Dogtag is an appealing solution when a fully fleshed PKI is needed. But do NOT try to remove its internal DB. This will not work.
Discussed with the implementors hundreds of time. Dogtag has a notion of "publishing directory" (distinct from its
internal DB), which can be openldap. This is where should be the
junction IMO. Le 27/03/2017 à 23:09, Michael Ströder
a écrit :
Turbo Fredriksson wrote:I’m trying to implement Dogtag (http://pki.fedoraproject.org/wiki/PKI_Main_Page) with my existing OpenLDAP/MIT Kerberos V installation (that’s been running for years).I've looked at dogtag approx. two years ago. The use of LDAP was, uumh, somewhat strange: dogtag uses (or used?) LDAP server as kind of schema-less database by stuffing arbitrary strings into attribute options / sub-types. So besides the issue you've seen up to now you will run into more quirks. IMHO not worth the effort, but hey, if you want to waste your spare time... Ciao, Michael. |