Overview

This page describes the process to setup DS instance for PKI server.

Creating Instance

Manual Setup

A DS instance can be created manually with the following command (see RHCS Installation Guide: Silent Setup):

$ setup-ds.pl --silent\
 General.FullMachineName=`hostname`\
 General.SuiteSpotUserID=nobody\
 General.SuiteSpotGroup=nobody\
 slapd.ServerPort=389\
 slapd.ServerIdentifier=pki-tomcat\
 slapd.Suffix=dc=example,dc=com\
 slapd.RootDN="cn=Directory Manager"\
 slapd.RootDNPwd=Secret.123

A simpler CLI will be added in the future.

Automated Setup (NOT IMPLEMENTED)

A DS instance can be created automatically by adding the following parameter in PKI server deployment configuration (see ticket #1586):

pki_ds_create_instance=True
pki_ds_instance_name=pki-tomcat

Creating Admin Server

To create a DS instance with an Admin Server:

$ setup-ds-admin.pl --silent\
 General.FullMachineName=`hostname`\
 General.SuiteSpotUserID=nobody\
 General.SuiteSpotGroup=nobody\
 General.AdminDomain=`hostname -d`\
 General.ConfigDirectoryAdminID=admin\
 General.ConfigDirectoryAdminPwd=Secret.123\
 slapd.ServerPort=389\
 slapd.ServerIdentifier=pki-tomcat\
 slapd.Suffix=dc=example,dc=com\
 slapd.RootDN="cn=Directory Manager"\
 slapd.RootDNPwd=Secret.123\
 admin.Port=9830\
 admin.ServerAdminID=admin\
 admin.ServerAdminPwd=Secret.123

To create Admin Server to an existing DS instance (see RHCS Installation Guide: Installing an Admin Server After Installing Directory Server):

$ register-ds-admin.pl --silent\
 General.FullMachineName=`hostname`\
 General.SuiteSpotUserID=nobody\
 General.SuiteSpotGroup=nobody\
 General.AdminDomain=`hostname -d`\
 General.ConfigDirectoryAdminID=admin\
 General.ConfigDirectoryAdminPwd=Secret.123\
 admin.Port=9830\
 admin.ServerAdminID=admin\
 admin.ServerAdminPwd=Secret.123\
 register.configinst="slapd-pki-tomcat::cn=Directory Manager::Secret.123"\
 register.instance="slapd-pki-tomcat::cn=Directory Manager::Secret.123"\
 register.remotehost=`hostname`\
 register.remoteport=389\
 register.remotebinddn="cn=Directory Manager"\
 register.remotebindpw=Secret.123\
 register.localcertdir=/etc/dirsrv/slapd-pki-tomcat\
 register.admindomain=`hostname -d`\
 register.admindn=uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\
 register.adminpw=Secret.123\
 register.destination=remote

References

• PKI LDAP

• Enabling SSL Connection with Internal Database