[Freeipa-devel] Unifying the PKI and IPA Directory Server instances
Adam Young
ayoung at redhat.com
Tue Nov 1 16:12:08 UTC 2011
We had a brief discussion on unifying the PKI and IPA Directory Server
instances. Here are my notes from it. Please fill out the details and
correct me if I've mis-stated anything below.
Issues:
1.
Both make changes to Config. One identified conflict is he
configuration of the Uniqueness plugin
2.
PKI uses Directory Manager. This is insecure. Can it use a differen,
limited admin?
3.
Index strategies are different
4.
make sure we have a union of the required sets of plugins
5.
PKI needs to set D.S. Default Name context
6.
If PKI uses the IPA datastore for users, it needs to creat the user
with all the right prerequisites (object class, defaults)
7.
PKI puts users in groups using "member of" so that should still work
for the IPA tree
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111101/5ebdb173/attachment.htm>
More information about the Freeipa-devel
mailing list