IBM Support

Unable to create user when populating Email field



After configuring WebSphere® Portal security with LDAP, you are unable to create a new user via the "Edit My Profile" portlet when populating the "Email" field. You receive one of the following error messages in the browser: [] EJPSG0015E: Data Backend Problem CWWIM4520E The ' [LDAP: error code 65 - Entry (cn=test user,o=ibm) failed schema check]; remaining name 'cn=test user,o=ibm'; resolved object com.sun.jndi.ldap.LdapCtx@3d4e3d4e' naming exception occurred during processing. [] or [] EJPSG0015E: Data Backend Problem CWWIM4520E The ' [LDAP: error code 17 - Undefined Attribute Type]; remaining name ''; resolved object com.sun.jndi.ldap.LdapCtx@59025902' naming exception occurred during processing. [] or [] ... LdapConnectio 1 createSubcontext Exception caught: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772\u0000]; Remaining name: 'uid=user1,dc=ibm,dc=com' [] If you leave the Email field blank, the user is created successfully.


Email attribute is not mapped between WebSphere Portal and LDAP. While the CWWIM4520E message code should be the same, the LDAP error may differ based on LDAP server type.


Configuring stand-alone LDAP security with WebSphere Portal. However, this situation can potentially occur in federated security scenarios as well.

Diagnosing The Problem

The WebSphere Portal Information Center instructions on setting up LDAP security state that the following task should be executed:

ConfigEngine wp-validate-standalone-ldap-attribute-config

If the ConfigTrace.log is reviewed after running this task, the following information is observed:

[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:

[wplc-validate-ldap-attribute-config] [groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, ibm-primaryEmail, parent, partyRoles, principalName, countryName, localityName]

Resolving The Problem

Based on the above information, the Information Center page Mapping Attributes should be referenced to at least map the ibm-primaryEmail attribute. The steps to update the email attribute are:

1) Edit <wp_root>/ConfigEngine/properties/ to include:


2) Run the attribute update task:

ConfigEngine.bat wp-update-standalone-ldap-attribute-config -DWasPassword=<password>

3) Restart the Portal server.

Now you should be able to create a user via the Edit my Profile portlet when populating the Email field.

[{"Product":{"code":"SS8KYD","label":"WebSphere Portal End of Support Products"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
11 February 2020