[OPENDJ-7298] Move the AM CTS admin entry out of the CTS data Created: 19/Jun/20 Updated: 28/Jul/20
At present, the am-cts profile creates an AM CTS admin at uid=openam_cts,ou=admins,ou=famrecords,ou=openam-session,ou=tokens.
The CTS entries are stored under ou=famrecords,ou=openam-session,ou=tokens, e.g. coreTokenId=YTv/oxEhEfXzkvDkb/7FcdxXSBQ=,ou=famrecords,ou=openam-session,ou=tokens and so forth.
As a result, the admin's entry is amidst the CTS data.
This is particularly unfortunate when using the proxy to do data distribution for CTS data, as the CTS admin account, which should be on each shard as it is used to access the data, is stored with the distributed data.
|Comment by Matthew Swift [ 24/Jun/20 ]|
After chatting with Phill Cunnington it appears that this account is not used in embedded mode. It is used in the AM Docker image, CDM and docs. The changes are likely to be trivial at a code/doc level, but may impact upgrade automation.