#!/bin/sh 

AWK=/usr/bin/awk
NAWK=/usr/bin/nawk
ECHO=/usr/bin/echo
MV=/usr/bin/mv
CP=/usr/bin/cp
RM=/usr/bin/rm
GREP=/usr/bin/grep
SED=/usr/bin/sed
HEAD=/usr/bin/head
TOUCH=/usr/bin/touch
CHMOD=/usr/bin/chmod
FIND=/usr/bin/find
CUT=/usr/bin/cut
WC=/usr/bin/wc
LS=/usr/bin/ls

PATH=.:/bin:/usr/bin:/usr/sbin:/etc
export PATH

VERSION_FILE=.version
PATCH_ID=120954-02
BKFILESUFFIX=-pre-$PATCH_ID
CONFIG_DIR=/etc/opt/SUNWam/config
AMCONFIG=$CONFIG_DIR/AMConfig.properties

##############################################################
# Following function test for existence of a package
##############################################################
check_for_sdk() {
   pkginfo -q SUNWamsdk
   if [ $? -eq 0 ]; then
      sdk="yes"
   else
      sdk="no"
   fi
}

check_for_svc() {
   pkginfo -q SUNWamsvc
   if [ $? -eq 0 ]; then
      svc="yes"
   else
      svc="no"
   fi
}

check_for_con() {
   pkginfo -q SUNWamcon
   if [ $? -eq 0 ]; then
      con="yes"
   else
      con="no"
   fi
}

check_for_iws() {
   pkginfo -q SUNWamsws
   if [ $? -eq 0 ]; then
      iws="yes"
   else
      iws="no"
   fi
}

check_for_fcd() {
   pkginfo -q SUNWamfcd
   if [ $? -eq 0 ]; then
      fcd="yes"
   else
      fcd="no"
   fi
}

check_for_sam() {
   pkginfo -q SUNWamsam
   if [ $? -eq 0 ]; then
      sam="yes"
   else
      sam="no"
   fi
}

check_for_sac() {
   pkginfo -q SUNWamsac
   if [ $? -eq 0 ]; then
      sac="yes"
   else
      sac="no"
   fi
}

check_for_wlc() {
   pkginfo -q SUNWamwlc
   if [ $? -eq 0 ]; then
      wlc="yes"
   else
      wlc="no"
   fi
}

check_for_wsc() {
   pkginfo -q SUNWamwsc
   if [ $? -eq 0 ]; then
      wsc="yes"
   else
      wsc="no"
   fi
}

check_for_clnt() {
  pkginfo -q SUNWamclnt
  if [ $? -eq 0 ]; then
    clnt="yes"
  else
    clnt="no"
  fi
}

##############################################################
# Replace block
##############################################################
ReplaceBlock() {
  FILE=$1
  START_TAG=$2
  END_TAG=$3
  NEW_TEXT_FILE=$4

  $CP $FILE $FILE-tmp
  $NAWK 'BEGIN {
           IN_REPLACE = 0;
         };
         {
           if (index($0, START_TAG) > 0) {
            while (getline str < NEW_TEXT_FILE > 0) {
              if (length(str) > 0) {
                printf("%s\n", str);
              }
            }
             IN_REPLACE = 1;
           } else if (index($0, END_TAG) > 0) {
             if (IN_REPLACE == 0) {
               printf("%s\n", $0);
             }
             IN_REPLACE = 0;
           } else {
             if (IN_REPLACE == 0) {
               printf("%s\n", $0);
             }
           }
         };
         END {};' START_TAG="$START_TAG" END_TAG="$END_TAG" NEW_TEXT_FILE="$NEW_TEXT_FILE" $FILE-tmp > $FILE
  $RM -f $FILE-tmp
}

##############################################################
# Delete block
##############################################################
DeleteBlock() {
  FILE=$1
  START_TAG=$2
  END_TAG=$3

