On 6.3.2014 16:56, Jakub Hrozek wrote:
On Wed, Mar 05, 2014 at 05:56:25PM +0100, Jan Cholasta wrote:
On 5.3.2014 16:02, Petr Spacek wrote:
a) Do not invent any new schema for certificates and public keys. A set
of "PKCS-providers" in SSSD will aggregate the data from various sources
and transform them to appropriate format.
A heavy machinery in SSSD will convert existing data in IPA LDAP tree to
PKCS#11 objects presented over PKCS#11 interface.
Petr requested a diagram for this scenario; see attachment.
Awesome, this is helpful for someone like me who hasn't been following
the whole thread on freeipa-devel into the detail.
Given that you plan on implementing an AD provider as well, I guess it
would make sense to also implement (but maybe not expose unless there is
a common schema) a purre LDAP provider that both IPA and AD would share?
I did not include pure LDAP only because that would make the diagram too
big ;-)
Are you going to turn this e-mail into a design page and file SSSD
tickets? Who's going to own the feature in SSSD, you, Petr or both?
Me, I guess, at least the generic bits and the part related to
certificates. I will create a design page.
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
