Loris Santamaria wrote:
Hi all

while trying the latest nightly build of IPAv2 I noticed the integrated
certification authority is installed in a second 389DS instance, so a
full IPAv2 server would have (at least) two 389DS instances running.
Why is it installed that way, instead of simply adding another suffix in
the main instance? Using an alternative suffix in the main instance
would consume less memory, would be a service less to monitor, and IMHO
a cleaner design having only one ldap server in the system answering all
possible queries.

dogtag uses a "private" instance of directory server for its private, internal database. This server/database should not be queried by external entities for security reasons.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to