Installing DS

From Dogtag
Jump to: navigation, search

Overview

All PKI subsystems require a DS instance. The DS instance can be shared among several PKI subsystems.

Installation

$ dnf install -y 389-ds-base

Installing DS Instance

DS 1.4 or Newer

Generate a configuration template:

$ dscreate create-template ds.tmp

Customize the configuration as follows:

$ sed \
    -e 's/;root_password = .*/root_password = Secret.123/g' \
    -e 's/;suffix = .*/suffix = dc=example,dc=com/g' \
    ds.tmp > ds.inf

To create the instance:

$ dscreate from-file ds.inf

To add base entries:

$ ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: dc=example,dc=com
objectClass: domain
dc: example

dn: dc=pki,dc=example,dc=com
objectClass: domain
dc: pki
EOF

To remove the instance:

$ dsctl localhost remove --do-it

DS 1.3 or Older

To create DS instance:

$ setup-ds.pl --silent\
 General.FullMachineName=$HOSTNAME\
 General.SuiteSpotUserID=nobody\
 General.SuiteSpotGroup=nobody\
 slapd.ServerPort=389\
 slapd.ServerIdentifier=localhost\
 slapd.Suffix=dc=example,dc=com\
 slapd.RootDN="cn=Directory Manager"\
 slapd.RootDNPwd=Secret.123

To add PKI base entry:

$ ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: dc=pki,dc=example,dc=com
objectClass: domain
dc: pki
EOF

To remove DS instance:

$ remove-ds.pl -f -i slapd-localhost

Log Files

DS log files are available in /var/log/dirsrv/slapd-localhost:

  • access
  • audit
  • errors

Secure Connection

See DS SSL.

References