[OPENDJ-7298] Move the AM CTS admin entry out of the CTS data Created: 19/Jun/20  Updated: 28/Jul/20

Status: Dev backlog
Project: OpenDJ
Component/s: common-repo, setup
Affects Version/s: 7.0.0
Fix Version/s: None

Type: Improvement Priority: Major
Reporter: Mark Craig Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
is related to OPENDJ-7207 Retest the distribution example Done


At present, the am-cts profile creates an AM CTS admin at uid=openam_cts,ou=admins,ou=famrecords,ou=openam-session,ou=tokens.

The CTS entries are stored under ou=famrecords,ou=openam-session,ou=tokens, e.g. coreTokenId=YTv/oxEhEfXzkvDkb/7FcdxXSBQ=,ou=famrecords,ou=openam-session,ou=tokens and so forth.

As a result, the admin's entry is amidst the CTS data.

This is particularly unfortunate when using the proxy to do data distribution for CTS data, as the CTS admin account, which should be on each shard as it is used to access the data, is stored with the distributed data.

Comment by Matthew Swift [ 24/Jun/20 ]

After chatting with Phill Cunnington it appears that this account is not used in embedded mode. It is used in the AM Docker image, CDM and docs. The changes are likely to be trivial at a code/doc level, but may impact upgrade automation.

Generated at Mon Nov 30 13:42:46 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.