  $CP $FILE $FILE-tmp
  $NAWK 'BEGIN {
           IN_REPLACE = 0;
         };
         {
           if (index($0, START_TAG) > 0) {
             IN_REPLACE = 1;
           } else if (index($0, END_TAG) > 0) {
             if (IN_REPLACE == 0) {
               printf("%s\n", $0);
             }
             IN_REPLACE = 0;
           } else {
             if (IN_REPLACE == 0) {
               printf("%s\n", $0);
             }
           }
         };
         END {};' START_TAG="$START_TAG" END_TAG="$END_TAG" $FILE-tmp > $FILE
  $RM -f $FILE-tmp
}

##############################################################
# Insert before tag
##############################################################
InsertBlock() {
  FILE=$1
  TAG=$2
  NEW_TEXT_FILE=$3

  $CP $FILE $FILE-tmp
  $NAWK 'BEGIN {};
         {
           if (index($0, TAG) > 0) {
             while (getline str < NEW_TEXT_FILE > 0) {
               if (length(str) > 0) {
                 printf("%s\n", str);
               }
             }
             printf("%s\n", $0);
           } else {
             printf("%s\n", $0);
           }
         };
         END {};' TAG="$TAG" NEW_TEXT_FILE="$NEW_TEXT_FILE" $FILE-tmp > $FILE
  $RM -f $FILE-tmp
}

##############################################################
# copies the named file to a backup copy to be restored if
# patch is removed.
##############################################################
backupFile() {
  file=$1
  if [ ! -f $file$BKFILESUFFIX ]; then
    r=`$ECHO $file | $CUT -d/ -f1`
    if [ x$r = "x" ]; then
	$ECHO "Backing up $file"
    else
      $ECHO "Backing up `pwd`/$file"
    fi
    $CP $file $file$BKFILESUFFIX
  fi
}

##############################################################
# replaces a line in the specified file.
##############################################################
replace_line() {
  file=$1
  match=$2
  new=$3

  $CP $file $file-orig-$$
  $SED -e "
/$match/ {
c\\
$new
}" $file > $file-tmp
  $MV $file-tmp $file
  $RM $file-orig-$$
}

##############################################################
# add a text line below the the line which has match key
##############################################################
insert_line() {
  file=$1
  match=$2
  new=$3

  cp $file $file-orig-$$
  $SED -e "
  /$match/ {
  a\\
$new
  }" $file > $file-tmp
  $MV $file-tmp $file
  $RM $file-orig-$$
}

##############################################################
# remove a text line which has match key
##############################################################
remove_line() {
  file=$1
  match=$2

  cp $file $file-orig-$$
  grep -v "$match" $file > $file-tmp
  $MV $file-tmp $file
  $RM $file-orig-$$
}

##############################################################
# Replace all the occurences of the string in the file.
##############################################################
replace_all() {
  file=$1
  match=$2
  new=$3
  cp $file $file-orig-$$
  $SED -e "s/$match/$new/g" $file > $file-tmp
  cp $file-tmp $file
  rm $file-orig-$$ $file-tmp
}

##############################################################
# read BASEDIR from AM package
##############################################################
get_base_dir() {
  check_for_sdk
  check_for_clnt
  if [ "$sdk" = "yes" ]; then
    pkg="SUNWamsdk"
  elif [ $clnt = "yes" ]; then
    $ECHO "This system has Access Manager Client SDK only"
    exit 0
  else
    $ECHO "Access manager is not installed on this system"
    exit 1
  fi

  BASEDIR=`pkgparam $pkg BASEDIR`
  INSTALL_DIR=$BASEDIR/SUNWam
}

##############################################################
# update the .version string
##############################################################
updateVersionString() {
  cd $CONFIG_DIR
  if [ ! -f $VERSION_FILE ]; then
    $ECHO "Sun Java System Access Manager 2005Q4" > $VERSION_FILE
  fi

