This README contains information about the IBM(R) WebSphere(R) Everyplace(R) Connection Manager Version 5.1.1.2 as well as any late-breaking information that was not available for printed publications. This product contains RSA encryption code. This product is supported on: o IBM AIX(R) 5.1 Maintenance Level 4 o IBM AIX 5.2 Maintenance Level 1 o IBM AIX Version 5.3 o July 2003 C++ Runtime PTF (xlC.aix50.rte.6.0.0.7) o Solaris 8, Solaris 9, and Trusted Solaris 8 o Linux(R) Red Hat Enterprise Linux 3.0 ES/AS, SuSE Linux Enterprise Server 8, SuSE 8.1, SuSE 8.2, or SuSE 9.0 To download AIX operating system fixes, see: http://www.ibm.com/servers/eserver/support/pseries _____________________________________________________________________________ Table of Contents 1.0 Product Description 2.0 Getting Help 3.0 Installing and Configuring 4.0 Late-breaking Information 5.0 Fixed Authorized Problem Analysis Reports (APARs) 6.0 Trademarks and Copyright _____________________________________________________________________________ 1.0 Product Description The IBM WebSphere Everyplace Connection Manager consists of the following components: o Connection Manager runtime environment. o Gatekeeper, a Java(TM) graphical user interface for managing and configuring the Connection Manager system and subsystems. o Access Manager used to support Gatekeeper access to the runtime environment and persistent data store. o Mobility Client, an optional interface that provides an optimized and secure IP tunnel for communication with the Connection Manager using a variety of wireless and wireline networks. _____________________________________________________________________________ 2.0 Getting Help Online help is available through the Gatekeeper and the Mobility Client. Also see the web site at: http://www.ibm.com/software/pervasive/ws_everyplace_connection_manager/support for more information and the latest updates. _____________________________________________________________________________ 3.0 Installing and Configuring 3.1 See the IBM WebSphere Everyplace Connection Manager Administrator's Guide for information about installing for the first time or applying maintenance. The guide is in portable document format (PDF) and you will need Adobe Acrobat Reader Version 3.0 or greater to display or print it. This guide is on installation CD 2 and is also located at http://publib.boulder.ibm.com/pvc/wecm/511/ _____________________________________________________________________________ 4.0 Late-breaking Information 4.1 If you are using Secure Hashing Algorithm (SHA) to store passwords in LDAP (the default for Netscape Directory), login sessions using the native PPP protocol and CHAP for authentication will fail. If this type of session is a requirement, use clear text for password storage. 4.2 New features for Version 5.1 o Dynamic transport profiles allowing recognition of the network type that Mobility Clients use and automatically applying tuning characteristics to achieve optimal performance. This feature simplifies the Mobility Client configuration and enhances the seamless roaming capability by automatically switching network specific performance settings when roaming occurs. o Improved ease of use in small environments using the Linux operating system for configuring mobile network interfaces (MNI) without the need for external routing updates and subnetwork assignments. By using dynamic host configuration protocol (DHCP) and proxy-ARP (address resolution protocol) technologies, after an address is reserved by the Connection Manager, ARP and route entries are automatically added to local system tables to give the address a presence on the network. o Improved ease of installation in smaller organizations, such as proof-of-concept environments. This feature includes an installation and configuration wizard that takes advantage of new configuration options for the mobile network interface. See IBM WebSphere Everyplace Connection Manager Quick Start Guide for more information. o Improved ease of use in configuring the access for Gatekeeper administrators as Super users or restricted to an access control list (ACL) profile. An ACL profile is a collection of ACLs that you assign to administrators to define their level of access to resources. o Enhanced wg_monitor command line utility used to view the packet flow through the Connection Manager to aid in debugging and gathering real time information on the active session table in memory of the wgated process. o Improved account troubleshooting to restrict message logging and filter it to display only an individual user ID or device. o Support for user administration portlets using WebSphere Portal Server version 5.0.2.1. o Changed installation paths for the Connection Manager. o The Connection Manager is enabled for use by IBM Tivoli License Manager. o Removed support for account lookup as a method of validating WAP clients. o Support for IBM Tivoli Directory Server version 5.2 o Support for IBM DB2 Universal Database Enterprise Edition version 8.1 with FixPak 2 or Oracle 9i. o New configuration properties for mobile access services include: - Whether or not a single user ID is permitted to sign-on multiple times from separate devices simultaneously. - Whether the Connection Manager sends a message to Mobility Clients that their sessions are terminated before the Connection Manager shuts down. o A new network management trap message (120289) is available for when the mobile session has roamed to a new device. o The device adapter name is now stored as a session database field. o Removed support for Microsoft Windows 98, Windows Me, and Windows NT for Gatekeeper and Mobility Clients. o Removed support for Mobility Clients using Handheld Pocket PC. o Added support for Symbian OS Mobility Clients using Sony Ericsson P900 devices. o Added support for Mobility Clients using Windows Mobile 2003 Second Edition. o The Mobility Client can be configured to check that certain programs are running, like antivirus or personal firewall software, before allowing the connection to start. This feature is not available on Palm OS or on the Sony Ericsson P900 device. o The Mobility Client can be configured to automatically start one or more programs after the initial connection successfully completes. On Palm OS, only one program can be configured to automatically start. This feature is not available on the Sony Ericsson P900 device. o Mobility Client configuration files can be exported and imported which gives an administrator the ability to set or change Mobility Client options, then distribute the new configuration to the client. The user imports the new configuration and accepts the changes. This feature is not available on the Sony Ericsson P900 device. o To aid in problem determination, Mobility Clients can automatically collect troubleshooting information during a connection attempt. This information aids in first failure data capture. This feature is not available on the Sony Ericsson P900 device. o The Mobility Client trace viewer is a free-standing window that displays trace messages and can be configured to close after the connection is successfully completed. This feature is not available on the Palm OS or on the Sony Ericsson P900 device. o Enhancements that enable WebSphere Everyplace Access version 5.0 clients to seamlessly start connections to the Connection Manager during the synchronization process. 4.3 Connection Manager locale The Connection Manager requires the English UTF-8 locale: on AIX it is EN_US.UTF-8, on Solaris it is en_US.UTF-8, and on Linux it is en_US.utf8. On the AIX operating system, obtain the English UTF-8 locale from the AIX installation media. 4.4 New DSS schema changes for Version 5.1 include: The objectclass wlUser has been changed to ibm-wlUser and the attributes renamed correspondingly: wlUser ibm-wlUser ------------------------------------------- oldpasswords -> passwordHistList trace -> ibm-wlIpTrace authreq -> ibm-wlAuthRequired ipaddr -> ipAddress lastfail -> ibm-wlLastFailed lastchg -> ibm-wlLastModified expire -> ibm-wlUserExpires locked -> isLocked admchg -> ibm-wlForceChange failed -> unsuccessfulLoginCount addresstype -> ibm-wlAssignmentType addresspool -> ibm-wlDhcpGroupRef devicepool -> ibm-wlDeviceRef mncauth -> ibm-wlMncRef ibm-deviceIdVerify -> ibm-wlVerifyDeviceID The following attributes were removed from wlUser and added to ibm-wlWapUser which is only attached if WAP is turned on and a non-default setting is needed: wlUser ibm-wlWapUser ------------------------------------------- hproxyauth -> ibm-wlproxyauth hproxyuserid -> ibm-wlproxyuserid hproxypassword -> ibm-wlproxypassword httpproxyport -> ibm-wlproxyport httpproxyaddr -> ibm-wlproxyaddr defwaphomepage -> ibm-wldefwaphomepage The new objectclass ibm-wlTransProfile includes new attributes of: cn Common name ibm-wlOtherOu Additional Organizational Units description Description tcpopt TCP protocol optimization ibm-wlEnableCompr Compress data ibm-wlReduceIpHdr Reduce IP headers retransttl TCP retransmit suppression timer ibm-wlBurstRate Packet burst rate minwindowsize Minimum TCP window size maxwindowsize TCP receive window size ibm-wlMaxPktSize Maximum TCP packet size ibm-wlMaxRetransmit Maximum number of retransmits ibm-wlsarbalance Balance size of PDU fragments fragttl Fragment time to live ibm-wltransmitdelay Outbound transmission delay (ms) ibm-wlbuffersize Maximum size of a multi-packet buffer ibm-wlminfree Minimum free space required to load packets ibm-wlpTcpSrvRef TCP-Lite service ibm-wlNegMTU Maximum Transmission Unit ibm-wlTransmitMTU Default MTU ibm-wlReceiveMTU Client MTU ibm-wlSpeed Data throughput rate ibm-wlFilterOther Filter other ports (protocol/port) ibm-wlFilterKnown Filter well-known ports ibm-wlLcpEcho WLP-LCP keepalive timer ibm-wlClientMP Enable client-side multi-packet buffering ibm-wlServerMP Enable server-side multi-packet buffering ibm-wlIpStackMtu Client IP stack MTU ibm-wlTcpInitialRTT TCP SYN retransmit interval (sec) ibm-wlackdelay TCP ACK delay (ms) ibm-wlIpForward Allow IP forwarding keywords Key words and phrases to match on These objectclasses: wlCm, ibm-wlWapServer, ibm-wlHttpService, ibm-wlApplService, and ibm-wlPassthruService include new attributes of: ibm-wlSSLFIPSMode Only use FIPS 140-2 approved ibm-wlSSLFIPSV3Ciphers V3 Ciphers ibm-wlSSLFIPSTLSCiphers TLS Ciphers ibm-wlSSLV2Ciphers V2 Ciphers ibm-wlSSLV3TLSCiphers V3 and TLS Ciphers A new objectclass named ibm-wlIpDataProfile which is derived from ibm-wlDataProfile and includes new attributes of: cn Common name ibm-wlOtherOu Additional Organizational Units description Description version Version hdrreduction Protocol header reduction keyrotation Enable encryption key rotation allowpppneg Allow generic PPP negotiation authenticationtype Key exchange algorithm keyinterval Key rotation interval (minutes) allowuseridneg Client validation model encrypttype Minimum level of encryption ibm-wlAuthRef Authentication profile compresstype Compression algorithm ibm-wlMaxThreads Maximum number of processing threads ibm-wlSarDelay Transmission delay between fragments ibm-wlTransProfileRef Transport profile(s) ibm-wlDfltTransProfileRef Default transport profile The objectclass wlmni includes new attributes of: eTargetAdapter Network interface adapter to bind ibm-wlNatAddresses Number of NAT addresses to request The objectclass ePasswordPolicy includes new attributes of: ibm-wlConsecChar Maximum consecutive characters ibm-wlMinCharGroup Minimum characters from 2 of 3 groups (alpha, numeric, other) The objectclass ibm-wlWlpServer includes new attributes of: ibm-wlMultiSignon Allow multiple sessions per user ID ibm-wlSendTermAck Send terminate message on shutdown 4.5 AIX Version 5.2 ML 1 If you are using AIX version 5.2 and are experiencing problems with only loopback-related transactions either to the MNI or outside of Connection Manager completely, try installing AIX 5.2 maintenance level (ML) 1. Note that ML 1 may cancel AIX 5.2 common criteria certification, which nullifies the Connection Manager FIPS 140-2 certification. 4.6 Maximum limit of MNIs for each mobile access services The maximum number of mobile network interfaces (MNIs) that you can add to mobile access services is 1024. 4.7 Reboot after installation on AIX The AIX kernel extension modifications that address potential message queue overflows and lockups require a system reboot when upgrading to the Connection Manager version 5.1. After you install the Connection Manager on an AIX system, be sure to reboot the machine before starting the Connection Manager. 4.8 Recreate all LDAP-bind authentication profiles Because of modifications to made to the LDAP-bind authentication profile, recreate all LDAP-bind authentication profiles after upgrading to Connection Manager version 5.1 from a prior release. 4.9 New features in version 5.1.0.1 o Added support for limiting the Mobility Clients that are permitted to log on to the Connection Manager by device class. This capability is a security feature of the connection profile that is assigned to the mobile network connection (MNC) to which the client logs in. 4.10 New features in version 5.1.0.2 o Added support for the Mobility Clients on the CE .NET operating system using Psion 7535 devices. o Added support for DB2(R) Universal Database(TM) Express Edition - Before completing the configuration of version 5.1.0.2, there is a setupDB script that requires changing. Edit the file: AIX /usr/opt/wecm/bin/setupDB Linux or Solaris /opt/IBM/wecm/bin/setupDB Inside the Make_V8_ResponseFile() function at line 233, add this line: echo "PROD=UDB_EXPRESS_EDITION" >> $(DB2RSPFILE) Save the file, then begin the configuration. 4.11 New features in version 5.1.1 o Added support for AIX version 5.3 o Removed support for IBM Directory 4.1 o Added support for DB2(R) Universal Database(TM) version 8.2 and removed support for DB2 version 7.2 o Added mobile network connection support for Motorola ASTRO 25 networks. This network connectivity is available only for Mobility Clients on desktop Windows(R). o Enhanced third-party authentication using certificates that includes: - Verifying the subject name. The subject key is defined as the subject field of the certificate credentials which are passed to the Connection Manager from the Mobility Client during authentication. - Verifying that certificates are not on a revocation list from a certificate authority. o Enhanced LDAP-bind authentication to include optional group membership verification o Added support for running the Connection Manager using VMware Workstation 4.5.2 in a VMWare-hosted Linux environment. Make sure the Linux distribution installed on the virtual machine is one listed under required operating systems in the Administrator's Guide. o Removed support for adding an additional organizational unit (OU) to an OU. o Documented procedure for configuring mobile access services to broadcast user datagram protocol (UDP) on a given port. See Using broadcast groups in the Administrator's Guide. o Enhanced recording in the session database of Mobility Client information, such as version number, platform type, and the number of accounts with failed login status. o The Mobility Client for Windows supports dialing a third-party network access server using Microsoft(R) Dial-Up Networking. For IP-based connections that are connection-oriented, you can choose to place the connection in short-hold mode when it is not the active connection or suspend the connection after a configurable amount of time to wait. o Added TCP-Lite and HTTP codec support for the Mobility Client for Windows Mobile 2003 and selected Windows CE .NET devices o Added support for selected Windows CE .NET devices. o Added the capability to configure several user interface parameters to display or not display in the Mobility Client for Linux. o Added support for Nokia 9300 and removed the use of network ID-based connection selection. o Added support for Sony Ericsson P910 and added support for Diffie-Hellman key exchange. o Documented new procedures on how to use secondary authentication and how to set configuration parameters using the command line in the Mobility Client for Palm OS. o Enhanced default filters available for Mobility Client traffic, including the ability to allow ICMP or deny FTP, telnet, HTTP, NETBIOS, and SNMP traffic. 4.12 New DSS schema changes for Version 5.1.1 include: The objectclass ibm-wlAuthCert includes new attributes of: ibm-wlCertUserKey Certificate user key match string ibm-wlCertSubjectKey Certificate subject key match string ibm-wlCertCrlDir Directory containing certificate revocation lists The objectclass ibm-wlAuthLdap includes new attributes of: ibm-wlEnableSearchGrp Perform additional distinguished name validation ibm-wlSearchAttr Search attribute ibm-wlSearchSyntax Syntax (X.500) ibm-wlGrpServerRef Directory server The objectclasses ibm-wlDataProfile and ibm-wlTransProfile include a new attribute of: ibm-wlFilterRef Filters The objectclass ibm-wlWlpServer includes new attributes of: ibm-wlHashRestrict Restrict hashing algorithm ibm-wlHashAlgorithm Algorithm ibm-wlHashRounds SHA rounds The objectclass ibm-wlGateway includes a new attribute of: acctdbconntbl Login packet data record table name The objectclass wlCm includes a new attribute of: ibm-wlPath Response path 4.13 Changes to accounting records with version 5.1.1 The current accounting database needs to be cleared before installing version 5.1.1. If you are using filesystem-based accounting, the wg.acct file needs to be reset, removed, or renamed and will no longer be viewable with the wg_acct command. Before starting the Connection Manager, run the setupDB command to clear the database: /usr/opt/wecm/bin/setupDB -local -type acct -u -pw -cleanup New command line options for wg_acct are available and documented in the Troubleshooting Guide in the information center. 4.14 New features in version 5.1.1.1 o Added support for group validation using a directory service server when using certificate-based authentication. o Added support for smart card authentication on the Windows XP and Windows 2000. o Added support for determining whether message log records are logged using the syslogd daemon o Added support verifying that certificates are not on a delta revocation list from a certificate authority. Note that on AIX platforms, an error might occur with CRLs or delta CRLs that do not contain any certificates. To work around this problem, remove the empty CRL or delta CRL from the WECM CRL directory. 4.15 New DSS schema changes for Version 5.1.1.1 include: The objectclass ibm-wlGateway includes new attributes of: ibm-wlRadiusNASID RADIUS NAS-Identifier ibm-wlUseSyslogd Use system logging facility, syslogd ibm-wlSyslogMode Configuration mode ibm-wlSyslogLevel Event log priorities The objectclass ibm-wlAuthCert includes new attributes of: ibm-wlCertSubjMode Validation method ibm-wlCertSubjServerRef Directory server ibm-wlCertSubjMapFilter Subject mapping filter ibm-wlCertEnableGrpSearch Validate group membership ibm-wlCertSubjAllowedGrps Allowed groups ibm-wlCertSubjMemberAttr Membership attribute ibm-wlCertGrpMode Group membership evaluation mode ibm-wlCertSubjNested Search nested groups ibm-wlCertSubjCacheTTL Group cache lifetime 4.16 New features in version 5.1.1.2 o The data compression libraries based on the Lempel-Ziv-Welch algorithm as provided by ZLib are used by the Mobility Client for Windows. o Added support for the Mobility Clients using the Nokia 9300i device _____________________________________________________________________________ 5.0 Fixed Authorized Problem Analysis Reports (APARs) For more information, see the product Support web site at: http://www.ibm.com/software/pervasive/ws_everyplace_connection_manager/support 5.1 APARs fixed in version 5.1.0.1 IY57169 - Connection Manager database configuration fails with DB2 8.1 Fixpak 7, DB IY63090 - Duplicate CONFREQ error received when more than 2 routes are defined in an MNI IY63361 - Timing error in TCP-OPT retransmit after roam may cause core dump. Stack trace shows FireRetransmitAll as offending function. IY63725 - HTTP codec for TCP-Lite inserting Connection: close when Connection token is not present for http responses IY63813 - WECM coredump if Mobitex MTU is greater than 512. IY62737 - External User DSS mode requires root inorder to see the User DSS tree in Gatekeeper. IY64173 - Add configuration attributes to support WES-AST in a non WES environment. These attributes are available only from the command line. IY64509 - Allow dynamic update of trace flag for VPN users. IY64839 - LDAP Schema error when adding Connection Profiles at install time IY64961 - Linux gateway cores on relogin of existing session. 5.2 APARs fixed in version 5.1.0.2 IY64173 Add 3 attributes to the Connection Manager resource to allow the configuration of an AST in a non-WES environment IY64961 WGATED core dump on Linux IY65357 - Schema file for IDS (ibm-wecm.ldif) missing attributes: authreq, personalid, httpproxyaddr, devicepool, defwaphomepage IY65477 - GK may delete resource if update involves LDAP storage failure. If the DN is changed for the resource and the change is invalid, WECM may delete the original resource. IY66154 - MNI intermittently fails to initialize on Linux IY66415 - Unable to add users in User DSS mode. GK will not display the correct primary OU tree in the make/properties panels. IY66650 - LDAP-bind with single sign on (SSO) using HTTP access services fails to create LDAP record and returns a 503 to the HTTP client IY66870 - Add configuration option to SMS-SMPP MNC to allow override of the replace_if_present flag. IY67255 - HTTP Access with Ldap bind or radius authentication fails to create shadow user account with ldap schema error message. 5.3 APARs fixed in version 5.1.1 IY57181 Only REVOKE authorities if WECM database is newly created IY57768 - Support of DB2 Express Edition IY61175 - LDAP-bind with Single Sign On (SSO) using the HTTP access services of WECM fails authentication IY62925 - Cannot modify SMS MNC's maximum transmission unit IY62928 - Deadlock in Messaging GW during SMS PUSH. Network Delay may cause an LDAP query thread to become hung up, and eventually leads to the deadlock. Messages are accepted from the pushing application, but not delivered. This fix also deadlock detection code which attempts to detect messaging gw deadlock, save messages and restart. IY63456 - TCP-Lite is broken in multi-MNI configurations if mn0 is down IY64400 - WECM OMA client provisioning eith security causes incorrect content-type parameter in message IY64495 - TCP-Lite's HTTP CODEC fails to encode date related HTTP header tokens that contain information in addition to the date IY67243 - SERVICE_TYPE field in SMS should have an option of WAP or empty string IY67829 - When trying to send bootstrap and notifacation messages via WECM, the port values of the UDH header are incorrect IY68118 - HTTP AS drops bytes if the data packet coming from the browser client is less than 3 bytes IY68401 - SSO/LTPA fails with a 503 being returned to the HTTP Access Services client IY69040 - Kernel panic upon wgstop. WECM unresponsive prior to wgstop IY69041 - SunOne (IPlanet) schema import warning on 'labeledURI' and 'keywords' attributes IY69044 - WGATED hangs IY69048 - The HTTP Parser in the Connection Manager uses an unsigned short value to keep track of bytes processed for a given packet IY69509 - Gateway deadlock in mallinfo() query IY69529 - Add date to wg_monitor -f output IY69543 - Unable to manage / create users under the WECM controlled System container. The container does not show up in the primary OU listing and changes to users under this container cause the user record to be moved to a different OU. IY70030 - SIGPIPE not caught on AIX 5.2 and later OS levels IY70228 - Routes downloaded to client limited to 20 IY70286 - Error in RADIUS accounting retry logic, may cause of retries are exhausted IY70365 - Duplicate roaming requests cause session teardown when using Diffie-Hellman and secondary authentication IY70540 - PAP constraints not converted to SMPP. IY70842 - Creating MNCs that use the same UDP port and direct bind to different addresses, fails to create IY70924 - Top level administrators may want to put entitlement records in additional organizational units (OU) to restrict access of lower level administrators instead of granting them access to the System > User OU IY71116 - WECM deadlock occurs and LDAP-bind experiences authentication extreme delays IY71419 - Need capability to configure direct-bind MNCs in a clustered topolgy that includes return path through principal node IY71501 - Deadlock in active session processing IY71702 - WECM unable to change LDAP password via the Mobility Client IY71727 - Gateway cores when logging in IY71869 - Gateway doesn't deactivate old UID/device handle upon reconnect IY72239 - The locale is being transmitted in lowercase through the SSL connection, causing a locale lookup to fail IY72352 - Gatekeeper not displaying all WECM resources when the userCertificates attribute contains binary dat IY73163 - HTTP Access Services - Idle timer may cause deadlock. 5.4 APARs fixed in version 5.1.1.1 IY69042 - Login delays using HTTP Access. IY70929 - Mobile access session idle timer should check receive timestamp instead of send-receive timestamp. Multi session login enablement may cause session bleed without it. IY71114 - Update to transport profiles not dynamic on cluster subordinate nodes IY71969 - MNI add field must be a required field for external DHCP with NAT IY72508 - Change scheduled delivery times in SMPP packets to be optional IY72855 - ZE APAR for IY70005 - Packet level accounting, transmit/frame size values are 0 on mobile originated traffic on a Motorola PMR network. IY72963 - Clients reporting that The WECM gateway is unavailable when WECM is configured in cluster mode. Reconnect error in cluster management after a service interuption. IY73018 - UTC time in SMPP packets off by 1 hour IY73374 - Permission denied for actions against entitlement records IY73397 - Gatehkeeper fails to enable user lookup via Find function for users contained in the Enterprise User DSS. This APAR allows users to select the OU for searching in the Find dialog. IY73804 - Bad format on WECM generated ICMP packets IY73955 - Timing hole in LDAP-bind authentication connection management code may cause core dump. IY74446 - Deadlock in Connection Manager when a user account is configured with a fixed IP address and the user logs in over different MNCs without logging out first IY74646 - LTPA tokens are always created using the default SSL DSS port (636) IY74698 - Accounting records for roam packets are not getting generated IY75067 - Thread pool worker threads may hang for up to 7200 seconds when processing SSL connect requests that have been interupted IY75376 - When using an administrator ID, resources, including users in the user DSS, are not showing properly. The ACLs for the ID are not being honored. IY76122 - Secure Access Manager connections can fail when a gethostbyaddr call fails on the gateway. IY76329 - LDAP-bind secondary auth fails to reset on group server connect failures. Reschedule of job also fails as first 2 bytes of userid are get stripped. IY76531 - TCP-Lite fails to decompress PDUs when the uncompressed size is larger than 4096. This affects sessions that use the zlib compression algorithms (Pocket-PC). 5.5 APARs fixed in version 5.1.1.2 IY76780 - Syncto timer not always removed if connection to SMS-C is dropped, which can cause a gateway core IY77523 - Client fails to login over Motorola PMR. Gateway log shows invalid LLI starting with 0xff. Linux/Solaris IY77948 - Configuration option needed to disable return code sent when using the WECM broadcast API over UDP IY78090 - Connection Manager / Ldap Bind authentication fails to guard against zero length passwords and incorrectly handles LDAP_INAPPROPRIATE_AUTH return code IY78122 - Log message in wg.log, WLP::Receive: invalid mult-packet buffer detected, is incorrectly generated on valid packets IY78318 - Bad log entry in cluster management code. The following message is incorrectly generated: CM::getServer: CM_WAP event received gateway.wap_server is NULL IY78334 - IP-LAN mnc is disabled on return code 0. This is not an error and should not trigger an MNC shutdown IY78412 - WECM 5.1.1: Incorrect readme for 5.1.1.1 (APAR IY69042) IY78449 - wg_monitor -u all crashes if number of active users is greater than approximately 800 IY78832 - RADIUS authentication omits attributes required by the RADIUS RFC IY78863 - Cluster APAR, Mobility Client unable to send data to another Mobility Client if the two are logged into different subordinate nodes IY79335 - LDAP_LOCAL_ERROR cleanup handler does not always recover. New code added to reset ldap connections on this error. IY79522 - LDAP bind authentication may core the CM during times of LDAP server outage and multiple threads are configured. IY80312 - WECM subordinate servers coring 5.6 APARs fixed in version 5.1.1.3 IY79834 - Optimize filter update mechanism for MNIs. Only update MNIs and filters directly effected by the change. IY80521 - Maximum resources to display not being honored when configured in UserDSS mode. IY80843 - Defensive code to protect against malformed multi-packet buffers. It is possible for the CM to get into an infinite loop while processing these packets. IY80934 - CM fails to bind to authentication port, 9610, with an already in use error message. This APAR adds monitor functionality such that the CM will re-init failed connects during monitor interval. _____________________________________________________________________________ 6.0 Trademarks and Copyright AIX, DB2, DB2 Universal Database, Everyplace, IBM, and WebSphere are trademarks or registered trademarks of the IBM Corporation in the United States or other countries or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. Copyright International Business Machines and others, 1994, 2006. All rights reserved.