NSS supports using sqlite for its security databases. The three servers that IPA currently talks to still use the DB format: mod_nss, dogtag and 389-ds.
As those products switch to supporting the sqlite database so should IPA. In some cases it is more that the server has tested and supports the sqlite format (389-ds and mod_nss) and in others it manages the database itself so requires full support (dogtag).
Related tickets/bugs:
dogtag
389-ds
mod_nss
Related IPA Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1031055
Related ticket - #4449. We may also consider stopping storing the CA certificate in /etc/pki/nssdb at all and just store&verify it in the system-wide store (#3504). This would remove obstacles in FIPS deployments which do not like password-less/world readable NSS databases.
The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.
If anyone is willing to help and contribute to this one, please let us know!
Metadata Update from @rcritten: - Issue assigned to someone - Issue set to the milestone: Future Releases
FreeIPA 4.7 uses and requires shared NSS database (aka sqlite).
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue set to the milestone: FreeIPA 4.7 (was: Future Releases)
Login to comment on this ticket.