  HASIT=`$GREP $PATCH_ID $VERSION_FILE | $WC -l | $SED -e 's/ //g'`
  if [ x$HASIT != "x0" ]; then
    return
  fi
  backupFile $VERSION_FILE
  $ECHO "$PATCH_ID" >> $VERSION_FILE
}

##############################################################
# update file AMConfig.properties
##############################################################
updateAMConfig() {
  # add property com.sun.identity.am.cookie.check
  defined=`$GREP com.sun.identity.am.cookie.check $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# Flag to indicate whether server should check for the cookie support / cookie
# enabled in the browser.
# Value "true" will result in server checking for the cookie support / cookie
# enabled in the browser and throwing an error page if the browser does not
# support or has not enabled cookie.
# This value should be set to \"false\" (which is default) if the server is
# expected to support cookieless mode for Authentication functionality.
com.sun.identity.am.cookie.check=COOKIE_CHECK
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.identity.session.property.doNotTrimList $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# This property can contain list of comma separated session property names.
# Once a session is timed out, those properties defined in this list will
# not be trimed off, so that can be accessed before the session is purged.
# Example:
#   com.sun.identity.session.property.doNotTrimList=UserId, HostName
com.sun.identity.session.property.doNotTrimList=
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.identity.federation.spadapter $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# This property is the default implementation of federation service provider
# adapter where the application can get hold of assertion, response information
com.sun.identity.federation.spadapter=com.sun.identity.federation.plugins.FSDefaultSPAdapter
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.am.event.connection.disable.list $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# The key 'com.sun.am.event.connection.disable.list' specifies which
# event connection to be disabled. There are three valid values - aci, sm
# and um (case insensitive). Multiple values should be separated with \",\".
com.sun.am.event.connection.disable.list=
" >> $AMCONFIG
  fi

  defined=`$GREP com.iplanet.services.cdc.WaitImage.display $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# The property com.iplanet.services.cdc.WaitImage.display
# needs to be set to true to have an image displayed in the
# browser while waiting for the protected page in a
# CDSSO scenario (default is false).
# The three following properties allow to choose the name,
# the width and and the height of the image.
# The default name for the image is waitImage.gif. This image
# image be copied in the login_images directory. The default
# size is 420 x 120.
# These properties will be read by CDCServlet.
com.iplanet.services.cdc.WaitImage.display =false
com.iplanet.services.cdc.WaitImage.name =waitImage.gif
com.iplanet.services.cdc.WaitImage.width =420
com.iplanet.services.cdc.WaitImage.height =120
" >> $AMCONFIG
  fi

}

##############################################################
# messages about redeploy
##############################################################
redeployMessage() {
  check_for_con
  check_for_svc
  if [ $con = "no" ] && [ $svc = "no" ]; then
    return
  fi

  SILENTFILE=$BASEDIR/SUNWam/amsilent
  backupFile $SILENTFILE
  $CP $INSTALL_DIR/bin/amsamplesilent $SILENTFILE
  replace_line $SILENTFILE "^DEPLOY_LEVEL=" "DEPLOY_LEVEL=21"
  replace_line $SILENTFILE "^DIRECTORY_MODE=" "DIRECTORY_MODE=5"
  replace_line $SILENTFILE "^BASEDIR=" "BASEDIR=$BASEDIR"

  SERVER_PROTOCOL=`$GREP "^com.iplanet.am.server.protocol" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^SERVER_PROTOCOL=" \
      "SERVER_PROTOCOL=$SERVER_PROTOCOL"

  SERVER_HOST=`$GREP "^com.iplanet.am.server.host=" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^#SERVER_HOST=" "SERVER_HOST=$SERVER_HOST"

  SERVER_NAME=`$ECHO $SERVER_HOST | $CUT -d. -f1`
  replace_line $SILENTFILE "^#SERVER_NAME=" "SERVER_NAME=$SERVER_NAME"

  SERVER_PORT=`$GREP "^com.iplanet.am.server.port=" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^#SERVER_PORT=" "SERVER_PORT=$SERVER_PORT"

  DS_HOST=`$GREP "^com.iplanet.am.directory.host=" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^#DS_HOST=" "DS_HOST=$DS_HOST"

  ROOT_SUFFIX=`$GREP "^com.iplanet.am.rootsuffix=" $AMCONFIG | \
      $CUT -d= -f2-`
  replace_line $SILENTFILE "^#ROOT_SUFFIX=" "ROOT_SUFFIX=\"$ROOT_SUFFIX\""

  AM_ENC_PWD=`$GREP "^am.encryption.pwd=" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^#AM_ENC_PWD=" "AM_ENC_PWD=$AM_ENC_PWD"

  OS=`uname`
  if [ $OS = "SunOS" ]; then
    replace_line $SILENTFILE "^#PAM_SERVICE_NAME=" "PAM_SERVICE_NAME=other"
  fi

  WEB_CONTAINER=`$GREP "^com.sun.identity.webcontainer=" $AMCONFIG | \
      $CUT -d= -f2`
  if [ $WEB_CONTAINER = "WEB_CONTAINER" ]; then
    WEB_CONTAINER=WS6
    WS61_HOME=`pkgparam SUNWwbsvr BASEDIR`
    replace_line $SILENTFILE "^WS61_HOME=" "WS61_HOME=$WS61_HOME"
  elif [ $WEB_CONTAINER = "IAS8.1" ]; then
    WEB_CONTAINER=AS8
    AS81_HOME=`pkgparam SUNWasu BASEDIR`/appserver
    replace_line $SILENTFILE "^AS81_HOME=" "AS81_HOME=$AS81_HOME" 
  elif [ $WEB_CONTAINER = "BEA8.1" ]; then
    WEB_CONTAINER=WL8
  elif [ $WEB_CONTAINER = "IBM5.1" ]; then
    WEB_CONTAINER=WAS5
    WAS51_HOME=`pkgparam WSBAA51 BASEDIR`
    replace_line $SILENTFILE "^WAS51_HOME=" "WAS51_HOME=$WAS51_HOME" 
  fi
  replace_line $SILENTFILE "^#WEB_CONTAINER=" "WEB_CONTAINER=$WEB_CONTAINER"

  CONSOLE_REMOTE=`$GREP "^com.iplanet.am.console.remote=" $AMCONFIG | \
      $CUT -d= -f2`
  replace_line $SILENTFILE "^CONSOLE_REMOTE=" "CONSOLE_REMOTE=$CONSOLE_REMOTE"

  SERVER_DEPLOY_URI=`$GREP "^com.iplanet.am.services.deploymentDescriptor=" \
      $AMCONFIG | $CUT -d= -f2`
  replace_line $SILENTFILE "^SERVER_DEPLOY_URI=" \
      "SERVER_DEPLOY_URI=$SERVER_DEPLOY_URI"

  CONSOLE_DEPLOY_URI=`$GREP "^com.iplanet.am.console.deploymentDescriptor=" \
      $AMCONFIG | $CUT -d= -f2`
  replace_line $SILENTFILE "^CONSOLE_DEPLOY_URI=" \
      "CONSOLE_DEPLOY_URI=$CONSOLE_DEPLOY_URI"

  PASSWORD_DEPLOY_URI=`$GREP "^com.sun.identity.password.deploymentDescriptor="\
      $AMCONFIG | $CUT -d= -f2`
  replace_line $SILENTFILE "^PASSWORD_DEPLOY_URI=" \
      "PASSWORD_DEPLOY_URI=$PASSWORD_DEPLOY_URI"

  USER_NAMING_ATTR=`$GREP "^com.sun.identity.authentication.super.user=" \
      $AMCONFIG | $CUT -d= -f2`
  replace_line $SILENTFILE "^USER_NAMING_ATTR=" \
      "USER_NAMING_ATTR=$USER_NAMING_ATTR"

  LOCALE=`$GREP "^com.iplanet.am.locale=" $AMCONFIG | $CUT -d= -f2`
  replace_line $SILENTFILE "^PLATFORM_LOCALE=" "PLATFORM_LOCALE=$LOCALE"

  XMLFILE=$CONFIG_DIR/xml/amPlatform.xml
  if [ -f $XMLFILE ] ; then
    COOKIE_DOMAIN=`$SED -n -e \
        "/iplanet-am-platform-cookie-domains/,/AttributeSchema/p" $XMLFILE \
        | $GREP "<Value>" \
        | $SED -e "s/<Value>//" \
        | $SED -e "s#</Value>##" \
        | $SED -e "s#<DefaultValues>##" \
        | $SED -e "s#</DefaultValues>##" \
        | $AWK 'BEGIN { FS=" " } { print $1 }'`
    replace_line $SILENTFILE "^#COOKIE_DOMAIN=" "COOKIE_DOMAIN=$COOKIE_DOMAIN"

    XML_ENCODING=`$GREP encoding= $XMLFILE | $CUT -d\" -f4`
    replace_line $SILENTFILE "^XML_ENCODING=" "XML_ENCODING=$XML_ENCODING"
  fi

  XMLFILE=$CONFIG_DIR/xml/idRepoService.xml
  if [ -f $XMLFILE ] ; then
    AM_REALM=`$SED -n -e "/realmMode/,/AttributeSchema/p" $XMLFILE \
        | $GREP "<Value>" \
        | $SED -e "s#<Value>##" \
        | $SED -e "s#</Value>##" \
        | $SED -e "s#<DefaultValues>##" \
        | $SED -e "s#</DefaultValues>##" \
        | $AWK 'BEGIN { FS=" " } { print $1 }'`
    if [ $AM_REALM = "true" ]; then
      AM_REALM=enabled
    else
      AM_REALM=disabled
    fi
    replace_line $SILENTFILE "^AM_REALM=" "AM_REALM=$AM_REALM"
  fi

  NEW_OWNER=`$LS -l $AMCONFIG | $AWK 'BEGIN { FS=" " } { print $3 }'`
  replace_line $SILENTFILE "^#NEW_OWNER=" "NEW_OWNER=$NEW_OWNER"
  NEW_GROUP=`$LS -l $AMCONFIG | $AWK 'BEGIN { FS=" " } { print $4 }'`
  replace_line $SILENTFILE "^#NEW_GROUP=" "NEW_GROUP=$NEW_GROUP"

  $ECHO "
    After patch installation, please redeploy AM applications by following
    the release notes (120954-02/rel_notes.html#3). A draft amsilent file
    is created in $BASEDIR/SUNWam directory.

    This amsilent is based on $INSTALL_DIR/bin/amsamplesilent, but with
    some required parameters set according to the AM config files on this
    system.

    The password parameter values in $SILENTFILE contain 
    default values. Please uncomment and modify the value of each password 
    parameter, and carefully check and make sure the accuracy of other 
    parameters in this file. Then run command

    # cd $INSTALL_DIR/bin
    # ./amconfig -s $SILENTFILE
  "

  chmod go-rwx $SILENTFILE
}

##############################################################
# generate XML files for modifying service schema
##############################################################
updateServiceSchema() {
  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>

<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE ServicesConfiguration
    PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd">

<ServicesConfiguration>
    <Service name="iPlanetAMPolicyService" version="1.0">
        <PluginSchema name="LDAPFilterCondition"
            interfaceName="Condition"
            className="com.sun.identity.policy.plugins.LDAPFilterCondition"
            i18nFileName="amPolicy"
            i18nKey="sun-ldapfilter-condition-name" />
    </Service>
</ServicesConfiguration>
' > /etc/opt/SUNWam/AddLDAPFilterCondition.xml

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>

<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
    -->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"    "jar://com/iplanet/am/admin/cli/amAdmin.dtd">

<Requests>
    <SchemaRequests serviceName="iPlanetAMPolicyConfigService"
	SchemaType="Organization" i18nKey="">
	<AddChoiceValues>
            <ChoiceValue AttributeName="iplanet-am-policy-selected-conditions" 
                I18NKey="a141fc" value="LDAPFilterCondition" />
	</AddChoiceValues>
    </SchemaRequests>

    <SchemaRequests serviceName="iPlanetAMPolicyConfigService"
	SchemaType="Organization" i18nKey="">
	<AddDefaultValues>
            <AttributeValuePair>
                <Attribute name="iplanet-am-policy-selected-conditions"/>
                <Value>LDAPFilterCondition</Value>
            </AttributeValuePair>
	</AddDefaultValues>
    </SchemaRequests>
</Requests>
' > /etc/opt/SUNWam/amPolicyConfig_mod_ldfc.xml

  $ECHO "\
    XML file AddLDAPFilterCondition.xml and amPolicyConfig_mod_ldfc.xml
    are generated in /etc/opt/SUNWam directory. Please run amadmin tool
    to import them. For more details, please check the release notes 
    (120954-02/rel_notes.html#LDAPFilterCondition).
  "


  $ECHO "dn:cn=schema
changetype:modify
add:attributeTypes
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.793 NAME 'sunAMAuthInvalidAttemptsData' DESC 'XML data for Invalid Login Attempts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
-
add:Objectclass
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.118 NAME 'sunAMAuthAccountLockout' DESC 'Invalid Login Attempts Object Class' SUP top AUXILIARY MAY ( sunAMAuthInvalidAttemptsData ) X-ORIGIN 'Sun Java System Identity Management' )
" > /etc/opt/SUNWam/accountLockout.ldif


   $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->


<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>

<Requests>
 <ServiceConfigurationRequests serviceName="DAI">
        <ModifySubConfiguration
            operation="add"
            subConfigName="/templates/CreationTemplates/BasicUser">
            <AttributeValuePair> <Attribute name="required" />
                <Value>objectClass=sunAMAuthAccountLockout</Value>
            </AttributeValuePair>
        </ModifySubConfiguration>
 </ServiceConfigurationRequests>

 <SchemaRequests serviceName="sunIdentityRepositoryService"
                SchemaType="Organization" SubSchema="LDAPv3" >
    <AddDefaultValues>
       <AttributeValuePair>
               <Attribute name="sun-idrepo-ldapv3-config-user-objectclass"/>
               <Value>sunAMAuthAccountLockout</Value>
         </AttributeValuePair>
         <AttributeValuePair>
               <Attribute name="sun-idrepo-ldapv3-config-user-attributes"/>
               <Value>sunAMAuthInvalidAttemptsData</Value>
         </AttributeValuePair>
     </AddDefaultValues>

 </SchemaRequests>

 <SchemaRequests serviceName="iPlanetAMAuthService"
                SchemaType="Organization" >
   <AddAttributeSchema fileName="/etc/opt/SUNWam/accountLockoutAuthServiceSchema.xml" />

 </SchemaRequests>
</Requests>
' > /etc/opt/SUNWam/accountLockoutData.xml

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->



<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd"
>

<Requests>


                 <AttributeSchema name="sunStoreInvalidAttemptsInDS"
                     type="single"
                     syntax="boolean"
                     i18nKey="a144">
                     <DefaultValues>
                         <Value>true</Value>
                     </DefaultValues>
                 </AttributeSchema>

</Requests>
' > /etc/opt/SUNWam/accountLockoutAuthServiceSchema.xml 

   $ECHO "\
    LDIF file accountLockout.ldif and XML file accountLockoutData.xml
    are generated in /etc/opt/SUNWam directory. Please run ldapmodify
    to load the ldif file and amadmin to import the xml file.
    For more details, please check the release notes
    (120954-02/rel_notes.html#accountlockout).
  "

}

##############################################################
# main processing
##############################################################
get_base_dir
updateVersionString
updateAMConfig
redeployMessage
updateServiceSchema

exit 0
