<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<meta http-equiv="CONTENT-TYPE" content="text/html;
charset=ISO-8859-1">
<title></title>
<meta name="GENERATOR" content="LibreOffice 3.3 (Unix)">
<style type="text/css">
<!--
@page { margin: 0.79in }
P { margin-bottom: 0.08in }
-->
</style>
<p style="margin-bottom: 0in">We had a brief discussion on unifying
the PKI and IPA Directory
Server instances. Here are my notes from it. Please fill out the
details and correct me if I've mis-stated anything below.<br>
</p>
<p style="margin-bottom: 0in">Issues:</p>
<p style="margin-bottom: 0in"><br>
</p>
<ol>
<li>
<p style="margin-bottom: 0in">Both make changes to Config. One
identified conflict is he configuration of the Uniqueness
plugin</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI uses Directory Manager. This
is insecure. Can it use a differen, limited admin?</p>
</li>
<li>
<p style="margin-bottom: 0in">Index strategies are different</p>
</li>
<li>
<p style="margin-bottom: 0in">make sure we have a union of the
required sets of plugins</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI needs to set D.S. Default Name
context</p>
</li>
<li>
<p style="margin-bottom: 0in">If PKI uses the IPA datastore for
users, it needs to creat the user with all the right
prerequisites (object class, defaults)</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI puts users in groups using
“member of” so that should still work for the IPA tree</p>
<p style="margin-bottom: 0in"></p>
</li>
</ol>
</body>
</html>