IBM Support

PI31876: ADD VMM API "CLEARIDMGRUSERFROMCACHE" TO ALLOW EXPLICIT CLEARING OF VMM ATTRIBUTE CACHE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When using federated repositories with LDAP, after changing a
    user's password, old attributes remain cached in VMM attribute
    cache. So even after logging in with the new password, the
    "old" attributes can be consulted due to matching externalID
    value.
    
    WAS 8 has an API "clearIdMgrUserFromCache" which allows the
    explicit clearing of VMM attribute cache. This functionality is
    now being backported to WAS 7.
    
    clearIdMgrUserFromCache command
    http://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-
    us/SSAW57_8.0.0/com.ibm.websphere.wim.doc/clearidmgruserfromcach
    ecommand.html
    

Local fix

  • Use WebSphere 8 or newer which includes the VMM API
    clearIdMgrUserFromCache.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server                                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Back port clear cache functionality     *
    *                      for LDAP adapter on V7.0 for            *
    *                      Federated repositories.                 *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Virtual member manager (VMM) handles cache for LDAP data. Data
    remains in the cache until the cache time out is reached. This
    feature will provide a CLI and extra parameters in existing
    CLIs to clear the cache.
    

Problem conclusion

  • This feature gives a command line interface to clear the LDAP
    cache. This will provide the following two CLIs to clear the
    caches - clearIdMgrRepositoryCache and clearIdMgrUserFromCache.
    
    $AdminTask clearIdMgrRepositoryCache { -id <repo_id> }
    $AdminTask clearIdMgrUserFromCache {-principalName login_ID}
    
    Also existing CLIs like getUser,getGroup,searchUser and
    searchGroup have an extra parameter for clearCache.
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.39.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI31876

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-12-19

  • Closed date

    2015-05-29

  • Last modified date

    2015-05-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PI31876

Modified date: 29 May 2015