[Pki-devel] replication of new/modified profiles
Fraser Tweedale
ftweedal at redhat.com
Fri Jun 20 08:00:25 UTC 2014
On Thu, Jun 19, 2014 at 03:12:05AM +0800, Ade Lee wrote:
> This is something that has been on the wishlist for awhile.
> There is no mechanism at this point to replicate profiles.
>
> I agree that we should start this design.
>
> Ade
>
LDAP Profile Storage Design proposal (work in progress) is up on the
wiki: http://pki.fedoraproject.org/wiki/LDAP_Profile_Storage
Input and feedback greatly appreciated, especially if anyone could
give guidance on the LDAP schema - I have no prior experience with
developing LDAP schemata.
Have a nice weekend, all.
Fraser
> On Wed, 2014-06-18 at 17:44 +1000, Fraser Tweedale wrote:
> > Hi all,
> >
> > A requirement from the FreeIPA side is the ability to add and
> > customise CA profiles. Dogtag's current profile creation behaviour
> > writes the new profile to the filesystem beside the standard
> > profiles (as well as making the appropriate update to the registry,
> > etc.)
> >
> > There does not seem to be a mechanism to distribute new/modified
> > profiles to replicas - though perhaps I have missed something.
> >
> > Because this behaviour is required, unless I have overlooked
> > something or there is a better way (in which case please shout out),
> > I think it makes sense to begin a design proposal for an LDAP-based
> > profile store.
> >
> > Finally, a brief mention of some tickets related to profile storage
> > that could be good to tackle simultaneously should the proposed
> > change go ahead:
> >
> > - https://fedorahosted.org/pki/ticket/778
> > - https://fedorahosted.org/freeipa/ticket/4002
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
>
>
More information about the Pki-devel
mailing list