Improving Performance for the Default Application User
When you deploy a Distributed Authentication UI server using the default application user, performance can drop significantly due to the default application user's restricted privileges in Directory Server.
To improve performance for the Distributed
Authentication UI server default user:
-
In the Access Manager console, create a new user. For example: DistAuthUIuser.
-
In Directory Server, add the DistAuthUIuser user with a new ACI to allow reading, searching, and comparing user attributes. An example of this new ACI is:
dn:ou=1.0,ou=SunAMClientData,ou=ClientData,dc=example,dc=com changetype:modifyadd:aci aci: (target="ldap:///ou=1.0,ou=SunAMClientData,ou=ClientData,dc=example,dc=com") (targetattr = "*"(version 3.0; acl "SunAM client data access for application user"; allow (read, search, compare) userdn = "ldap:///uid=DistAuthUIuser,ou=people,dc=example,dc=com";)
-
On the Distributed Authentication UI server, set the following variables in the configuration file:
APPLICATION_USER=DistAuthUIuser APPLICATION_PASSWD=DistAuthUIuser-password
On Solaris and Linux systems, the configuration file is based on the amsamplesilent file and is named DistAuth_config in the next step. Set any other variables in the DistAuth_config file, as required for your deployment.
On Windows systems, use the AMConfigurator.properties file to create a new configuration file. For example: AMConfigurator-distauth.properties.
-
Run the amconfig script using the edited configuration file.
For example, on a Solaris system with Access Manager installed in the default directory:
# cd /opt/SUNWam/bin # ./amconfig -s ./DistAuth_config
On Windows systems, in the amconfig.bat file, change AMConfigurator.properties to AMConfigurator-distauth.properties, and then run the edited amconfig.bat file.
-
Restart the web container on the Distributed Authentication UI server.
- © 2010, Oracle Corporation and/or its affiliates