[Pki-devel] replication of new/modified profiles
Ade Lee
alee at redhat.com
Wed Jun 25 19:17:36 UTC 2014
I made comments in the design page in the file/ldap section.
Its pretty late - so I'll continue to make comments tomorrow.
Ade
On Tue, 2014-06-24 at 17:07 +1000, Fraser Tweedale wrote:
> On Fri, Jun 20, 2014 at 06:00:25PM +1000, Fraser Tweedale wrote:
> > On Thu, Jun 19, 2014 at 03:12:05AM +0800, Ade Lee wrote:
> > > This is something that has been on the wishlist for awhile.
> > > There is no mechanism at this point to replicate profiles.
> > >
> > > I agree that we should start this design.
> > >
> > > Ade
> > >
> >
> > LDAP Profile Storage Design proposal (work in progress) is up on the
> > wiki: http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage
> >
> > Input and feedback greatly appreciated, especially if anyone could
> > give guidance on the LDAP schema - I have no prior experience with
> > developing LDAP schemata.
> >
> > Have a nice weekend, all.
> >
> > Fraser
> >
>
> I've fleshed out the design proposal some more; getting close to
> ready now, modulo feedback and general approval.
>
> Particular sections for which I would appreciate feedback are:
>
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#Relationship_to_file-based_profile_storage
> - whether deletion of file-based profiles should be prohibited
> - whether a *restore profile* method is needed
>
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#LDAP_schema
> - Need feedback from people who understand LDAP schema better than
> I :)
>
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#Cloning
> - Need feedback from people who know more than me about the
> cloning process.
>
> Cheers,
>
> Fraser
>
> > > On Wed, 2014-06-18 at 17:44 +1000, Fraser Tweedale wrote:
> > > > Hi all,
> > > >
> > > > A requirement from the FreeIPA side is the ability to add and
> > > > customise CA profiles. Dogtag's current profile creation behaviour
> > > > writes the new profile to the filesystem beside the standard
> > > > profiles (as well as making the appropriate update to the registry,
> > > > etc.)
> > > >
> > > > There does not seem to be a mechanism to distribute new/modified
> > > > profiles to replicas - though perhaps I have missed something.
> > > >
> > > > Because this behaviour is required, unless I have overlooked
> > > > something or there is a better way (in which case please shout out),
> > > > I think it makes sense to begin a design proposal for an LDAP-based
> > > > profile store.
> > > >
> > > > Finally, a brief mention of some tickets related to profile storage
> > > > that could be good to tackle simultaneously should the proposed
> > > > change go ahead:
> > > >
> > > > - https://fedorahosted.org/pki/ticket/778
> > > > - https://fedorahosted.org/freeipa/ticket/4002
> > > >
> > > > _______________________________________________
> > > > Pki-devel mailing list
> > > > Pki-devel at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/pki-devel
> > >
> > >
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list