Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7298

Move the AM CTS admin entry out of the CTS data

    Details

    • Type: Improvement
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: common-repo, setup
    • Labels:
      None

      Description

      At present, the am-cts profile creates an AM CTS admin at uid=openam_cts,ou=admins,ou=famrecords,ou=openam-session,ou=tokens.

      The CTS entries are stored under ou=famrecords,ou=openam-session,ou=tokens, e.g. coreTokenId=YTv/oxEhEfXzkvDkb/7FcdxXSBQ=,ou=famrecords,ou=openam-session,ou=tokens and so forth.

      As a result, the admin's entry is amidst the CTS data.

      This is particularly unfortunate when using the proxy to do data distribution for CTS data, as the CTS admin account, which should be on each shard as it is used to access the data, is stored with the distributed data.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Mark Mark Craig
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: