389-ds is a general purpose / "standard" LDAP server.

Dogtag has been developed and tested with 389-ds for many years, both were designed together back in version 1.0 (http://pki.fedoraproject.org/wiki/PKI_History ), it is also related to software certifications, that is the long legacy.

The LDAP schema is extended/cusomized for this PKI application, but could technically be ported to different configuration format in other general LDAP servers.

Feature like sub system cloning rely on LDAP replication, and the Dogtag installer/configuration tools do setup all the necessary configurations for the replication agreements, for 389-ds, this could also be technically adapted to other general purpose LDAP servers that can do replication.

So it could work, but it would take significant resources to test several LDAP servers and maintain access to feature and configurations changing over time, it does not seem to be worth doing so in comparison with all the work already required.

So 389-ds-/RHDS is currently the only supported and fully tested LDAP server on Fedora, CentOS and RHEL, for the "internal db"/backend storage of configuration, requests and certificates.

Note it is possible to publish certificates to other "external" LDAP servers.

Thanks,

On Tue, Mar 13, 2018 at 3:53 AM, Hadmut Danisch <hadmut@danisch.de> wrote:

Hi,

just a question I found no answer for in the docs and faqs:

The dogtag-pki is always described together with the 389 directory
server.

Is there a particular reason for that, does it require that for some
special feature, or does it work with standard LDAP servers as well?

regards
Hadmut

_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users