LO56114: SSO BETWEEN ST MEETING SERVER AND ST COMMUNITY SERVER DOESN'T WORK WITH BLANK BASE DN
Closed as unreproducible.
ENV: Sametime 8.5.1: ST System Console 8.5.1 ST Meeting Server 8.5.1 ST Community Server 8.5.1 Domino LDAP SSO between ST Meeting Server and ST Community Server doesn't work when empty base DN is set in ST Meeting Server (WAS) federated repository. SSO only works in one way. SSO doesn't work in the direction of ST Community -> ST Meeting. - Customer followed InfoCenter link to import ST Meeting Server WAS key to Sametime Community Server web sso document: http://publib.boulder.ibm.com/infocenter/sametime/v8r5/index.jsp ?topic=/ com.ibm.help.sametime.v85.doc/config/config_st_sec_import_ltpake ys.html - As customer is using Sametime 8.5.1 that supports blank base DN, and customer Domino LDAP do use flat groups, in ST Meeting server LDAP repository settings, customer set the following: - "Distinguished name of a base entry that uniquely identifies this set of entries in the realm" to "o=CompanyA" - "Distinguished name of a base entry in this repository" to blank - SSO works if user signs in ST Meeting server then switch to STCenter URL. - SSO fails if user signs in STCenter then switch to ST Meeting URL. "Anonymous" is shown in ST Meeting page. - Checked SystemOut.log, following errors found: ... [11/3/10 12:01:26:950 GMT+08:00] 0000002f LTPAServerObj E SECJ0373E: Cannot create credential for the user <null> due to failed validation of the LTPA token. The exception is com.ibm.websphere.wim.exception.EntityNotFoundException: CWWIM4527E The LDAP entry 'CN=UserA,OU=TestOU' was not found: 'javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; Remaining name: 'CN=UserA,OU=TestOU'; Resolved object: 'com.sun.jndi.ldap.LdapCtx@51335133''. ... The user actual DN is 'CN=UserA,OU=TestOU,O=CompanyA', but it seemed the base DN "o=CompanyA" got stripped off, user DN became 'CN=UserA,OU=TestOU' and WAS was unable to authenticate this user. - Tested in lab (Sametime 8.5.1, Domino LDAP), by setting the blank base dn in the field "Distinguished name of a base entry in this repository", I was able to reproduce the same issue.
This APAR is associated with SPR# YXIO8AZ9T2. The change team could not reproduce the problem or determined that the problem has already been corrected.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Applicable component levels
Translate this page: