APAR status
Closed as documentation error.
Error description
The Information Center for WebSphere Application Server Version 6.1 needs to contain documentation on the ibm-entryuuid field as it relates to federated repositories. This field needs to be returned from the Lightweight Directory Access Protocol (LDAP) server. It is part of the system attributes. The bind distinguished name (DN) must have read access to system attributes.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: This APAR affects users of WebSphere * * Application Server version 6.1 that * * require additional information to * * configure a Lightweight Directory Access * * Protocol (LDAP) server in a federated * * repository configuration. * **************************************************************** * PROBLEM DESCRIPTION: The Information Center for WebSphere * * Application Server Version 6.1 does * * not completely describe the process * * to configure a Lightweight Directory * * Access Protocol (LDAP) server in a * * federated repository configuration. * * * * The current documentation does not * * describe how to return specific * * search results from an LDAP server. * * A connection is not properly * * established or configured from the * * gateway server to the LDAP server. * * The user can successfully bind to * * an LDAP server, but cannot * * successfully search for users as * * expected. * **************************************************************** * RECOMMENDATION: * * * **************************************************************** The documentation needs to indicate that when you configure an LDAP server in a federated repository configuration, the LDAP administrator needs to ensure that read access privileges are set for the bind distinguished name (DN). These read access privileges allow access to the subtree of the base DN and ensure that user and group information is successfully searched.
Problem conclusion
The "Configuring Lightweight Directory Access Protocol in a federated repository configuration" topic has been updated to solve this problem. The following note has been added to step 8: Note: To create LDAP queries or to browse, an LDAP client must bind to the LDAP server using the distinguished name (DN) of an account that has the authority to search and read the values of LDAP attributes, such as user and group information. The LDAP administrator ensures that read access privileges are set for the bind DN. Read access privileges allow access to the subtree of the base DN and ensure that searches of user and group information are successful. The directory server provides an operational attribute in each directory entry. For example, the IBM Directory Server uses ibm-entryUuid as the operational attribute. The value of this attribute is a universally unique identifier (UUID), which is chosen automatically by the directory server when the entry is added. The value is expected to be unique: no other entry with the same or different name would have this same value. Directory clients can use this attribute to distinguish objects that are identified by a distinguished name or to locate an object after renaming. Ensure that the bind credentials have the authority to read this attribute. Date that the information will be available externally to customers: Periodically, we update the documentation in our information centers. Thus, the changes might have been made before you read this text. To access the latest on-line documentation, complete the following steps: 1. Go to the product library page at the following Web site: http://www.ibm.com/software/webservers/appserv/library 2. Locate the appropriate version and product. 3. Under "Documentation - Information center format", click the appropriate link. In most cases, the WebSphere Application Server documentation is available in both an online version and in an IBM Eclipse Help System version. For more information on the IBM Eclipse Help system, see the following Web site: http://www.alphaworks.ibm.com/tech/iehs The modified documentation will be available in the August 2007 update to the information centers.
Temporary fix
Comments
APAR Information
APAR number
PK50929
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
61W
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-08-13
Closed date
2007-08-23
Last modified date
2007-09-09
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
26 May 2020