[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dogtag CA with OpenLDAP?

Dogtag is an appealing solution when a fully fleshed PKI is needed.

But do NOT try to remove its internal DB. This will not work. Discussed with the implementors hundreds of time.

Dogtag has a notion of "publishing directory" (distinct from its internal DB), which can be openldap. This is where should be the junction IMO.

Le 27/03/2017 à 23:09, Michael Ströder a écrit :
Turbo Fredriksson wrote:
I’m trying to implement Dogtag (http://pki.fedoraproject.org/wiki/PKI_Main_Page)
with my existing OpenLDAP/MIT Kerberos V installation (that’s been running for years).
I've looked at dogtag approx. two years ago. The use of LDAP was, uumh, somewhat strange:
dogtag uses (or used?) LDAP server as kind of schema-less database by stuffing arbitrary
strings into attribute options / sub-types. So besides the issue you've seen up to now
you will run into more quirks.

IMHO not worth the effort, but hey, if you want to waste your spare time...

Ciao, Michael.

Pascal Jakobi
116 rue de Stalingrad - 93100 Montreuil, France
Tel : +33 6 87 47 58 19