AMSDK Issues

• Error displayed when performing AMIdentity.modifyService (6506448)

• Group members don't show up in selected list (6459598)

• Access Manager Login URL Returns Message "No such Organization found" (6430874)

• Sub-org creation not possible from Access Manager when using amadmin (5001850)

Error displayed when performing AMIdentity.modifyService (6506448)

When using AMIdentity.modifyService to set desktop service dynamic attribute on a realm, Access Manager returns a null pointer exception.

Workaround:Add the following property to AMConfig.properties and then restart the server.:

com.sun.am.ldap.connnection.idle.seconds=7200

Group members don't show up in selected list (6459598)

The problem occurs under the following conditions:

1. Define a realm with the following realm configuration:

   • Top-level realm is amroot. A subrealm is example.com.

   • The subrealm example.com has two data stores: exampleDB and exampledminDB.

   • The data store exampleDB contains all the users starting at dc=example,dc=com. Supported LDAPv3 operations is set to user=read,write,create,delete,service.

   • The data store exampleadminDB contains an admin group for the realm. The admin group is DN: cn=example.com Realm Administrators,ou=Groups,dc=example,dc=com. This group has a single member, scarter. Supported LDAPv3 operations is set to group=read,write,create,delete.

2. Click the Subjects tab, then Groups, then the entry for example.com Realm Administrators.

3. Click the User tab.

All the users in the exampleDB data store show up as available, but scarter does not show up in the Selected field.

Workaround: Add the operation user=read to the supported LDAPv3 operations in the exampleadminDB data store.

Access Manager Login URL Returns Message "No such Organization found" (6430874)

The problem may be due to the use of mixed-case (both uppercase and lowercase) characters in the fully qualified domain name (FQDN).

Example: HostName.PRC.Example.COM

Workaround : After installation, do not use the default Access Manager login URL. Instead, in the login URL, include the LDAP location of the default organization. For example:

http://HostName.PRC.Example.COM/amserver/UI/Login?org=dc=PRC,dc=Example,dc=COM

Once you've successfully logged in to Access Manager, you can eliminate the need to enter the full path to the user's organization each time you log in to Access Manager. Follow these steps:

1. Go to the Realm tab in Realm mode, or go to the Organization tab in Legacy mode.

2. Click the default realm or organization name.

   In this example, click prc.

3. Change all uppercase characters in the Realm/DNS Alias value to lowercase characters.

   In this example, add the all-lowercase value hostname.prc.example.com to the list, and then remove the mixed-case HostName.PRC.Example.COM value from the list.

4. Click Save, and log out of Access Manager Console.

You can now log in using any one of the following URLs:

• http://hostname.PRC.Example.COM/amserver/UI/Login

• http://hostname.PRC.Example.COM/amserver

• http://hostname.PRC.Example.COM/amserver/console

Sub-org creation not possible from Access Manager when using amadmin (5001850)

This problem occurs when multi-master replication is enabled between two Directory Servers and you attempt to create a sub-organization using the amadmin utility.

Workaround: In both Directory Servers, set the nsslapd-lookthroughlimit property to -1.