Sun Java System Access Manager 7.1 Performance Tuning and Troubleshooting Guide

Improving Performance for the Default Application User

When you deploy a Distributed Authentication UI server using the default application user, performance can drop significantly due to the default application user's restricted privileges in Directory Server.

ProcedureTo improve performance for the Distributed Authentication UI server default user:

  1. In the Access Manager console, create a new user. For example: DistAuthUIuser.

  2. In Directory Server, add the DistAuthUIuser user with a new ACI to allow reading, searching, and comparing user attributes. An example of this new ACI is:

    aci: (target="ldap:///ou=1.0,ou=SunAMClientData,ou=ClientData,dc=example,dc=com")
    (targetattr = "*"(version 3.0; acl "SunAM client data access for application user"; 
    allow (read, search, compare) 
    userdn = "ldap:///uid=DistAuthUIuser,ou=people,dc=example,dc=com";)
  3. On the Distributed Authentication UI server, set the following variables in the configuration file:


    On Solaris and Linux systems, the configuration file is based on the amsamplesilent file and is named DistAuth_config in the next step. Set any other variables in the DistAuth_config file, as required for your deployment.

    On Windows systems, use the file to create a new configuration file. For example:

  4. Run the amconfig script using the edited configuration file.

    For example, on a Solaris system with Access Manager installed in the default directory:

    # cd /opt/SUNWam/bin
    # ./amconfig -s ./DistAuth_config

    On Windows systems, in the amconfig.bat file, change to, and then run the edited amconfig.bat file.

  5. Restart the web container on the Distributed Authentication UI server.