0

I know opendj can create a policy of pass-through in cn=config, but cn=config will not be replicated.

I'm wondering if it's possible to create such a pass-through policy for sub-entry based ? Thus, replica can work.

And my another requirement is that the pass-through policy can be changed during runtime.

If yes, is there any document or example that I can learn?

Thanks

Feng Xi
  • 1,005
  • 2
  • 11
  • 30

1 Answers1

1

Policies can be change at runtime and the change will be applied immediately without a server restart (like most of OpenDJ configuration). But there is no support for Passthrough AuthN policies as subentries in OpenDJ for now. How many pass-through policies do you think you will need to configure ?

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • Thanks Ludovic. I can not know how many pass-through policies ,because it probably depends on how many PTA servers on our customer. But at most 2-3. My concern is that the cn=config will NOT be replicated for OpenDJ cluster. do you have any other suggestions? or probably I can develop some code on server based pta policy to dynamically read the pta authn info from somewhere in data entry which will be replicated. – Feng Xi May 20 '17 at 00:13