Patch Installation Instructions

• Patch Installation Instructions For Solaris Systems

• Patch Installation Instructions For Linux Systems

• Patch Installation Instructions For Windows Systems

• Patch Installation Instructions For HP-UX Systems

Patch Installation Instructions For Solaris Systems

Before you install the Solaris patch, make sure that you have backed up the files listed in Pre-Installation Considerations.

To add and remove patches on Solaris systems, use the patchadd and patchrm commands, which are provided with the OS.

patchadd Command

Use the patchadd command to install a patch on a standalone system. For example:

# patchadd /var/spool/patch/120954-12

---

Note –

If you are installing the Solaris patch on a Solaris 10 global zone, invoke the patchadd command with the -G argument. For example:

patchadd -G /var/spool/patch/120954-12

---

The postpatch script displays a message about redeploying the Access Manager applications, except on a system that has only the Access Manager SDK component installed.

The postpatch script creates the amsilent file in the following directory:

• Solaris systems: AccessManager-base/SUNWam

• Linux systems: AccessManager-base/identity

AccessManager-base is the base installation directory. The default base installation directory is /opt on Solaris systems and /opt/sun on Linux systems.

The amsilent is based on the amsamplesilent file, but with some required parameters set according to the Access Manager configuration files on the system. The password parameters, however, contain default values. Uncomment and modify the value of each password parameter and carefully check values of other parameters in this file, as needed for your deployment.

The COMMON_DEPLOY_URI parameter, the URI prefix for the common domain web application, also contains a default value. If you have chosen a non-default value for this URI, make sure to update this value. Otherwise, the redeployment of the web applications with amconfig and the patch generated amsilent file will fail.

Then, run the following command (shown with Access Manager installed in the default directory):

# cd /opt/SUNWam/bin 
# ./amconfig -s /opt/SUNWam/amsilent

---

Caution –

The amsilent file contains sensitive data such as administrator passwords in plain text, so make sure you secure the file as appropriate for your deployment.

---

After you run the amconfig script, execute the updateschema.sh script to load the XML and LDIF files. The updateschema.sh script is available after you install patch 11 in the following directory:

• Solaris SPARC systems: patch-home-directory/120954-09

• Solaris x86 systems: patch-home-directory/120955-09

After you run the updateschema script, restart the Access Manager processes. For example:

# cd /opt/SUNWam/bin
# ./amserver stop
# ./amserver start

Then, restart the Access Manager web container.

patchrm Command

Use the patchrm command to remove a patch from a standalone system. For example:

# patchrm 120954-03

The backout script displays a message similar to the patchadd command, except on a system that has only the Access Manager SDK component installed.

After the patch is removed, redeploy the Access Manager applications using the amsilent file in the AccessManager-base/SUNWam directory, where AccessManager-base is the base installation directory. The default base installation directory is /opt on Solaris systems.

Set the parameters in the amsilent file, as needed for your deployment.

Then, run the following command, which is shown with Access Manager installed in the default directory on Solaris systems:

# cd /opt/SUNWam/bin
# ./amconfig -s /opt/SUNWam/amsilent

For additional information and examples about the patchadd and patchrm commands, see the appropriate Solaris man pages.

See also Post-Installation Considerations for more information.

Solaris 10 Zones

The Solaris 10 operating system introduced the new concept of “zones.” Consequently, the patchadd command includes the new -G option, which adds a patch only to the global zone. By default, the patchadd command looks for the SUNW_PKG_ALLZONES variable in the pkginfo of packages to be patched. However, for all Access Manager packages, the SUNW_PKG_ALLZONES variable is not set, and the -G option is required if Access Manager 7 2005Q4 is installed in the global zone. If Access Manager is installed in a local zone, the patchadd -G option has no effect.

If you are installing Access Manager 7 2005Q4 patches on a Solaris system, it is recommended that you use the -G option. For example:

 # patchadd -G AM7_patch_dir

Similarly, if Access Manager is installed in the global zone, the -G option is required to run the patchrm command. For example:

# patchrm -G 120954-09

Patch Installation Instructions For Linux Systems

Before you install the Linux patch, make sure that you have backed up the files listed in Pre-Installation Considerations.

The installpatch installs a patch on a standalone Linux system. For example:

# ./installpatch

The postpatch script prints messages similar to the messages on a Solaris system. However, the procedure to back out a patch on a Linux system is different than on a Solaris system. There is no generic script to back out a Linux patch. If a lower version of the patch was previously installed, you can re-install that version and then follow the postpatch instructions to redeploy the Access Manager applications by running the amconfig script.

After you run the amconfig script, execute the updateschema.sh script (patch 5 and later patches) to load the XML and LDIF files. The updateschema.sh script is available after you install patch 11 in the patch-home-directory/120956-09/scripts directory.

After you run the amconfig and updateschema.sh scripts, restart the Access Manager web container.

If the patch is installed on the Access Manager 7 2005Q4 RTM release and you want to remove the patch and restore the system to the RTM state, you must reinstall the Access Manager RTM bits using the reinstallRTM script. This script takes the path where the Access Manager RTM RPMs are stored and installs the RTM RPMs over the patched RPMs. For example:

# ./scripts/reinstallRTM path_of_AM7_RTM_RPM_directory

After you run the reinstallRTM script, redeploy the Access Manager applications by running the amconfig script and the restart the web container.

See also Post-Installation Considerations for more information.

Patch Installation Instructions For Windows Systems

The requirements to install the Windows patch include:

• Access Manager 7 2005Q4 must be installed on the Windows system. For information about installation, see the Sun Java Enterprise System 2005Q4 Installation Guide for Microsoft Windows.

• To run the patch scripts, ActivePerl 5.8 (or later) is required on the Windows system.

Installing the Windows Patch

Before you install the Windows patch, make sure that you have backed up the files listed in Pre-Installation Considerations.

In the base directory path for input to the patch scripts, use a forward slash (/). For example: c:/sun

To install the Windows patch:

1. Logon to the Windows system as a member of the Administrators group.

2. Create a directory to download and unzip the Windows patch file. For example: AM7p8

3. Download and unzip the 124296-09.zip file in the directory from the previous step.

4. Stop all Java ES 2005Q4 services.

5. Run the AM7p8\scripts\prepatch.pl script.

6. Run AM7p8\124296-09.exe to install the patch.

7. Run the AM7p8\scripts\postpatch.pl script.

8. Restart the Java ES 2005Q4 services.

9. Redeploy the Access Manager applications. See Post-Installation Considerations for more information.

10. Run the AM7p8\scripts\updateschema.pl script to update the Directory Server service schema. The script validates your entries and then loads the files. The script also writes the following log file:

    javaes-install-directory\AccessManager\AM70Patch-upgrade-schema-timestamp

11. Restart the Java ES 2005Q4 services.

Backing Out the Windows Patch

To back out the Windows patch:

1. Logon to the Windows system as a member of the Administrators group.

2. Run the Uninstall_124296-09.bat file.

3. Run the AM7p8\scripts\postbackout.pl script.

4. Redeploy the Access Manager applications.

5. Restart the Java ES 2005Q4 services.

Note: If you back out the patch, the schema changes added by the AM7p8\scripts\updateschema.pl script are not removed from Directory Server. However, you do not need to remove these schema changes manually because they will not affect Access Manager functionality or usability after the patch is backed out.

Patch Installation Instructions For HP-UX Systems

To install or remove the HP-UX patch, use the swinstall and swremove commands. For example, to install the patch to a standalone system:

# swinstall /var/spool/patch/126371-09

Or, to remove the patch from a standalone system:

# swremove 126371-09

For information about the swinstall and swremove commands, refer to the swinstall and swremove man pages.

After you install or remove the patch, you must re-deploy the Access Manager applications as described in the Post-Installation Considerations section.

After you re-deploy the Access Manager applications, execute the updateschema.sh script (patch 5 and later patches) to load the XML and LDIF files. The updateschema.sh script is available after you install patch 11 in the patch-home-directory/120956-09/scripts directory. After you run the amconfig and updateschema.sh scripts, restart the Access Manager web container.

Note: If you remove the patch, the schema changes added by the updateschema.sh script are not removed from Directory Server. However, you do not need to remove these schema changes manually because they will not affect Access Manager functionality or usability after the patch is removed.

For more information about deploying Access Manager on HP-UX systems, see the Sun Java System Access Manager 7 2005Q4 Release Notes for HP-UX.