Technical Note: Sun Java System Access Manager ACI Guide

Removing ACIs on Windows Systems

On Windows systems, the Access Manager tuning scripts are written in Perl and require Active Perl 5.8.

To remove unneeded ACIs on Windows systems in Realm Mode:

  1. On the Access Manager server, login as an administrator.

  2. To ensure that Access Manager is in Realm Mode, check the AM_REALM parameter in the file . The parameter should be set as follows:


    The file is located in the AccessManager-base\identity\bin directory.

    On Windows systems, AccessManager-base is javaes-install-directory\AccessManager. For example: C:\Program Files\Sun\AccessManager

  3. In the file, set $BASEDIR to the Access Manager installation directory.

  4. Run the script to generate the required tuning scripts and files.

  5. Copy the,, remacis.ldif, and amtune-samplepassordfile files from the previous step to a temporary directory on the Directory Server machine.

  6. Because he script tunes Directory Server, it is recommended that you first run the script in REVIEW mode. In the script on the Directory Server machine, set REVIEW mode as follows:


  7. On the Directory Server machine, run the script in REVIEW mode and review the recommended tuning settings for Directory Server in the tuning log file.

  8. If the changes in the debug log file are acceptable for your deployment, modify the script to run in CHANGE mode by setting AMTUNE_MODE as follows:


  9. Backup the Directory Server data.

  10. On the Directory Server machine, run the amtune-directory script to remove the ACIs.

  11. Check the tuning log file for the results of the run.