<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> On 11/01/2011 12:12 PM, Adam Young wrote: <blockquote cite="mid:4EB01A58.6070705@redhat.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> <meta http-equiv="CONTENT-TYPE" content="text/html; charset=ISO-8859-1"> <title></title> <meta name="GENERATOR" content="LibreOffice 3.3 (Unix)"> <style type="text/css">  </style> We had a brief discussion on unifying the PKI and IPA Directory Server instances. Here are my notes from it. Please fill out the details and correct me if I've mis-stated anything below. Issues: <ol> <li> Both make changes to Config. One identified conflict is he configuration of the Uniqueness plugin </li> <li> PKI uses Directory Manager. This is insecure. Can it use a differen, limited admin? </li> <li> Index strategies are different </li> <li> make sure we have a union of the required sets of plugins </li> <li> PKI needs to set D.S. Default Name context </li> <li> If PKI uses the IPA datastore for users, it needs to creat the user with all the right prerequisites (object class, defaults) </li> <li> PKI puts users in groups using “member of” so that should still work for the IPA tree </li> </ol> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Freeipa-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre> </blockquote> One additional point: 8. make sure that Certificate Server and IPA upgrade mechanisms for DirSrv don't conflict </body> </html>