Category Archives: WebSphere

wsadmin: import self-signed certificates from other servers

There are moments where you want to use a WebSphere server to control other servers, to remotely start/stop applications, gather statistics or do a remote configuration/deployment.

If you want to script that, you will probably have the issue that the first time you are using wsadmin to connect to another server, you will be asked to accept the certificate manually, and that will pause your execution.
WSADMIN_certificate

You could, of course, connect a first time to each server if you have a few, but if you have many of them, that wouldn’t be fun. However, you can add the certificate to the wsadmin‘s trusts tore with a command line by doing the following:

host=master1
echo "" | openssl s_client -connect $host:9043 -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > cert.txt
$JAVA_HOME/bin/keytool -import -alias $host -file cert.txt -keystore /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/etc/trust.p12 -storetype PKCS12 -storepass WebAS

You can, of course, repeat this in one script for all your servers, afterward the wsadmin won’t hang for any input when using it the first time on a server.

Install WebSphere Application Server 8.5.5 with Java 7 using command lines

This post explains how to install WebSphere Application Server 8.5.5 with the Java SDK 7.

What you need

Here are the parts you need to download to install WAS 8.5.5 with Java 7

Name Part name (for Linux x86_64) File name
IBM Installation Manager 1.6.2 CIK2GML InstalMgr1.6.2_LNX_X86_WAS_8.5.5.zip
IBM WebSphere Application Server 8.5.5 CIK1QML WAS_V8.5.5_1_OF_3.zip
IBM WebSphere Application Server 8.5.5 CIK1RML WAS_V8.5.5_2_OF_3.zip
IBM WebSphere Application Server 8.5.5 CIK1SML WAS_V8.5.5_3_OF_3.zip
IBM WebSphere SDK Java (TM) Technology Edition V7.0 CI717ML WS_SDK_JAVA_TEV7.0_1OF3_WAS_8.5.zip
IBM WebSphere SDK Java (TM) Technology Edition V7.0 CI718ML WS_SDK_JAVA_TEV7.0_2OF3_WAS_8.5.zip
IBM WebSphere SDK Java (TM) Technology Edition V7.0 CI719ML WS_SDK_JAVA_TEV7.0_3OF3_WAS_8.5.zip

Pre-requisites

For the installer to work, you need the following libraries:

  • ld-linux.so.2
  • libgcc_s.so.1

Continue reading

Deploy Jenkins on WebSphere 8.5

I’ve been struggling for a short time to deploy Jenkins on IBM WebSphere Application Server 8.5, so here is a few tips.

First, Jenkins needs Java EE 7 or newer, it won’t work on Java EE 6. The official help is located here.

The main step is to configure the class loader to load the parent last, for the module and the application.

Applications > WebSphere enterprise applications > application_name > Class loading and update detection > Classes loaded with local class loader first (parent last)
and
Applications > WebSphere enterprise applications > application_name > Manage modules > Jenkins v1.xxx > Classes loaded with local class loader first (parent last)

What the documentation does not say, is that there is a conflict with WAS 8.5 because Jenkins tries to configure the JSESSION cookie for the path /. Basically you will get the following error message:

Could not invoke an operation on object: WebSphere:name=ApplicationManager,process=server1,platform=proxy,node=P8Node01,version=8.5.0.0,type=ApplicationManager,mbeanIdentifier=ApplicationManager,cell=P8Node01Cell,spec=1.0 because of an mbean exception: com.ibm.ws.exception.RuntimeWarning: com.ibm.ws.webcontainer.exception.WebAppNotLoadedException: Failed to load webapp: Failed to load webapp: SRVE8111E: The application, jenkins_war, is trying to modify a cookie which matches a pattern in the restricted programmatic session cookies list [domain=*, name=JSESSIONID, path=/].

To fix this, you can change the name of the cookie
Applications > WebSphere enterprise applications > application_name > Session management > Tick Override session management > Click Enable Cookies > Change cookie name JSESSIONID

You should also be able to remove the restriction in Global Security > Programmatic session cookie configuration but I haven’t tried that way.

Feature is not implemented: PreparedStatement.setBinaryStream

Today I faced this new issue I’ve never got before. It happened when I was trying to set Entry Template on a folder in ICN, which is weird because I did that plenty of times in the past.

Perhaps another app I installed changed a configuration in WebSphere.

Here is the symptoms when I was updating the entry templates on the folder:

ICN_JDBC4_error

Message as text:

Contact your system administrator with the following information: An unexpected exception occurred. The unexpected exception is chained to this exception. Message was: RemoteException occurred in server thread; nested exception is: java.rmi.RemoteException: ; nested exception is: com.filenet.api.exception.EngineRuntimeException: FNRCC0036E: CONTENT_DCA_FAILED_INSERT: The content element could not be inserted.

And in the SystemOut.log from WebSphere:

000000e2 .ibm.ejs.container.LocalExceptionMappingStrategy 3    NON_APPLICATION_EXCEPTION_METHOD_ON_BEAN_CNTR0020E                   
                                 com.filenet.api.exception.EngineRuntimeException: FNRCC0036E: CONTENT_DCA_FAILED_INSERT: The content element could not be inserted.                                                              
        at com.filenet.engine.content.DatabaseContentArea.copyElementToInbound(DatabaseContentArea.java:2034)    
        at com.filenet.engine.content.ContentStreamUploader.doUpload(ContentStreamUploader.java:196)             
        at com.filenet.engine.content.PutContentHandler.putContent(PutContentHandler.java:203)                   
        at com.filenet.engine.jca.impl.RequestBrokerImpl.putContent(RequestBrokerImpl.java:448)                  
        at com.filenet.engine.jca.impl.RequestBrokerImpl.putContent(RequestBrokerImpl.java:356)                  
        at com.filenet.engine.ejb.EngineContentCoreBean._putContent(EngineContentCoreBean.java:82)               
        at com.filenet.engine.ejb.EngineContentCoreBean.putContent(EngineContentCoreBean.java:57)                
        at com.filenet.engine.ejb.EJSLocalStatelessEngineContentCore_dd5e7ec6.putContent(Unknown Source)         
        at com.filenet.engine.ejb.EngineContentBean.putContent(EngineContentBean.java:192)                       
        at com.filenet.apiimpl.transport.ejbstubs.EJSRemoteStatelessEngineContent_a66a23a6.putContent(Unknown Source)                                                                                                             
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                           
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)                         
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)                 
        at java.lang.reflect.Method.invoke(Method.java:613)                                                      
        at com.ibm.rmi.util.ProxyUtil$4.run(ProxyUtil.java:609)                                                  
        at java.security.AccessController.doPrivileged(AccessController.java:280)                                
        at com.ibm.rmi.util.ProxyUtil.invokeWithClassLoaders(ProxyUtil.java:606)                                 
        at com.ibm.CORBA.iiop.ClientDelegate.invoke(ClientDelegate.java:1177)                                    
        at $Proxy140.putContent(Unknown Source)                                                                  
        at com.filenet.apiimpl.transport.ejbstubs._EngineContent_Stub.putContent(Unknown Source)                 
        at com.filenet.apiimpl.transport.ejb.ContentEJB.putContent(ContentEJB.java:475)                          
        at com.filenet.apiimpl.transport.ejb.ContentPush$EJBImpl.putContent(ContentPush.java:892)                
        at com.filenet.apiimpl.transport.ejb.ContentPush$EJBImpl.run(ContentPush.java:749)                       
        at java.security.AccessController.doPrivileged(AccessController.java:314)                                
        at javax.security.auth.Subject.doAs(Subject.java:572)                                                    
        at com.ibm.websphere.security.auth.WSSubject.doAs(WSSubject.java:195)                                    
        at com.ibm.websphere.security.auth.WSSubject.doAs(WSSubject.java:152)                                    
        at sun.reflect.GeneratedMethodAccessor88.invoke(Unknown Source)                                          
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)                 
        at java.lang.reflect.Method.invoke(Method.java:613)                                                      
        at com.filenet.apiimpl.util.J2EEUtilWS.doAs(J2EEUtilWS.java:220)                                         
        at com.filenet.apiimpl.transport.ejb.ContentPush$EJBImpl.uploadContent(ContentPush.java:555)             
        at com.filenet.apiimpl.transport.ejb.ContentPush.uploadContent(ContentPush.java:312)                     
        at com.filenet.apiimpl.transport.ejb.ContentPush.singleThreadUpload(ContentPush.java:289)                
        at com.filenet.apiimpl.transport.ejb.ContentPush.uploadContent(ContentPush.java:152)                     
        at com.filenet.apiimpl.transport.ejb.EJBSession.executeChanges(EJBSession.java:371)                      
        at com.filenet.apiimpl.util.SessionHandle.executeChanges(SessionHandle.java:112)                         
        at com.filenet.apiimpl.core.Session.callExecuteChanges(Session.java:144)                                 
        at com.filenet.apiimpl.core.Session.executeChanges(Session.java:527)                                     
        at com.filenet.apiimpl.core.Session.executeChange(Session.java:830)                                      
        at com.filenet.apiimpl.core.IndependentlyPersistableObjectImpl.save(IndependentlyPersistableObjectImpl.java:85)                                                                                                           
        at com.filenet.apiimpl.core.IndependentlyPersistableObjectImpl.save(IndependentlyPersistableObjectImpl.java:76)                                                                                                           
        at com.ibm.ecm.util.p8.P8FolderTemplates.associateTemplatesWithFolder(P8FolderTemplates.java:120)        
        at com.ibm.ecm.struts.actions.p8.P8SaveEntryTemplateFolderAssociations.executeAction(P8SaveEntryTemplateFolderAssociations.java:33)                                                                                       
        at com.ibm.ecm.struts.actions.p8.P8BaseAction.executeBaseAction(P8BaseAction.java:183)                   
        at com.ibm.ecm.struts.actions.BaseAction.execute(BaseAction.java:211)                                    
        at com.ibm.ecm.jaxrs.Actions.loadAndExecuteAction(Actions.java:241)                                      
        at com.ibm.ecm.jaxrs.Actions.handleAction(Actions.java:83)                                               
        at com.ibm.ecm.jaxrs.Actions.handlePostRepositoryActions(Actions.java:183)                               
        at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source)                                         
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)                 
        at java.lang.reflect.Method.invoke(Method.java:613)                                                      
        at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)                                                                                                                
        at org.apache.wink.server.handlers.AbstractHandler.handleRequest(AbstractHandler.java:33)                
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.CreateInvocationParametersHandler.handleRequest(CreateInvocationParametersHandler.java:54)                                                                                    
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.handlers.AbstractHandler.handleRequest(AbstractHandler.java:34)                
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleSubResourceMethod(FindResourceMethodHandler.java:183)                                                                                         
        at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleRequest(FindResourceMethodHandler.java:110)                                                                                                   
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.FindRootResourceHandler.handleRequest(FindRootResourceHandler.java:95)                                                                                                        
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.HeadMethodHandler.handleRequest(HeadMethodHandler.java:53)   
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.OptionsMethodWADLHandler.handleRequest(OptionsMethodWADLHandler.java:51)                                                                                                      
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.handlers.SearchResultHandler.handleRequest(SearchResultHandler.java:33)                                                                                                                
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.log.ResourceInvocation.handleRequest(ResourceInvocation.java:92)      
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.internal.log.Requests.handleRequest(Requests.java:76)                          
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)             
        at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)             
        at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:75)          
        at org.apache.wink.server.handlers.AbstractHandlersChain.run(AbstractHandlersChain.java:60)              
        at org.apache.wink.server.internal.RequestProcessor.handleRequestWithoutFaultBarrier(RequestProcessor.java:207)                                                                                                           
        at org.apache.wink.server.internal.RequestProcessor.handleRequest(RequestProcessor.java:154)             
        at org.apache.wink.server.internal.servlet.RestServlet.service(RestServlet.java:124)                     
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)                                          
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1214)                      
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:774)                 
        at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:456)                 
        at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)         
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:125)             
        at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:77)                  
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:926)             
        at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1023)       
        at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)        
        at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:895)                             
        at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)                        
        at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)                           
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)   
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:522)       
        at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:311)         
        at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:87)        
        at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)                                                                                                              
        at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)                     
        at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)                
        at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)                                          
        at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)                                       
        at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)                         
        at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)                                          
        at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1783)                                           
Caused by: com.filenet.api.exception.EngineRuntimeException: FNRCD0009E: DB_ERROR: The database access failed with the following error: ErrorCode 0, Message 'DSRA1300E: Feature is not implemented: PreparedStatement.setBinaryStream' ObjectStore: "TARGETOS"                                                                                    
        at com.filenet.engine.dbpersist.DBDB2Context.throwEngineException(DBDB2Context.java:730)                 
        at com.filenet.engine.dbpersist.DBContext.throwEngineException(DBContext.java:1277)                      
        at com.filenet.engine.dbpersist.DBStatementBase.setBinding(DBStatementBase.java:640)                     
        at com.filenet.engine.dbpersist.DBStatementBase.buildSingleExecution(DBStatementBase.java:526)           
        at com.filenet.engine.dbpersist.DBStatementBase.execute(DBStatementBase.java:271)                        
        at com.filenet.engine.content.DatabaseContentArea.copyElementToInbound(DatabaseContentArea.java:2027)    
        ... 122 more                                                                                             
Caused by: java.sql.SQLFeatureNotSupportedException: DSRA1300E: Feature is not implemented: PreparedStatement.setBinaryStream                                                                                                     
        at com.ibm.ws.rsadapter.AdapterUtil.notSupportedX(AdapterUtil.java:1460)                                 
        at com.ibm.ws.rsadapter.jdbc.WSJdbcPreparedStatement.setBinaryStream(WSJdbcPreparedStatement.java:1424)  
        at com.filenet.engine.dbpersist.DBStatementBase.setBinding(DBStatementBase.java:624)                     
        ... 125 more                                                                                             
Caused by: java.lang.AbstractMethodError: java/sql/PreparedStatement.setBinaryStream(ILjava/io/InputStream;)V    
        at com.ibm.ws.rsadapter.jdbc.WSJdbcPreparedStatement.setBinaryStream(WSJdbcPreparedStatement.java:1408)  
        ... 126 more   

It seems that my DataSources are not using JDBC 4 anymore but 3 instead (strange ???). To fix this, go to your JDBC DataProvider in WebSphere Resources > JDBC > JDBC Data Providers and edit the providers :

  • IBM Content Navigator JDBC provider for DB2
  • JDBC provider for DB2
  • JDBC provider for DB2 (XA)

to modify in the Class Path:

${DB2UNIVERSAL_JDBC_DRIVER_PATH}/db2jcc.jar

to

${DB2UNIVERSAL_JDBC_DRIVER_PATH}/db2jcc4.jar

ICN_JDBC4_fix

 

And restart you WebSphere server. That should fix the issue.

Install Java 7 SDK for WebSphere 8.5

WebSphere Application Server 8.5 comes by default with an IBM Java SDK 6. But nowadays, it becomes harder and harder to find applications running under Java 6 and most of the time, Java 7 is required. I faced this problem with Jenkins. So here is how to install and activate the IBM Java SDK 7 for WebSphere 8.5.0.

Checking if the Java SDK 7 is already installed

First, check that you don’t have the SDK 7 already installed. Run the command:

cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
./managesdk.sh -listAvailable

You should get a result like:

CWSDK1003I: Available SDKs :
CWSDK1005I: SDK name: 1.6_64
CWSDK1001I: Successfully performed the requested managesdk task.

or

CWSDK1003I: Available SDKs :
CWSDK1005I: SDK name: 1.7_64
CWSDK1005I: SDK name: 1.6_64
CWSDK1001I: Successfully performed the requested managesdk task.

If you already has the line listing the SDK 7, you can go to the last step right away (Enabling the SDK). If not, follow the next steps.

Installing the SDK

You need to download the SDK 7 for WebSphere, the parts number for WAS 8.5.0 are CI717ML, CI718ML, CI719ML.

Then deflate all three files in the same folder. Start the IBM Installation Manager tool and add a new repository:

  1. Go to File > Preferences
  2. Click add repository
  3. Select the repository,config file from the folder you deflated all files.

Then Click Install and install IBM WebSphere SDK Java Technology Edition, Version 7.0.1.0

Check if the SDK is now available:

./managesdk.sh -listAvailable

You should have the line:

CWSDK1005I: SDK name: 1.7_64

Enabling the SDK

Now stop your WebSphere server:

./stopServer.sh server1

Ebable the SDK 7 for your profile:

./managesdk.sh -enableProfile -profileName AppSrv01 -sdkname 1.7_64

And restart your server:

./startServer.sh server1

Your server server1 is now running a Java SDK 7.

How to change the server’s ports in WebSphere

There is two ways to change the communication ports for a server in WebSphere, the console and the configuration files. The former is the easiest, that I usually use. However today I broke my server by using a port already used, and it refused to start. So I couldn’t use the console as usual and I had to find a different way. I am sharing this because I found a lot of information on WAS 6 and 7 and not really on WAS 8.

Via the administration console

Servers > Server Types > WebSphere application servers > server_name > Communications (on the right side) > Ports

WebSphere_ports_console

Via the configuration file

The file persisting the port number is actually

WAS_HOME/profiles/profile_name/config/cells/cell_name/nodes/node_name/serverindex.xml

You can then change the port number you want and restart the server.

Websphere primary administrative user id does not exist in the registry

When you try to change the primary administrative user in the WebSphere Console in

Security > Global Security > Configure > Primary administrative user name

You get the following error message:

websphere primary administrative user id does not exist in the registry

This is because by default, WebSphere uses the uid property to fetch user instead of cn, used with Tivoli Directory Server. To change the way WebSphere search for user, in the same location, go to Additional properties > Advanced Lightweight Directory Access Protocol (LDAP) user registry settings, and replace:

(&(uid=%v)(objectclass=person))

with

(&(cn=%v)(objectclass=person))