A fix is available
APAR status
Closed as program error.
Error description
Environment: - Operating System: Windows - Product name: ClearQuest Web - Product Version: 7.0.1.1 Description of problem: When an LDAP-enabled user enters a wrong password in ClearQuest Web, CQ tries to authenticate the user twice. The native client only does one attempt. The specific problem is with LDAP setups where a password policy is in place that locks a user's account if the password is entered incorrectly 3 times or so. With such a setting, only two wrong attempts would already lock the user's account (because there were three attempts) even though there's really only been two attempts In the native client there's only one attempt of authentication. Step to reproduce: - Configure CQ for LDAP - Set tracing with AUTHMODE flag - Set $LDAP_DEBUG=1 and $LDAP_DEBUG_FILE=C:\ldap_trace.txt - Try to log in with an incorrect password in CQ Web If you look at tracing and the LDAP_DEBUG_FILE, you will see tha t there's actually two attempts of authentication against the LD AP server. Workaround: None known
Local fix
Problem summary
The CQ UserLogon method sometimes fails when the database registry hasn't been populated yet. CQ API logon methods fail the first time it tries to logon will always try again regardless of the actual cause of the first failure. Before trying again it refreshes the dbset's registrations. So even if the first failure was caused by an invalid LDAP login, it will try again. We have changed the code to proactively check the db registry and refresh it if necessary, and the CQ API logons no longer try twice.
Problem conclusion
A fix is available in ClearQuest 7.0.0.6, 7.0.1.5, and 7.1.0.2.
Temporary fix
Comments
APAR Information
APAR number
PK74842
Reported component name
CLEARQUEST UNIX
Reported component ID
5724G3601
Reported release
701
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-10-31
Closed date
2009-06-22
Last modified date
2009-06-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARQUEST UNIX
Fixed component ID
5724G3601
Applicable component levels
R701 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
22 June 2009