[Pki-devel] replication of new/modified profiles

Ade Lee alee at redhat.com
Wed Jun 25 19:17:36 UTC 2014 

I made comments in the design page in the file/ldap section.

Its pretty late - so I'll continue to make comments tomorrow.

Ade

On Tue, 2014-06-24 at 17:07 +1000, Fraser Tweedale wrote:
> On Fri, Jun 20, 2014 at 06:00:25PM +1000, Fraser Tweedale wrote:
> > On Thu, Jun 19, 2014 at 03:12:05AM +0800, Ade Lee wrote:
> > > This is something that has been on the wishlist for awhile.
> > > There is no mechanism at this point to replicate profiles.
> > > 
> > > I agree that we should start this design.
> > > 
> > > Ade
> > > 
> > 
> > LDAP Profile Storage Design proposal (work in progress) is up on the
> > wiki: http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage
> > 
> > Input and feedback greatly appreciated, especially if anyone could
> > give guidance on the LDAP schema - I have no prior experience with
> > developing LDAP schemata.
> > 
> > Have a nice weekend, all.
> > 
> > Fraser
> > 
> 
> I've fleshed out the design proposal some more; getting close to
> ready now, modulo feedback and general approval.
> 
> Particular sections for which I would appreciate feedback are:
> 
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#Relationship_to_file-based_profile_storage
>   - whether deletion of file-based profiles should be prohibited
>   - whether a *restore profile* method is needed
> 
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#LDAP_schema
>   - Need feedback from people who understand LDAP schema better than
>     I :)
> 
> - http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage#Cloning
>   - Need feedback from people who know more than me about the
>     cloning process.
> 
> Cheers,
> 
> Fraser
> 
> > > On Wed, 2014-06-18 at 17:44 +1000, Fraser Tweedale wrote:
> > > > Hi all,
> > > > 
> > > > A requirement from the FreeIPA side is the ability to add and
> > > > customise CA profiles.  Dogtag's current profile creation behaviour
> > > > writes the new profile to the filesystem beside the standard
> > > > profiles (as well as making the appropriate update to the registry,
> > > > etc.)
> > > > 
> > > > There does not seem to be a mechanism to distribute new/modified
> > > > profiles to replicas - though perhaps I have missed something.
> > > > 
> > > > Because this behaviour is required, unless I have overlooked
> > > > something or there is a better way (in which case please shout out),
> > > > I think it makes sense to begin a design proposal for an LDAP-based
> > > > profile store.
> > > > 
> > > > Finally, a brief mention of some tickets related to profile storage
> > > > that could be good to tackle simultaneously should the proposed
> > > > change go ahead:
> > > > 
> > > > - https://fedorahosted.org/pki/ticket/778
> > > > - https://fedorahosted.org/freeipa/ticket/4002
> > > > 
> > > > _______________________________________________
> > > > Pki-devel mailing list
> > > > Pki-devel at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/pki-devel
> > > 
> > > 
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list