Distributed Authentication UI server performance drops when application user has insufficient privileges (6470055) (Sun Java System Access Manager 7.1 Release Notes)

Sun Java System Access Manager 7.1 Release Notes

Distributed Authentication UI server performance drops when application user has insufficient privileges (6470055)

When you deploy the Distributed Authentication UI server using the default application user, performance drops significantly due to the default application user's restricted privileges.

Workaround: Create a new user with appropriate privileges.

To create a new user with the proper ACIs:

In the Access Manager console, create a new user. For example, create a user named AuthUIuser.

In Directory Server console , add the following ACI.

dn:ou=1.0,ou=SunAMClientData,ou=ClientData,<ROOT_SUFFIX>
changetype:modifyadd:aci
aci: (target="ldap:///ou=1.0,ou=SunAMClientData,ou=ClientData,<ROOT_SUFFIX>")
(targetattr = "*"(version 3.0; acl "SunAM client data anonymous access"; 
allow (read, search, compare) userdn = "ldap:///<AuthUIuser's DN>";)

Notice that the userdn is set to "ldap:///<AuthUIuser's DN>".

See the instructions in the To Install and Configure a Distributed Authentication UI Server in Sun Java System Access Manager 7.1 Postinstallation Guide for editing the amsilent file, and for running the amadmin command.
In the amsilentfile, set the following properties:

APPLICATION_USER

Enter AuthUIuser.

APPLICATION_PASSWD

Enter a password for AuthUIuser.
Save the file.
Run the amconfig script using the new configuration file. For example, on a Solaris system with Access Manager installed in the default directory:

# cd /opt/SUNWam/bin

# ./amconfig -s ./DistAuth_config
Restart the web container on the Distributed Authentication UI server.