This technical note describes the ACIs configured for the Sun Java Access Manager 7 2005Q4 in Realm and Legacy Modes of installation, in terms of the ACIs defined for Sun Java Access Manager 6 2005Q1 (6.3). The intent of this technical note is to describe the changes that have taken place, as far as ACIs are concerned, in Sun Java Access Manager 7 2005Q4 in comparison with the previous release of the product, Sun Java System Access Manager 6 2005Q1 (6.3), especially when Sun Java Access Manager 7 2005Q4 is configured to run in the Realm Mode of operation.
When Sun Java Access Manager 7 2005Q4 is configured in the Realm Mode of operation:
The number of ACIs used are considerably lower than when configured in the Legacy Mode of operation. It's essentially a subset of the ACIs defined in Access Manager 7 2005Q4 Legacy Mode and Access Manager 6 2005Q1 (6.3). Hence, the performance overhead is reduced, due to fewer ACIs. The reason for using fewer ACIs is due to the adoption of a new access control model.
The anonymous ACIs are deleted, to avoid any anonymous access.
The ACIs recorded in install.ldif for a new directory instance or installExisting.ldif for an existing directory instance files are created during the installation of Access Manager in the following directory, depending on your platform:
Solaris systems: /etc/opt/SUNWam/config/ldif
Linux and HP-UX systems: /etc/opt/sun/identity/config/ldif
Windows systems: AccessManager-base\identity\config\ldif
AccessManager-base is the base installation directory: /opt on Solaris systems and /opt/sun on Linux and HP-UX systems.
On Windows systems, AccessManager-base is javaes-install-directory\AccessManager. For example: C:\Program Files\Sun\AccessManager
In this document, the terms ORG_ROOT_SUFFIX and ROOT_SUFFIX are the same and have the same value. Regard references in this document to those terms to be the same node in the directory DIT.