      *
  *                      The user can successfully bind to       *
  *                      an LDAP server, but cannot              *
  *                      successfully search for users as        *
  *                      expected.                               *
  ****************************************************************
  * RECOMMENDATION:                                              *
  *                                                              *
  ****************************************************************
  The documentation needs to indicate that when you configure an
  LDAP server in a federated repository configuration, the LDAP
  administrator needs to ensure that read access privileges are
  set for the bind distinguished name (DN). These read access
  privileges allow access to the subtree of the base DN and
  ensure that user and group information is successfully
  searched.
  

Problem conclusion

• The "Configuring Lightweight Directory Access Protocol in a
  federated repository configuration" topic has been updated to
  solve this problem. The following note has been added to step 8:
  Note: To create LDAP queries or to browse, an LDAP client must
  bind to the LDAP server using the distinguished name (DN) of
  an account that has the authority to search and read the
  values of LDAP attributes, such as user and group information.
  The LDAP administrator ensures that read access privileges are
  set for the bind DN. Read access privileges allow access to
  the subtree of the base DN and ensure that searches of user
  and group information are successful.
  
  The directory server provides an operational attribute in each
  directory entry. For example, the IBM Directory Server uses
  ibm-entryUuid as the operational attribute. The value of this
  attribute is a universally unique identifier (UUID), which is
  chosen automatically by the directory server when the entry is
  added. The value is expected to be unique: no other entry with
  the same or different name would have this same value.
  Directory clients can use this attribute to distinguish
  objects that are identified by a distinguished name or to
  locate an object after renaming. Ensure that the bind
  credentials have the authority to read this attribute.
  
  Date that the information will be available externally to
  customers:
  Periodically, we update the documentation in our information
  centers. Thus, the changes might have been made before you
  read this text. To access the latest on-line documentation,
  complete the following steps:
  1. Go to the product library page at the following Web site:
  http://www.ibm.com/software/webservers/appserv/library
  2. Locate the appropriate version and product.
  3. Under "Documentation - Information center format", click
  the appropriate link. In most cases, the WebSphere Application
  Server documentation is available in both an online version
  and in an IBM Eclipse Help System version. For more
  information on the IBM Eclipse Help system, see the following
  Web site: http://www.alphaworks.ibm.com/tech/iehs
  
  The modified documentation will be available in the August
  2007 update to the information centers.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels