Overview

This page describes the process to import the initial data into DS database.

Automated Procedure

The pkispawn will automatically import the initial data during deployment.

By default the schema is not replicated, so it will be imported manually:

pki_clone_replicate_schema=False

Manual Procedure

Importing schema

$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/schema.ldif

Applying configuration changes

$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/database.ldif

Add base entry

$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: domain
dc: ca
EOF

Import container entries

$ /bin/cp /usr/share/pki/ca/conf/db.ldif .
$ sed -i "s/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/" db.ldif
$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 -f db.ldif

Import ACL entries

$ /bin/cp /usr/share/pki/ca/conf/acl.ldif .
$ sed -i "s/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/" acl.ldif
$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 -f acl.ldif

Import database manager entries

$ /bin/cp /usr/share/pki/server/conf/manager.ldif .
$ sed -i "s/{rootSuffix}/dc=ca,dc=pki,dc=example,dc=com/" manager.ldif
$ sed -i "s/{dbuser}/uid=pkidbuser,ou=people,dc=ca,dc=pki,dc=example,dc=com/" manager.ldif
$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 -f manager.ldif

References

• PKI LDAP

• DS Database Indexes

• CA Database