Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15088

IDM uses cn=Directory Manager as bind DN as default for the DS IDM repository

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: In Review
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.0.1, 6.5.0.2, 6.5.0.3
    • Fix Version/s: None
    • Component/s: Module - Repository DS
    • Labels:
    • Target Version/s:
    • Story Points:
      3
    • Sprint:
      IDM - 2021.3, IDM - 2021.4
    • Season:
      2021.Spring

      Description

      DS changed the password storage scheme to PBKDF2 for the cn=Directory Manager. This has a major performance impact on bind operations. 

      IDM uses the cn=Directory Manager user to connect to the DS IDM repository by default. This should be a dedicated non admin service account like we set in the setup profiles for for example the DS Identity repository.

      Also from a security perspective using an admin account for your application to connect to external DS servers can cause a security risk.

      The workaround would be to create a non admin service account and configure IDM to use that account instead of the cn=Directory Manager one.

        Attachments

          Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OPENDJ-7281 Add IDM-specific account in setup profile for connecting to DS

          • Critical - Crashes, loss of data, severe memory leak.
          • Dev backlog

            Activity

              People

              Assignee:
              jason Jason Lemay
              Reporter:
              jelle.v Jelle Verbraak
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: