IBM Support

IT42678: FAILING TO BIND TO LDAP MESSAGE SHOWS INCORRECT USERNAME

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • BIP2721 Message for Failing to Bind to LDAP server(s)
(CommunicationException) incorrectly displays the wrong Username
when certain exceptions are raised.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
All Users of IBM App Connect Enterprise V10, V11 and V12 who use
LDAP for Authentication


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
When a CommunicationException occurs while failing to bind to
LDAP server(s), the BIP2721 message displays incorrect UserName.
For example,  when checking User/Password combinations against
LDAP, certain Exceptions cause logs of the form -

2022-03-03 16:46:30.949116    2246  UserTrace  BIP2736I:
Preparing to bind to LDAP server(s) in the order
'[ldaps://an.ldap.server:12345]', using username
'cn=internal_id,OU=SystemUsers,OU=NP,DC=dev,DC=ghi,DC=def,DC=abc
' and the associated password.
The LDAP security provider is performing LDAP bind using
username
('cn=internal_id,OU=SystemUsers,OU=NP,DC=dev,DC=ghi,DC=def,DC=ab
c'). If you have specified alternateServers, the connection will
be attempted in the order '[ldaps://an.ldap.server:12345]'.
Success of this bind will guarantee the authenticity of the
password of username
('cn=internal_id,OU=SystemUsers,OU=NP,DC=dev,DC=ghi,DC=def,DC=ab
c').
No action is required.

2022-03-03 16:46:30.949410    2246
MbLDAPSecurityProvider.authenticate
file:/build/jenkins_swg/slot0/product-build/WMB/src/DataFlowEngi
ne/NativeTrace/ImbNativeTrace.cpp line:220 message:2721.BIPmsgs,
'Unable to connect to LDAP server(s) using Broker credentials',
'[ldaps://an.ldap.server:12345]',
'CN=broker_ldapread,OU=SystemUsers,OU=NP,DC=dev,DC=ghi,DC=def,DC
=abc', 'javax.naming.CommunicationException:
an.ldap.server:12345 Nested Cause: class
java.net.SocketException java.lang.IllegalArgumentException:
password can't be null Nested Cause: class
java.lang.IllegalArgumentException password can't be null'

2022-03-03 16:46:30.949410    2246  UserTrace  BIP2721E: Failed
to bind to the LDAP server(s) '[ldaps://an.ldap.server:12345]'
with user name
'CN=broker_ldapread,OU=SystemUsers,OU=NP,DC=dev,DC=ghi,DC=def,DC
=abc'. Possible explanation:
javax.naming.CommunicationException: an.ldap.server:12345 Nested
Cause: class java.net.SocketException
java.lang.IllegalArgumentException: password can't be null
Nested Cause: class java.lang.IllegalArgumentException password
can't be null

where the Correct username is "internal_id" but the later Error
messages show "broker_ldapread". While this is also valid for
that particular Integration Server, it is not actually used
during the activity that caused the Exception! So, the Insert
for BIP2721 Message in the CommunicationException case is not
correct.

    



Problem conclusion


    

  • The Product has been modified to show the Correct UserName when
BIP2721 Message is generated while Authenticating with LDAP

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v10.0      10.0.0.26
v11.0      11.0.0.18
v12.0      12.0.4.0

The latest available maintenance can be obtained from:
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041

If the maintenance level is not yet available,information on
its planned availability can be found on:
http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT42678
    • 

  • Reported component name
    APP CONNECT ENT
    • 

  • Reported component ID
    5724J0550
    • 

  • Reported release
    B00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-12-09
    • 

  • Closed date
    2023-07-28
    • 

  • Last modified date
    2023-07-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    APP CONNECT ENT
    • 

  • Fixed component ID
    5724J0550
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSDR5J","label":"IBM App Connect Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B00","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            29 July 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback