-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 6.5.0.1, 6.5.0.2, 6.5.0.3
-
Fix Version/s: None
-
Component/s: Module - Repository DS
-
Labels:
-
Target Version/s:
DS changed the password storage scheme to PBKDF2 for the cn=Directory Manager. This has a major performance impact on bind operations.
IDM uses the cn=Directory Manager user to connect to the DS IDM repository by default. This should be a dedicated non admin service account like we set in the setup profiles for for example the DS Identity repository.
Also from a security perspective using an admin account for your application to connect to external DS servers can cause a security risk.
The workaround would be to create a non admin service account and configure IDM to use that account instead of the cn=Directory Manager one.
- relates to
-
OPENDJ-7281 Add IDM-specific account in setup profile for connecting to DS
-
- Dev backlog
-