PK42672: SECURITY WILL MAKE MULTIPLE LDAP CALLS WHEN LDAP HOSTNAME IS MAPPED WITH MULTIPLE IP ADDRESSES.

Fixes are available

6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for i5/OS
6.1.0.13 WebSphere Application Server V6.1 Fix Pack 13 for AIX
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for i5/OS
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for AIX platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for HP-UX platforms
6.1.0.15 WebSphere Application Server V6.1 Fix Pack 15 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for HP-UX
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for OS/400 platform
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for i5/OS
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for HP-UX
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Solaris
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Windows platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Linux
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for AIX platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for HP-UX platforms
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for HP-UX
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Solaris
6.1.0.17: WebSphere Application Server V6.1 Fix Pack 17 for Windows
6.1.0.17 WebSphere Application Server V6.1 Fix Pack 17 for AIX
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Solaris
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Linux
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for OS/400 platform
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for AIX platforms
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Solaris
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for i5/OS
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Windows
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Solaris
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Windows
6.1.0.11 WebSphere Application Server V6.1 Fix Pack 11 for AIX
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Linux platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Solaris platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Windows platforms
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for HP-UX
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for AIX platforms
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for Windows platforms
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for AIX
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Solaris
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Windows platforms
6.1.0.13: WebSphere Application Server V6.1 Fix Pack 13 for Linux
6.1.0.11: WebSphere Application Server V6.1 Fix Pack 11 for Linux
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for HP-UX platforms
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for AIX platforms
6.0.2.27: WebSphere Application Server V6.0.2 Fix Pack 27 for Linux platforms
6.0.2.21: WebSphere Application Server V6.0.2 Fix Pack 21 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Windows platforms
V6.0.2: Java SDK 1.4.2 SR13 Cumulative Fix for IBM WebSphere Application Server
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Linux platforms
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Windows
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Solaris
6.0.2.29: WebSphere Application Server V6.0.2 Fix Pack 29 for HP-UX platforms
6.0.2.25: WebSphere Application Server V6.0.2 Fix Pack 25 for Windows platforms
6.0.2.33: WebSphere Application Server V6.0.2 Fix Pack 33 for AIX platforms
6.1.0.19 WebSphere Application Server V6.1 Fix Pack 19 for AIX
6.1.0.15: WebSphere Application Server V6.1 Fix Pack 15 for Windows
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for HP-UX
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Linux
6.1.0.19: WebSphere Application Server V6.1 Fix Pack 19 for Solaris
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
V6.0.2: Java SDK 1.4.2 SR11 Cumulative Fix for IBM WebSphere Application Server
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Solaris
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for AIX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for HP-UX platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for Linux platforms
6.0.2.31: WebSphere Application Server V6.0.2 Fix Pack 31 for OS/400 platform
6.1.0.23 WebSphere Application Server V6.1 Fix Pack 23 for i5/OS
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for HP-UX
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Windows
6.1.0.21 WebSphere Application Server V6.1 Fix Pack 21 for i5/OS
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Solaris
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for Linux
6.1.0.21: WebSphere Application Server V6.1 Fix Pack 21 for AIX
6.1.0.23 WebSphere Application Server V6.1 Fix Pack 23 for AIX
Java SDK 1.5 SR9 Cumulative Fix for WebSphere Application Server
6.0.2.33: WebSphere Application Server V6.0.2 Fix Pack 33 for Windows platforms
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Windows
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Solaris
6.0.2.33: WebSphere Application Server V6.0.2 Fix Pack 33 for Linux platforms
6.0.2.33: WebSphere Application Server V6.0.2 Fix Pack 33 for HP-UX platforms
V6.0.2: Java SDK 1.4.2 SR12 Cumulative Fix for IBM WebSphere Application Server
6.0.2.33: WebSphere Application Server V6.0.2 Fix Pack 33 for Solaris
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for Linux
6.1.0.23: WebSphere Application Server V6.1 Fix Pack 23 for HP-UX
6.0.2.23: WebSphere Application Server V6.0.2 Fix Pack 23 for Linux platforms
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for HP-UX platforms
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for Linux platforms
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for AIX platforms
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for Solaris
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for Windows platforms
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Linux
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for i5/OS
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for HP-UX
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for AIX
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Solaris
6.0.2.35: WebSphere Application Server V6.0.2 Fix Pack 35 for OS/400 platform
6.1.0.25: WebSphere Application Server V6.1 Fix Pack 25 for Windows
Java SDK 1.5 SR9 Cumulative Fix for WebSphere Application Server
6.0.2.37: WebSphere Application Server V6.0.2 Fix Pack 37 for HP-UX platforms
6.0.2.37: WebSphere Application Server V6.0.2 Fix Pack 37 for AIX platforms
6.0.2.37: WebSphere Application Server V6.0.2 Fix Pack 37 for Solaris
6.0.2.37: WebSphere Application Server V6.0.2 Fix Pack 37 for Windows platforms
6.0.2.37:Java SDK 1.4.2 SR13 Cumulative Fix for IBM WebSphere Application Server
6.0.2.37: WebSphere Application Server V6.0.2 Fix Pack 37 for Linux platforms
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for i5/OS
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for AIX
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Windows
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for HP-UX
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Solaris
6.0.2.39: WebSphere Application Server V6.0.2 Fix Pack 39 for HP-UX platforms
6.0.2.39: WebSphere Application Server V6.0.2 Fix Pack 39 for AIX platforms
6.0.2.39: WebSphere Application Server V6.0.2 Fix Pack 39 for Solaris
6.0.2.39: WebSphere Application Server V6.0.2 Fix Pack 39 for Windows platforms
6.0.2.39:Java SDK 1.4.2 SR13 FP2 Cumulative Fix for WebSphere Application Server
6.0.2.39: WebSphere Application Server V6.0.2 Fix Pack 39 for Linux platforms
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Linux
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for AIX
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for HP-UX platforms
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for AIX platforms
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Solaris
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Windows platforms
6.0.2.41:Java SDK 1.4.2 SR13 FP4 Cumulative Fix for WebSphere Application Server
6.0.2.41: WebSphere Application Server V6.0.2 Fix Pack 41 for Linux platforms
6.1.0.31: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for HP-UX
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Linux
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Windows
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Solaris
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for Linux
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for OS/400 platform
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for HP-UX platforms
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for AIX
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Solaris
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Windows platforms
6.0.2.43:Java SDK 1.4.2 SR13 FP5 Cumulative Fix for WebSphere Application Server
6.0.2.43: WebSphere Application Server V6.0.2 Fix Pack 43 for Linux
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for AIX
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for HP-UX
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for i5/OS
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Solaris
6.1.0.29: WebSphere Application Server V6.1 Fix Pack 29 for Windows
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for i5/OS
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Solaris
6.1.0.31: WebSphere Application Server V6.1 Fix Pack 31 for Windows
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for AIX
6.1.0.33: WebSphere Application Server V6.1 Fix Pack 33 for HP-UX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for AIX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for HP-UX
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for i5/OS
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Linux
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Solaris
6.1.0.35: WebSphere Application Server V6.1 Fix Pack 35 for Windows
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: WebSphere Application Server V6.1 Fix Pack 37
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: WebSphere Application Server V6.1 Fix Pack 39
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: WebSphere Application Server V6.1 Fix Pack 41
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: WebSphere Application Server V6.1 Fix Pack 43
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: WebSphere Application Server V6.1 Fix Pack 45
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for HP-UX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Linux
6.1.0.27: WebSphere Application Server V6.1 Fix Pack 27 for Linux

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When single LDAP hostname is mapped to multiple IP address in
    network configuration,
    If invalid password is entered at the time of login,
    WebSphere makes LDAP bind retries as many times as (number of
    associated ip addresses + 1)
    This may cause LDAP account lockout.
    
    Impact : One invalid logon can cause LDAP account lockout.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  WebSphere Application Server users of       *
    *                  Lightweight Directory Access Protocol       *
    *                  (LDAP)                                      *
    *                  user registries                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: One login try with an incorrect         *
    *                      password causes an LDAP user account    *
    *                      lockout.                                *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When a single LDAP hostname is mapped to multiple IP addresses
    in a network configuration, if an invalid password is
    entered at the time of login, Application Server retries
    LDAP bind as many times as (number of associated ip
    addresses + 1) This may cause an LDAP account lockout.
    

Problem conclusion

  • The following custom properties are introduced to prevent the
    issue from happening. It depends on the LDAP failover
    configuration to choose which property to use.
    
    1. If LDAP failover is configured by registering backend LDAP
    server hostnames using wsadmin command, set the following
    property to true by going Security->User Registries -> LDAP ->
    Custom Properties in the administrative console
    
    com.ibm.websphere.security.ldap.retryBind
    
    If this property is set to false, Application Server does not
    retry LDAP bind calls. The default value for this property is
    true.
    
    2. If LDAP failover is configured by associating hostname
    with mutlipe ip addresses using network configuration, set the
    following property to false by going Security-> User
    Registries -> LDAP -> Custom Properties in the administrative
    console.
    
    com.ibm.websphere.security.registry.ldap.singleLDAP
    
    If this property is set to true, Application Server does not
    resolve an LDAP hostname to multiple IP addressed. The default
    value for this property is false.
    
    The fix for this APAR is currently targeted for inclusion
    in fixpacks 6.0.2.21 and 6.1.0.11.
    Please refer to the recommended updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK42672

  • Reported component name

    WEBSPH APP SERV

  • Reported component ID

    5724J0800

  • Reported release

    60W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-04-04

  • Closed date

    2007-05-21

  • Last modified date

    2012-02-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PK45229

Modules/Macros

  • SECURITY
    

Fix information

  • Fixed component name

    WEBSPH APP SERV

  • Fixed component ID

    5724J0800

Applicable component levels

  • R60A PSY

       UP

  • R60H PSY

       UP

  • R60I PSY

       UP

  • R60P PSY

       UP

  • R60S PSY

       UP

  • R60W PSY

       UP

  • R60Z PSY

       UP

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Application Server
General

Software version:

6.0

Reference #:

PK42672

Modified date:

2012-02-01

Translate my page

Machine Translation

Content navigation