[Freeipa-devel] Unifying the PKI and IPA Directory Server instances
Adam Young
ayoung at redhat.com
Tue Nov 1 16:34:51 UTC 2011
On 11/01/2011 12:12 PM, Adam Young wrote:
>
> We had a brief discussion on unifying the PKI and IPA Directory Server
> instances. Here are my notes from it. Please fill out the details
> and correct me if I've mis-stated anything below.
>
> Issues:
>
>
> 1.
>
> Both make changes to Config. One identified conflict is he
> configuration of the Uniqueness plugin
>
> 2.
>
> PKI uses Directory Manager. This is insecure. Can it use a
> differen, limited admin?
>
> 3.
>
> Index strategies are different
>
> 4.
>
> make sure we have a union of the required sets of plugins
>
> 5.
>
> PKI needs to set D.S. Default Name context
>
> 6.
>
> If PKI uses the IPA datastore for users, it needs to creat the
> user with all the right prerequisites (object class, defaults)
>
> 7.
>
> PKI puts users in groups using "member of" so that should still
> work for the IPA tree
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
One additional point:
8. make sure that Certificate Server and IPA upgrade mechanisms for
DirSrv don't conflict
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111101/c0074189/attachment.htm>
More information about the Freeipa-devel
mailing list