<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
On 11/01/2011 12:12 PM, Adam Young wrote:
<blockquote cite="mid:4EB01A58.6070705@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<meta http-equiv="CONTENT-TYPE" content="text/html;
charset=ISO-8859-1">
<title></title>
<meta name="GENERATOR" content="LibreOffice 3.3 (Unix)">
<style type="text/css">
<!--
@page { margin: 0.79in }
P { margin-bottom: 0.08in }
-->
</style>
<p style="margin-bottom: 0in">We had a brief discussion on
unifying the PKI and IPA Directory Server instances. Here are
my notes from it. Please fill out the details and correct me if
I've mis-stated anything below.<br>
</p>
<p style="margin-bottom: 0in">Issues:</p>
<p style="margin-bottom: 0in"><br>
</p>
<ol>
<li>
<p style="margin-bottom: 0in">Both make changes to Config. One
identified conflict is he configuration of the Uniqueness
plugin</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI uses Directory Manager. This
is insecure. Can it use a differen, limited admin?</p>
</li>
<li>
<p style="margin-bottom: 0in">Index strategies are different</p>
</li>
<li>
<p style="margin-bottom: 0in">make sure we have a union of the
required sets of plugins</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI needs to set D.S. Default
Name context</p>
</li>
<li>
<p style="margin-bottom: 0in">If PKI uses the IPA datastore
for users, it needs to creat the user with all the right
prerequisites (object class, defaults)</p>
</li>
<li>
<p style="margin-bottom: 0in">PKI puts users in groups using
“member of” so that should still work for the IPA tree</p>
</li>
</ol>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
One additional point: <br>
<br>
8. make sure that Certificate Server and IPA upgrade mechanisms for
DirSrv don't conflict<br>
</body>
</html>