IBM Support

Unable to create user when populating Email field

Troubleshooting


Problem

After configuring WebSphere® Portal security with LDAP, you are unable to create a new user via the "Edit My Profile" portlet when populating the "Email" field. You receive one of the following error messages in the browser: [] EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Entry (cn=test user,o=ibm) failed schema check]; remaining name 'cn=test user,o=ibm'; resolved object com.sun.jndi.ldap.LdapCtx@3d4e3d4e' naming exception occurred during processing. [] or [] EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - Undefined Attribute Type]; remaining name ''; resolved object com.sun.jndi.ldap.LdapCtx@59025902' naming exception occurred during processing. [] or [] ... LdapConnectio 1 com.ibm.ws.wim.adapter.ldap.LdapConnection createSubcontext Exception caught: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772\u0000]; Remaining name: 'uid=user1,dc=ibm,dc=com' [] If you leave the Email field blank, the user is created successfully.

Cause

Email attribute is not mapped between WebSphere Portal and LDAP. While the CWWIM4520E message code should be the same, the LDAP error may differ based on LDAP server type.

Environment


Configuring stand-alone LDAP security with WebSphere Portal. However, this situation can potentially occur in federated security scenarios as well.

Diagnosing The Problem


The WebSphere Portal Information Center instructions on setting up LDAP security state that the following task should be executed:

ConfigEngine wp-validate-standalone-ldap-attribute-config



If the ConfigTrace.log is reviewed after running this task, the following information is observed:

[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:


[wplc-validate-ldap-attribute-config] [groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, ibm-primaryEmail, parent, partyRoles, principalName, countryName, localityName]

Resolving The Problem


Based on the above information, the Information Center page Mapping Attributes should be referenced to at least map the ibm-primaryEmail attribute. The steps to update the email attribute are:

1) Edit <wp_root>/ConfigEngine/properties/wkplc.properties to include:

standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail
standalone.ldap.attributes.mapping.ldapName=mail


2) Run the attribute update task:

ConfigEngine.bat wp-update-standalone-ldap-attribute-config -DWasPassword=<password>



3) Restart the Portal server.

Now you should be able to create a user via the Edit my Profile portlet when populating the Email field.

[{"Product":{"code":"SS8KYD","label":"WebSphere Portal End of Support Products"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
11 February 2020

UID

swg21318616