Loris Santamaria wrote:
dogtag uses a "private" instance of directory server for its private,
internal database. This server/database should not be queried by
external entities for security reasons.
while trying the latest nightly build of IPAv2 I noticed the integrated
certification authority is installed in a second 389DS instance, so a
full IPAv2 server would have (at least) two 389DS instances running.
Why is it installed that way, instead of simply adding another suffix in
the main instance? Using an alternative suffix in the main instance
would consume less memory, would be a service less to monitor, and IMHO
a cleaner design having only one ldap server in the system answering all
Freeipa-users mailing list