Sun Java System Access Manager 7.1 Release Notes

AMSDK Issues

Error displayed when performing AMIdentity.modifyService (6506448)

When using AMIdentity.modifyService to set desktop service dynamic attribute on a realm, Access Manager returns a null pointer exception.

Workaround:Add the following property to and then restart the server.:

Group members don't show up in selected list (6459598)

The problem occurs under the following conditions:

  1. Define a realm with the following realm configuration:

    • Top-level realm is amroot. A subrealm is

    • The subrealm has two data stores: exampleDB and exampledminDB.

    • The data store exampleDB contains all the users starting at dc=example,dc=com. Supported LDAPv3 operations is set to user=read,write,create,delete,service.

    • The data store exampleadminDB contains an admin group for the realm. The admin group is DN: Realm Administrators,ou=Groups,dc=example,dc=com. This group has a single member, scarter. Supported LDAPv3 operations is set to group=read,write,create,delete.

  2. Click the Subjects tab, then Groups, then the entry for Realm Administrators.

  3. Click the User tab.

All the users in the exampleDB data store show up as available, but scarter does not show up in the Selected field.

Workaround: Add the operation user=read to the supported LDAPv3 operations in the exampleadminDB data store.

Access Manager Login URL Returns Message "No such Organization found" (6430874)

The problem may be due to the use of mixed-case (both uppercase and lowercase) characters in the fully qualified domain name (FQDN).

Example: HostName.PRC.Example.COM

Workaround : After installation, do not use the default Access Manager login URL. Instead, in the login URL, include the LDAP location of the default organization. For example:


Once you've successfully logged in to Access Manager, you can eliminate the need to enter the full path to the user's organization each time you log in to Access Manager. Follow these steps:

  1. Go to the Realm tab in Realm mode, or go to the Organization tab in Legacy mode.

  2. Click the default realm or organization name.

    In this example, click prc.

  3. Change all uppercase characters in the Realm/DNS Alias value to lowercase characters.

    In this example, add the all-lowercase value to the list, and then remove the mixed-case HostName.PRC.Example.COM value from the list.

  4. Click Save, and log out of Access Manager Console.

You can now log in using any one of the following URLs:

Sub-org creation not possible from Access Manager when using amadmin (5001850)

This problem occurs when multi-master replication is enabled between two Directory Servers and you attempt to create a sub-organization using the amadmin utility.

Workaround: In both Directory Servers, set the nsslapd-lookthroughlimit property to -1.