[Pki-devel] [PATCH] 264 -- add replication options to pkispawn
Ludwig Krispenz
lkrispen at redhat.com
Mon Jul 20 08:07:15 UTC 2015
Hi,
thanks for the patch, do you have a link to some build instructions for
pki ?
I looked into the patch and I think I was not clear enough about the
bindDnGroup. It is only an attribute of the replica object, not of the
replication agreement.
The idea is, instead of adding a binddn to each replica object for each
incoming replication agreement to define a group of users allowed as
replicaBinddns. In the replication agreement you still can set a bindn,
if it is a member of the binddngroup. In IPA we want to use GSSAPI and
the bind dn is the kerberos ldap principal of the connecting server, the
binddngroup contains all ldap principal of the servers in the topology.
Regards,
Ludwig
On 07/17/2015 11:34 PM, Ade Lee wrote:
> This patch will be for Dogtag 10.2.7, and is still in preliminary
> testing. I'm posting mostly so that folks can take a look at whats
> coming and see whether it meets what is needed for IPA et. al.
>
> The is for ticket 1414.
>
> Ade
More information about the Pki-devel
mailing list