IBM Support

PK74842: ClearQuest Web attempts to authenticate an LDAP-enabled user 3x if password is incorrect

A fix is available

Rational ClearQuest Fix Pack (7.1.0.2) for version 7.1

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Environment:
- Operating System: Windows
- Product name: ClearQuest Web
- Product Version: 7.0.1.1
Description of problem:
When an LDAP-enabled user enters a wrong password in ClearQuest
Web, CQ tries to authenticate the user twice. The native client
only does one attempt. The specific problem is with LDAP setups
where a password policy is in place that locks a user's account
if the password is entered incorrectly 3 times or so. With such
a setting, only two wrong attempts would already lock the user's
 account (because there were three attempts) even though there's
 really only been two attempts
In the native client there's only one attempt of authentication.
Step to reproduce:
- Configure CQ for LDAP
- Set tracing with AUTHMODE flag
- Set $LDAP_DEBUG=1 and $LDAP_DEBUG_FILE=C:\ldap_trace.txt
- Try to log in with an incorrect password in CQ Web
If you look at tracing and the LDAP_DEBUG_FILE, you will see tha
t there's actually two attempts of authentication against the LD
AP server.
Workaround:
None known

Local fix

  • 



Problem summary


    

  • The CQ UserLogon method sometimes fails when the database
registry hasn't been populated yet. CQ API logon methods
fail the first time it tries to logon will always try again
regardless of the actual cause of the first failure. Before
trying again it refreshes the dbset's registrations. So even
if the first failure was caused by an invalid LDAP login, it
will try again.

We have changed the code to proactively check the db
registry and refresh it if necessary, and the CQ API logons
no longer try twice.

    



Problem conclusion


    

  • A fix is available in ClearQuest 7.0.0.6, 7.0.1.5, and
7.1.0.2.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK74842
    • 

  • Reported component name
    CLEARQUEST UNIX
    • 

  • Reported component ID
    5724G3601
    • 

  • Reported release
    701
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2008-10-31
    • 

  • Closed date
    2009-06-22
    • 

  • Last modified date
    2009-06-22
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    CLEARQUEST UNIX
    • 

  • Fixed component ID
    5724G3601
    • 



Applicable component levels


    

  • R701  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            22 June 2009
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback