This section of the Readme contains late-breaking information related to using Access Manager with other components of the solution.
If you are using namespace versions 15.2 and 16.0 with a client application and have the property Services.Access Manager - Runtime.Authentication Source.Directory Server.Local Cache Enabled set to Yes in Configuration Manager, you may encounter the following error message
"The namespace version must be equal for this operation. Upgrade the appropriate namespace and try again."
When local cache is enabled, Access Manager stores namespace information in the local cache file. Access Manager can only store information on namespaces with the same version in one file.
If you do not need to use the local cache capability, set the property to No before doing any more operations. If you want to use this capability, delete your current local cache file and recreate it. To recreate the cache file, access a client application that is secured against the namespace that you want to use when the directory server is not running.
If you try to add more than one object, such as namespaces, users, or user classes, that contain the same basic letter configuration and you are using Active Directory as your directory server, you may receive the following error message in Access Manager - Administration:
An internal error has occurred in Access Manager.
Active Directory does not allow two objects to contain the same basic letter configuration. For example, you cannot add a user named "coté" and one named "cote".
If you enable audit logging for an Access Manager namespace, changes to userclass membership will be recorded using the Trusted Services Audit Logging service. Changes that are recorded include any users you add or remove from userclasses, but does not include changes that result from renaming a user or a userclass.
If you have audit logging enabled with the Stop on Failure option set (the default) and a failure occurs when you are making modifications to a namespace, Access Manager will not save any of the auditable changes. If your modifications included changes that are not auditable (for example, to datasource memberships), some changes may be saved while others are reverted.
For example, if you are deleting a user with userclass memberships and access to various datasources, Access Manager removes the user from the userclasses, an auditable event, and from the datasource memberships, a non-auditable event. If audit logging fails during the deletion from the userclasses, Access Manager reverses the action, and the user will still belong to the userclasses. However, the user will no longer have access to the various datasources, because Access Manager has deleted the user from the datasource memberships in the directory server, and they cannot be restored.
Your security administrator should investigate why the audit logging failed, repair the problem, and then continue with the modifications to the namespace.
Note: Access Manager does not leave the namespace in a corrupted state.
You may encounter a "kSecurityErrorNamespaceNameNotFound" error when logging into Upfront. This may occur when all of the following conditions apply to your environment:
To avoid this situation, add the certificate authority (CA) certificate for the LDAP server to both the Access Manager cert7.db file and the SunOne Web Server cert8.db file.
You cannot configure the directory server for Series 7 via a secured port. You must first configure the directory server for Series 7 via a standard unsecured port and then secure the connection using SSL.
When configuring SSL for the Access Manager Server, a cert7.db file is required. In the Access Manager Administrator Guide, you are instructed to use the certutil utility to create this file. On UNIX, the version of certutil in the installation_location/cognos/bin directory generates only cert8.db files.
For Series 7 Version 4, you must use the certutil utility included on the IBM Cognos product CD to generate the cert7.db file. The utility is located in the support_files/sun_one/certutil folder.