5.2 Applying Service Patch 5

The Access Manager 7 2005Q4 SP5 patch must be copied to the Access Manager host computer system. Patches are available for systems that use the Solaris^TM Operating System (Solaris OS) or Linux operation system. You can download the following patches for from SunSolve Online (http://sunsolve.sun.com/).

Use the following as your checklist for applying Service Patch 5:

1. Apply Service Patch 5 to Access Manager Server 1.

2. Apply Service Patch 5 to Access Manager Server 2.

To Apply Service Patch 5 to Access Manager Server 1

1. As a root user, log in to host AccessManager-1.

2. Unzip the patch file. Example:

   # cd /temp # ls 120954-05.zip # unzip 120954-03.zip

3. Run the patchadd command.

   (On Solaris 10) # patchadd -G /temp/120954-05

   For other platforms, see the Readme file that comes with the patch.

   After successful installation ,a draft amsilent file is created in /opt/SUNWamdirectory. This amsilent is based on /opt/SUNWam/bin/amsamplesilent , but with some required parameters set according to the AM config files on this system.

4. Redeploy the Access Manager applications.

   For detailed information about the following substeps, see the Release Notes (120954-05/rel_notes.html) that come with the patch.

   1. In the amsilent file, use a text editor to uncomment and modify the value of each password parameter, and verify the accuracy of other parameters in this file.

      In the following example, the entries in bold have been uncommented and modified.

      # cd opt/SUNWam

      # vi amsilent

      ...
      # The following entries contain sample values!
      # These should be modified for your specific installation
      # and then uncommented (remove the # from the line)
      #
      SERVER_NAME=AccessManager-1
      SEVER_HOST=AccessManager-1.example.com
      SERVER_PORT=1080
      
      ADMIN_PORT=8888
      DS_HOST=DirectoryServer-1.example.com
      
      DS_DIRMGRPASSWD=d1rm4n4ger
      ROOT_SUFFIX="o=example.com"
      
      ADMINPASSWD=4m4dmin1
      AMLDAPUSERPASSWD=4mld4puser
      COOKIE_DOMAIN=example.com
      AM_ENC_PWD=13MRBS4UH1fXNnfp3i/44elABip5CTnk
      NEW_OWNER=rootNEW_GROUP=otherPAM_SERVICE_NAME=other
      WEB_CONTAINER=WS6
      ...
      DIRECTORY_MODE=5
      DS_PORT=1389
      ...

   2. Run the following amconfig command:

      # cd /opt/SUNWam/bin

      # ./amconfig -s /opt/SUNWam/amsilent

5. Update the Access Manager schema.

   1. In the directory where you unzipped the patch files, run the updateschema.sh command.

      Provide information when prompted. See the following example:

      # cd /tmp/120954-05 # ./udpateschema.sh Executing updateschema.sh, the lof file is /var/opt/SUNWam/logs/AM70Patch.upgrade.schema.03080833 Directory Server fully-qualified hostname (LoadBalancer-1.example.com): DirectoryServer-1.example.com Directory manager dn (cn=Directory Manager): Directory manager password: Top-Level Administrator DN (uid=amAdmin,ou=People,o=example.com): Top-Level Adminsitrator password: loading /etc/opt/SUNWam/accountLockout.ldif..... modifying entry cn=schema updateschema.sh done!

   2. Restart Directory Server 1.

      # cd /var/opt/mps/serverroot/slapd-am-config # ./stop; start

      Check the error log to be sure there are no startup errors.

   3. Restart Directory Server 2.

      # cd /var/opt/mps/serverroot/slapd-am-config # ./stop; start

      Check the error log to be sure there are no startup errors.

6. Change the Server Name to Load Balancer 1 in the serverconfig.xml file.

   This step is necessary because a load balancer is used between the two Access Manager servers.

   # cd /etc/opt/SUNWam/config # vi serverconfig.xml <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host="LoadBalancer-1.example.com" port="389" type="SIMPLE" /> <User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,o=example.com </DirDN> <DirPassword> AQICMvvJ0xQN1lpFwZ9IjTPISL2TOx1yX2N8 </DirPassword> </User> <User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,o=example.com </DirDN> <DirPassword> AQICMvvJ0xQN1lpFwZ9IjTPISL2TOx1yX2N8 </DirPassword> </User> <BaseDN> o=example.com </BaseDN> </ServerGroup> </iPlanetDataAccessLayer>

   Save the file.

7. Verify that the patch was successfully installed.

   1. Restart the Access Manager 1 Web Server.

      # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com
      # ./stop; ./start 
      

   2. Use the version command to display installed patches.

      # cd /opt/SUNWam/bin # ./amadmin --version Sun Java System Access Manager 7 2005Q4 patch 120954-05

   3. On AccessManager-1, start a new browser and go to the URL of Access Manager 1.

      http://AccessManager-1:1080/amserver/console

   4. Log in to the Access Manager console using the following information:

      Username

      amadmin

      Password

      4m4dmin1

      If you can log in successfully, close the browser.

To Apply Service Patch 5 to Access Manager Server 2

1. As a root user, log in to host AccessManager-2.

2. Unzip the patch file. Example:

   # cd /temp # ls 120954-05.zip # unzip 120954-03.zip

3. Run the patchadd command.

   (On Solaris 10) # patchadd -G /temp/120954-05

   For other platforms, see the Readme file that comes with the patch.

   After successful installation ,a draft amsilent file is created in /opt/SUNWamdirectory. This amsilent is based on /opt/SUNWam/bin/amsamplesilent , but with some required parameters set according to the AM config files on this system.

4. Redploy the Access Manager applications.

   For detailed information about the following substeps, see the Release Notes (120954-05/rel_notes.html) that come with the patch.

   1. In the amsilent file, use a text editor to uncomment and modify the value of each password parameter, and verify the accuracy of other parameters in this file.

      In the following example, the entries in bold have been uncommented and modified.

      # cd opt/SUNWam

      # vi amsilent

      ...
      # The following entries contain sample values!
      # These should be modified for your specific installation
      # and then uncommented (remove the # from the line)
      #
      SERVER_NAME=AccessManager-2
      SEVER_HOST=AccessManager-2.example.com
      SERVER_PORT=1080
      
      ADMIN_PORT=8888
      DS_HOST=DirectoryServer-2.example.com
      
      DS_DIRMGRPASSWD=d1rm4n4ger
      ROOT_SUFFIX="o=example.com"
      
      ADMINPASSWD=4m4dmin1
      AMLDAPUSERPASSWD=4mld4puser
      COOKIE_DOMAIN=example.com
      AM_ENC_PWD=13MRBS4UH1fXNnfp3i/44elABip5CTnk
      NEW_OWNER=rootNEW_GROUP=otherPAM_SERVICE_NAME=other
      WEB_CONTAINER=WS6
      ...
      DIRECTORY_MODE=5
      DS_PORT=1389
      ...

   2. Run the amconfig command:

      # cd /opt/SUNWam/bin

      # ./amconfig -s /opt/SUNWam/amsilent

5. Update the Access Manager schema.

   1. In the directory where you unzipped the patch files, run the updateschema.sh command.

      Provide information when prompted. See the following example:

      # cd /tmp/120954-05 # ./udpateschema.sh Executing updateschema.sh, the lof file is /var/opt/SUNWam/logs/AM70Patch.upgrade.schema.03080833 Directory Server fully-qualified hostname (LoadBalancer-1.example.com): DirectoryServer-2.example.com Directory manager dn (cn=Directory Manager): Directory manager password: Top-Level Administrator DN (uid=amAdmin,ou=People,o=example.com): Top-Level Adminsitrator password: loading /etc/opt/SUNWam/accountLockout.ldif..... modifying entry cn=schema updateschema.sh done!

   2. Restart Directory Server 1.

      # cd /var/opt/mps/serverroot/slapd-am-config # ./stop; start

      Check the error log to be sure there are no startup errors.

   3. Restart Directory Server 2.

      # cd /var/opt/mps/serverroot/slapd-am-config # ./stop; start

      Check the error log to be sure there are no startup errors.

6. Change the Server Name to Load Balancer 1 in the serverconfig.xml file.

   This step is necessary because a load balancer is used between the two Access Manager servers.

   # cd /etc/opt/SUNWam/config # vi serverconfig.xml <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host="LoadBalancer-1.example.com" port="389" type="SIMPLE" /> <User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,o=example.com </DirDN> <DirPassword> AQICMvvJ0xQN1lpFwZ9IjTPISL2TOx1yX2N8 </DirPassword> </User> <User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,o=example.com </DirDN> <DirPassword> AQICMvvJ0xQN1lpFwZ9IjTPISL2TOx1yX2N8 </DirPassword> </User> <BaseDN> o=example.com </BaseDN> </ServerGroup> </iPlanetDataAccessLayer>

   Save the file.

7. Verify that the patch was successfully installed.

   1. Restart the Access Manager 2 Web Server.

      # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com
      # ./stop; ./start 
      

   2. Use the version command to display installed patches.

      # cd /opt/SUNWam/bin # ./amadmin --version Sun Java System Access Manager 7 2005Q4 patch 120954-05

   3. On AccessManager-2, start a new browser and go to the URL of Access Manager 2.

      http://AccessManager-1:1080/amserver/console

   4. Log in to the Access Manager console using the following information:

      Username

      amadmin

      Password

      4m4dmin1

      If you can log in successfully, close the browser.