Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-15088

IDM uses cn=Directory Manager as bind DN as default for the DS IDM repository

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.0.1, 6.5.0.2, 6.5.0.3
    • Fix Version/s: None
    • Component/s: Module - Repository DS
    • Labels:
    • Target Version/s:

      Description

      DS changed the password storage scheme to PBKDF2 for the cn=Directory Manager. This has a major performance impact on bind operations. 

      IDM uses the cn=Directory Manager user to connect to the DS IDM repository by default. This should be a dedicated non admin service account like we set in the setup profiles for for example the DS Identity repository.

      Also from a security perspective using an admin account for your application to connect to external DS servers can cause a security risk.

      The workaround would be to create a non admin service account and configure IDM to use that account instead of the cn=Directory Manager one.

        Attachments

          Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. OPENDJ-7281 Add IDM-specific account in setup profile for connecting to DS

          • Critical - Crashes, loss of data, severe memory leak.
          • Dev backlog

            Activity

              People

              • Assignee:
                brmiller Brendan Miller
                Reporter:
                jelle.v Jelle Verbraak
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: