After you apply patch 1, the /tmp/amsilentfile allows read access for all users.
Workaround: After you apply the patch, reset the permissions for the file to allow read access only by the Access Manager administrator.
If you perform an SDK installation with the container configuration (DEPLOY_LEVEL=4), the notification URL is not correct.
Set the following property in the AMConfig.properties file:
com.iplanet.am.notification.url= protocol://fqdn:port/amserver/servlet/com.iplanet.services.comm.client. PLLNotificationServlet
Restart Access Manager for the new value to take effect.
The Access Manager classpath refers to Java Cryptography Extension (JCE) 1.2.1 Package (Signing Certificate), which expired on July 27, 2005.
Workaround: None. Although the package reference is in the classpath Access Manager does not use this package.
To improve the search performance, Directory Server has several new indexes.
Workaround: After you install Access Manager with an existing Directory Information Tree (DIT), rebuild the Directory Server indexes by running the db2index.pl script. For example:
# ./db2index.pl -D "cn=Directory Manager" -w password -n userRoot
The db2index.pl script is available in the DS-install-directory/slapd-hostname/ directory.
When a non-root user is specified in the silent install configuration file, permissions on the debug, logs, and starts directories are not set appropriately.
Workaround: Change the permissions on these directories to allow access for a non-root user.
Although the classpath and other Access Manager web container environment variables are updated during installation, the installation process does not restart the web container. If you try to login to Access Manager after installation before the web container is restarted, the following error is returned:
Authentication Service is not initialized. Contact your system administrator.
Workaround: Restart the web container before you login to Access Manager. Directory Server must also be running before you login.
The Java ES Installer does not add a platform entry for an existing directory server installation (DIRECTORY_MODE=2).
Workaround: Add the Realm/DNS aliases and platform server list entries manually. For the steps, see the Adding Additional Instances to the Platform Server List and Realm/DNS Aliases in Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide.