2

yesterday we installed fixpack 21 on our websphere application server 7.0. One of our java webapplications is using LDAP to authenticate users to let them access the website. Since we installed the fixpack we are unable to access our website. In the logfiles I get following error message:

javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'o=testsite.com,c=be' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:417) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:152) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:56) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:520) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at com.testsite.directory.core.DSProxy.getUserGroupsInContext(DSProxy.java:527) at com.testsite.directory.core.DSProxy.getAllGroups(DSProxy.java:569) at com.testsite.directory.core.IntranetUser.getUserProfile(IntranetUser.java:112) at com.testsite.intranet.security.common.UserProvider.getUser(UserProvider.java:22) at com.testsite.intranet.security.authenticator.Authenticator.checkUserAndPassword(Authenticator.java:220) at com.testsite.intranet.security.authenticator.Authenticator.checkWebsealAuthentication(Authenticator.java:137) at com.testsite.intranet.security.authenticator.Authenticator.getUser(Authenticator.java:271) at com.testsite.intranet.security.authenticator.AuthenticatorFilter.doFilter(AuthenticatorFilter.java:50) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116) at org.apache.myfaces.component.html.util.ExtensionsFilter.doFilter(ExtensionsFilter.java:122) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116) at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:934) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502) at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:179) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:557) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:607) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:984) at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1069) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)

Before the installation of the fixpack we didn't have this issue. I searched this specific error on internet but I didn't find anything that could be linked with the installation of the fixpack for WAS. Is there anyone who had the same issue or has any suggestions to make it work again?

Thanks in advance.

Tom

TomVerkest
  • 41
  • 3
  • 5

2 Answers2

1

The filter given in your response is an invalid search filter. The space ' ' after uniqueMember (before the =) is illegal in search filters. The ' ' after = is legal, however, it's probably not what is desired.

see also

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
  • When I look deeper in the logging I can see the filter is correct like you say => (uniquemember=uid=userid,ou=people,o=testsite.com,c=be) – TomVerkest Jun 06 '12 at 11:24
  • No it hasn't. But it worked before we installed the fixpack. So I'm looking for the reason why it isn't working anymore. – TomVerkest Jun 06 '12 at 11:35
  • It seems that your tip has made my code go a bit further. I still get the same error message, but at another point. I'll first take a look at what could be changed more. – TomVerkest Jun 06 '12 at 11:45
  • Seems like you have solved all my problems. So many thanks for this. So I think that there is a more strict check on these things with the new fixpack of websphere. I hope this can help some other people also who have this problem. – TomVerkest Jun 06 '12 at 12:03
1

We upgraded Websphere 7.0 Fixpack 11 to Fixpack 19 including of course the Java SDK. This gave us a hole set of errors on the applications using ldap searches. Seems like the new Java SDK has a much more strict parsing of ldap search filters than the old one. For instance we had search filters with unbalanced paranthesis and attribute names with illegal characters like p_number, which worked fine before the upgrade.

J. Schultz
  • 11
  • 1