PM85971: UNABLE TO CONNECT TO APPLICATION CENTER CONSOLE OR MANAGE ACLS WHEN USERS HAVE THE SAME LOGIN

APAR status

• Closed as program error.

Error description

• When several users have the same login name, two issues may
  occur:
  
  1) The users cannot connect to the Application Center console
  and get an  error message like: "user ... exists already".
  2) Restricting access to an application by checking "Access
  control enabled" doesn't work. When returning to the application
  list the application is still unrestricted.
  

Local fix

• If a user with the appcenteradmin role can connect to the
  console, the list of users that were at one time connected to
  the Application Center console or connected via a device can be
  visualized by clicking the Users/Groups tab and selecting
  Registered users.  Old users having the same login name as the
  current users can then be deleted.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED:  System administrators switching between     *
  *                  LDAP and non-LDAP configurations and their  *
  *                  mobile users.                               *
  ****************************************************************
  * PROBLEM DESCRIPTION: Users having the same login name may    *
  *                      not be able to connect to the           *
  *                      Application Center console and          *
  *                      instead receive an error message        *
  *                      indicating that the user already        *
  *                      exists, or, after succeeding to         *
  *                      connect, cannot restrict access to      *
  *                      applications. This is due to several    *
  *                      users having the same login name.       *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  This problem occurs when a non-LDAP configuration is used with
  local users and then LDAP security is configured at the
  application server level containing LDAP users with the same
  login names as the local users. The reverse case (switching
  from an LDAP security configuration to a non-LDAP one)
  provokes the same issues.
  

Problem conclusion

• The code has been modified so that the LDAP record becomes the
  primary source of information when LDAP security is configured
  and the non-LDAP record is the primary source when the basic
  registry is used.
  
  The fix for this APAR is currently targeted for inclusion in
  fixpack 5.0.6.1.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  WORKLIGHT CONSU

• Fixed component ID

  5725I4301

Applicable component levels

• R505 PSY

     UP

• R506 PSY

     UP