Troubleshooting
Problem
After configuring WebSphere® Portal security with LDAP, you are unable to create a new user via the "Edit My Profile" portlet when populating the "Email" field. You receive one of the following error messages in the browser:
[]
EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Entry (cn=test user,o=ibm) failed schema check]; remaining name 'cn=test user,o=ibm'; resolved object com.sun.jndi.ldap.LdapCtx@3d4e3d4e' naming exception occurred during processing.
[]
or
[]
EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMSystemException:
CWWIM4520E The 'javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - Undefined Attribute Type]; remaining name '
Cause
Email attribute is not mapped between WebSphere Portal and LDAP. While the CWWIM4520E message code should be the same, the LDAP error may differ based on LDAP server type.
Environment
Configuring stand-alone LDAP security with WebSphere Portal. However, this situation can potentially occur in federated security scenarios as well.
Diagnosing The Problem
The WebSphere Portal Information Center instructions on setting up LDAP security state that the following task should be executed:
ConfigEngine wp-validate-standalone-ldap-attribute-config
If the ConfigTrace.log is reviewed after running this task, the following information is observed:
[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[wplc-validate-ldap-attribute-config] [groups, identifier, ibm-jobTitle, entitlementInfo, realm, viewIdentifiers, certificate, stateOrProvinceName, createTimestamp, modifyTimestamp, ibm-primaryEmail, parent, partyRoles, principalName, countryName, localityName]
Resolving The Problem
Based on the above information, the Information Center page Mapping Attributes should be referenced to at least map the ibm-primaryEmail attribute. The steps to update the email attribute are:
1) Edit <wp_root>/ConfigEngine/properties/wkplc.properties to include:
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail
standalone.ldap.attributes.mapping.ldapName=mail
2) Run the attribute update task:
ConfigEngine.bat wp-update-standalone-ldap-attribute-config -DWasPassword=<password>
3) Restart the Portal server.
Now you should be able to create a user via the Edit my Profile portlet when populating the Email field.
Related Information
Was this topic helpful?
Document Information
Modified date:
03 December 2021
UID
swg21318616