Re: [Freeipa-devel] Unifying the PKI and IPA Directory Server instances

Adam Young Tue, 01 Nov 2011 09:36:01 -0700

On 11/01/2011 12:12 PM, Adam Young wrote:

We had a brief discussion on unifying the PKI and IPA Directory Serverinstances. Here are my notes from it. Please fill out the detailsand correct me if I've mis-stated anything below.


Issues:


1.

    Both make changes to Config. One identified conflict is he
    configuration of the Uniqueness plugin

2.

    PKI uses Directory Manager. This is insecure. Can it use a
    differen, limited admin?

3.

    Index strategies are different

4.

    make sure we have a union of the required sets of plugins

5.

    PKI needs to set D.S. Default Name context

6.

    If PKI uses the IPA datastore for users, it needs to creat the
    user with all the right prerequisites (object class, defaults)

7.

    PKI puts users in groups using "member of" so that should still
    work for the IPA tree



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

One additional point:

8. make sure that Certificate Server and IPA upgrade mechanisms forDirSrv don't conflict

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Unifying the PKI and IPA Directory Server instances

Reply via email to