Sun Java System Access Manager 7 2005Q4 Administration Guide

ProcedureTo Create Policies with amadmin

  1. Create the policy XML file based on the amadmin.dtd. This file is located in the following directory:

    AccessManager-base /SUNWam/dtd

  2. Once the policy XML file is developed, you can use the following command to load it:

    --runasdn "uid=amAdmin,ou=People,default_org,
    --password password
    --data policy.xml

    To add multiple policies simultaneously, place the policies in one XML file, as opposed to having one policy in each XML file. If you load policies with multiple XML files in quick succession, the internal policy index may become corrupted and some policies may not participate in policy evaluation.

    When creating policies through amadmin, ensure that the authentication module is registered with the realm while creating authentication scheme condition; that the corresponding LDAP objects realms, groups, roles and users) exist while creating realms, LDAP groups, LDAP roles and LDAP user subjects; that Access Manager roles exist while creating IdentityServerRoles subjects; and that the relevant realms exist while creating sub realm or peer realm referrals.

    Please note that in the text of Value elements in SubrealmReferral, PeerRealmReferral, Realm subject, IdentityServerRoles subject, LDAPGroups subject, LDAPRoles subject and LDAPUsers subject need to be the full DN.