Patch Name: PHSS_28833

Patch Description: s700_800 11.X OV SIP3.0 Prevent blank passwords

Creation Date: 03/03/10

Post Date: 03/03/18

Hardware Platforms - OS Releases:
	s700: 11.00 11.11
	s800: 11.00 11.11

Products:
	OpenView Service Information Portal 3.0

Filesets:
	HPOVSIP.OVSIP,fr=B.01.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical: No

Category Tags:
	defect_repair general_release

Path Name: /hp-ux_patches/s700_800/11.X/PHSS_28833

Symptoms:
	PHSS_28833:
	If the LDAP server is configured to allow anonymous bind
	then a SIP user can log in by leaving the password field
	blank.

	PHSS_28082:
	When SIP is configured to use Microsoft SiteServer as its
	LDAP server, SIP fails to authenticate, instead it hangs
	when trying to connect to the LDAP server.

Defect Description:
	PHSS_28833:
	There was no check for blank passwords in the LDAP code
	Resolution:
	A check for blank password has been added.

	PHSS_28082:
	SIP implementation of LDAP attempts to bind to the LDAP
	server using default version ie. it uses LDAP version 3.
	If this attempt fails then it fails over to LDAP version 2.
	SiteServer however supports only version 2 and does not
	return any error messages when connected using version 3.
	This causes SIP to hang.
	Resolution:
	LDAPAuthenticationProvider has been enhanced so that now
	the user can specify which version of LDAP to use while
	connecting to the LDAP server. Thus for connecting to a
	SiteServer, the user can specify version 2 in the LDAP.xml
	file.

Enhancement:
	No

SR:
	8606285946 8606245602

Patch Files:
	
	HPOVSIP.OVSIP,fr=B.01.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/opt/OV/SIP/conf/share/authentication/LDAP/LDAP.dtd
	/opt/OV/SIP/webapps/ovportal/WEB-INF/classes/com/hp/ov/
		portal/security/LDAPAuthenticationProvider.class

what(1) Output:
	
	HPOVSIP.OVSIP,fr=B.01.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/opt/OV/SIP/conf/share/authentication/LDAP/LDAP.dtd:
		None
	/opt/OV/SIP/webapps/ovportal/WEB-INF/classes/com/hp/ov/
		portal/security/LDAPAuthenticationProvider.class:
		None

cksum(1) Output:
	
	HPOVSIP.OVSIP,fr=B.01.00,fa=HP-UX_B.11.00_32/64,v=HP:
	3957085345 10234 /opt/OV/SIP/webapps/ovportal/WEB-INF/
		classes/com/hp/ov/portal/security/
		LDAPAuthenticationProvider.class
	1812099995 508 /opt/OV/SIP/conf/share/authentication/LDAP/
		LDAP.dtd

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHSS_28082 

Equivalent Patches:
	OVSIPSOL_00017:
	sparcSOL: 2.6 2.7 2.8

	OVSIPNT_00016:
	intelWIN2000: 1.00

Patch Package Size: 40 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHSS_28833

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHSS_28833.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHSS_28833.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHSS_28833.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHSS_28833.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHSS_28833.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions:
	========================================================
	BEFORE LOADING THIS PATCH...
	- Stop the Tomcat server.
	- If you want to reinstall SIP, then you will have to
	  remove the patch. Once the re-install is over you
	  can apply the patch again.

	NOTE : Tomcat is not started after the patch is loaded
	       You will need to manually start it.
	       Also, in order to keep a history of the patches
	       installed on your system the post-install script
	       will attempt to copy this <patch_name>.text file
	       to /opt/OV/SIP/patches.  Please make
	       sure this file is in /tmp before installation.
	========================================================