Fixes are available
APAR status
Closed as program error.
Error description
User is not granted the required role when user cn has apostrophe in name. According to trace uid (saMaccount is shortname Principal: host.xxx.com:389/user1), but authorization failed to grant required role. example:- CN=X'LastName FirstName (apostrophe) This only happens on V6.1
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: When role mapping is being done by * * using AdminConsole, if access id of * * user/group ID contains single quote ' * * character, role assignment is not * * honored. * **************************************************************** * RECOMMENDATION: * **************************************************************** When role mapping is being done by using AdminConsole, if access id of user/group ID contains a single quote ' character, role assignment is not honored. This means that even user or group names are mapped to a specific role, as long as user or group ID contains single quote character, this user id or group id won't be mapped any role while constructing the authorization table during initialization. This issue happens while selecting a user or group id from the list when role is being assigned, if this string contains single quote character, it is escaped by "'" to make this character displayed properly in a MLE object. However, after selection is made, there is no code to unescape it, therefore, the escaped character is stored in ibm-application-bind.xmi file. Since this escaped string is not identical as an accessid which user registry returns, object not found exception is caught during constructing authrization table.
Problem conclusion
With this fix, the escaped characters are replaced by single quote character upon updating the authorization table in the application deployment descriptor. Note that this issue is observed in version 6.1 only. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.43. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM53919
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
61W
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-12-08
Closed date
2011-12-30
Last modified date
2011-12-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
28 October 2021