Hi all, A requirement from the FreeIPA side is the ability to add and customise CA profiles. Dogtag's current profile creation behaviour writes the new profile to the filesystem beside the standard profiles (as well as making the appropriate update to the registry, etc.) There does not seem to be a mechanism to distribute new/modified profiles to replicas - though perhaps I have missed something. Because this behaviour is required, unless I have overlooked something or there is a better way (in which case please shout out), I think it makes sense to begin a design proposal for an LDAP-based profile store. Finally, a brief mention of some tickets related to profile storage that could be good to tackle simultaneously should the proposed change go ahead: - https://fedorahosted.org/pki/ticket/778 - https://fedorahosted.org/freeipa/ticket/4002