On 11/01/2011 12:12 PM, Adam Young wrote:
We had a brief discussion on unifying the PKI and IPA Directory Server
instances. Here are my notes from it. Please fill out the details
and correct me if I've mis-stated anything below.
Issues:
1.
Both make changes to Config. One identified conflict is he
configuration of the Uniqueness plugin
2.
PKI uses Directory Manager. This is insecure. Can it use a
differen, limited admin?
3.
Index strategies are different
4.
make sure we have a union of the required sets of plugins
5.
PKI needs to set D.S. Default Name context
6.
If PKI uses the IPA datastore for users, it needs to creat the
user with all the right prerequisites (object class, defaults)
7.
PKI puts users in groups using "member of" so that should still
work for the IPA tree
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
One additional point:
8. make sure that Certificate Server and IPA upgrade mechanisms for
DirSrv don't conflict
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel