[Freeipa-users] Question about dogtag integration
Rich Megginson
rmeggins at redhat.com
Fri Oct 29 16:41:28 UTC 2010
Loris Santamaria wrote:
> Hi all
>
> while trying the latest nightly build of IPAv2 I noticed the integrated
> certification authority is installed in a second 389DS instance, so a
> full IPAv2 server would have (at least) two 389DS instances running.
>
> Why is it installed that way, instead of simply adding another suffix in
> the main instance? Using an alternative suffix in the main instance
> would consume less memory, would be a service less to monitor, and IMHO
> a cleaner design having only one ldap server in the system answering all
> possible queries.
>
>
dogtag uses a "private" instance of directory server for its private,
internal database. This server/database should not be queried by
external entities for security reasons.
More information about the Freeipa-users
mailing list