Using the agentadmin command fails under specific conditions when Agent for IBM WebSphere Application Server is used with Access Manager 6.3 (6443463) (Sun Java System Access Manager Policy Agent 2.2 Release Notes)

Sun Java System Access Manager Policy Agent 2.2 Release Notes

Previous: Harmless error message related to the DirectoryManager class appears in the debug files of agents for IBM WebSphere Application Server (6403913)
Next: The sample application of Agent for IBM WebSphere Application Server provides incorrect information about the role required (6452733)

Using the `agentadmin` command fails under specific conditions when Agent for IBM WebSphere Application Server is used with Access Manager 6.3 (6443463)

The problem occurs when spaces are used in the common name (cn) in specific scenarios. The following conditions can cause the problem:

When either of the following agents are used:
- Agent for IBM WebSphere Application Server 5.1.1
- Agent for IBM WebSphere Application Server 6.0
When either of the following agentadmin options are used:
- agentadmin --setGroup
- agentadmin --removeGroup
When Access Manager 6.3 is used, since the problem occurs when the group name includes cn, which is specific to Access Manager 6.3.

The following agentadmin command illustrates the problem. Notice that the cn contains spaces: was admin role. The spaces before and after the string admin are not allowed:

/agentadmin --setGroup administrator "cn=was admin role,dc=example,dc=com"
/opt/WebSphere/AppServer/config/cells/

Workaround: Use a text editor of your choice to directly map the groups in the admin-authz.xml file.