389-ds is a general purpose / "standard" LDAP server.
Dogtag has been developed and tested with 389-ds for many years, both were
designed together back in version 1.0 (
http://pki.fedoraproject.org/wiki/PKI_History ), it is also related to
software certifications, that is the long legacy.
The LDAP schema is extended/cusomized for this PKI application, but could
technically be ported to different configuration format in other general
LDAP servers.
Feature like sub system cloning rely on LDAP replication, and the Dogtag
installer/configuration tools do setup all the necessary configurations for
the replication agreements, for 389-ds, this could also be technically
adapted to other general purpose LDAP servers that can do replication.
So it could work, but it would take significant resources to test several
LDAP servers and maintain access to feature and configurations changing
over time, it does not seem to be worth doing so in comparison with all the
work already required.
So 389-ds-/RHDS is currently the only supported and fully tested LDAP
server on Fedora, CentOS and RHEL, for the "internal db"/backend storage of
configuration, requests and certificates.
Note it is possible to publish certificates to other "external" LDAP
servers.
Thanks,
M.
On Tue, Mar 13, 2018 at 3:53 AM, Hadmut Danisch <hadmut(a)danisch.de> wrote:
Hi,
just a question I found no answer for in the docs and faqs:
The dogtag-pki is always described together with the 389 directory
server.
Is there a particular reason for that, does it require that for some
special feature, or does it work with standard LDAP servers as well?
regards
Hadmut
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users