IBM Support

PM78381: MANUAL EDITS TO WIMCONFIG.XML ARE REMOVED WHEN NEW IPS ARE ADDED TO ACTIVE DIRECTORY REPOSITORY.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When following the directions outlined "Authenticating users
    with LDAP registries in to Microsoft Active Directory forest"
    http://www14.software.ibm.com/webapp/wsbroker/redirect?version=c
    ompass&product=was-express-dist&topic=tsec_was_ad_filter
    
    It is necessary to add the attribute userPrincipalName in the
    wimconfig.xml manually
    
    <config:attributes name = "userPrincipalName" propertyName =
    "cn">
    <Config:entityTypes > PersonAccount < / config: entityTypes>
    < / Config: attributes >
    
    If someone then adds a new IP in the Active Directory
    repository configuration, the manually added attributes (like
    userPrincipalName) are inadvertently removed from the
    winconfig.xml leading to errors like:
    
    Failed:com.ibm.websphere.security.PasswordCheckFailedException
    CWWIM4537E No principal is found from the "xxxxx@company.com"
    principal name
    

Local fix

  • Login into the wsadmin prompt, make suitable changes to VMM
    configuration, save changes and exit. Re-start the servers and
    login into ISC console (using either an existing browser
    window/session or a new windows). Validate all manual entries
    still exist in wimconfig.xml.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V7.0 using the                       *
    *                  administrative console to map property      *
    *                  names to LDAP attributes                    *
    ****************************************************************
    * PROBLEM DESCRIPTION: When the same name is used to map to    *
    *                      multiple attributes, the                *
    *                      administrative console does not         *
    *                      uniquely identify the entries.          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In the collection list, the internal identifier is not unique
    when the same name is used. This causes unpredictable result
    when attempting to edit or delete one of the duplicates.
    

Problem conclusion

  • Added information to the internal identifier so the
    entries are unique.
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.29.
    Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    Please note PM78339 includes the equivalent change for V8.0
    and above.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM78381

  • Reported component name

    WAS EXPRESS

  • Reported component ID

    5724I6300

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-12-04

  • Closed date

    2012-12-17

  • Last modified date

    2013-07-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS EXPRESS

  • Fixed component ID

    5724I6300

Applicable component levels

  • R700 PSY

       UP



Document information

More support for: WebSphere Application Server - Express
General

Software version: 7.0

Reference #: PM78381

Modified date: 25 July 2013