Overview (NOT IMPLEMENTED)#
This CLI is not implemented yet.
Instance Management#
Listing Instances#
$ pki-ds instance-find
-----------------
1 entries matched
-----------------
Instance ID: pki-tomcat
Port: 389
Root DN: cn=Directory Manager
Running: True
Displaying Instance Info#
$ pki-ds instance-show pki-tomcat
Instance ID: pki-tomcat
Port: 389
Root DN: cn=Directory Manager
Running: True
Creating Instance#
$ pki-ds instance-add pki-tomcat --root-dn "cn=Directory Manager" --root-password Secret.123 --port 389
---------------------------
Added "pki-tomcat" Instance
---------------------------
Instance ID: pki-tomcat
Port: 389
Root DN: cn=Directory Manager
Running: True
Starting/Stopping Instance#
$ pki-ds instance-start pki-tomcat
-----------------------------
Started "pki-tomcat" Instance
-----------------------------
Instance ID: pki-tomcat
Port: 389
Root DN: cn=Directory Manager
Running: True
$ pki-ds instance-stop pki-tomcat
-----------------------------
Stopped "pki-tomcat" Instance
-----------------------------
Instance ID: pki-tomcat
Port: 389
Root DN: cn=Directory Manager
Running: False
Enabling/Disabling LDAPS#
$ pki-ds instance-ldaps-enable pki-tomcat --port 636 --nickname Server-Cert
--------------------------------------
Enabled LDAPS on "pki-tomcat" Instance
--------------------------------------
$ pki-ds instance-ldaps-disable pki-tomcat
---------------------------------------
Disabled LDAPS on "pki-tomcat" Instance
---------------------------------------
Enabling/Disabling LDAPI#
$ pki-ds instance-ldaps-enable pki-tomcat --socket /var/run/slapd-pki-tomcat.socket
--------------------------------------
Enabled LDAPI on "pki-tomcat" Instance
--------------------------------------
$ pki-ds instance-ldaps-disable pki-tomcat
---------------------------------------
Disabled LDAPI on "pki-tomcat" Instance
---------------------------------------
Deleting Instance#
$ pki-ds instance-del pki-tomcat
-----------------------------
Deleted "pki-tomcat" Instance
-----------------------------
Certificate Management#
Listing Certificates#
$ pki-ds cert-find
-----------------
2 entries matched
-----------------
Certificate ID: CA certificate
Serial Number: 0x1
Subject DN: CN=CAcert
Issuer DN: CN=CAcert
Certificate ID: Server-Cert
Serial Number: 0x2
Subject DN: CN=server.example.com
Issuer DN: CN=CAcert
----------------------------
Number of entries returned 2
----------------------------
Displaying Certificate Info#
$ pki-ds cert-show Server-Cert
Certificate ID: Server-Cert
Serial Number: 0x2
Subject DN: CN=server.example.com
Issuer DN: CN=CAcert
Generating Self-signed CA Certificate#
$ pki-ds cert-ca-generate "CA certificate" --type rsa --length 2048 --subject "CN=CAcert" --validity 365
--------------------------------------
Generated "CA certificate" certificate
--------------------------------------
Generating Server Certificate#
$ pki-ds cert-generate Server-Cert --type rsa --length 2048 --subject "CN=$HOSTNAME" --validity 365
-----------------------------------
Generated "Server-Cert" certificate
-----------------------------------
Deleting Certificate#
$ pki-ds cert-del Server-Cert
---------------------------------
Deleted "Server-Cert" certificate
---------------------------------
Backend Management#
Listing Backends#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-find
-----------------
2 entries matched
-----------------
Backend ID: root
Suffix: dc=example,dc=com
Backend ID: ca
Suffix: dc=ca,dc=example,dc=com
----------------------------
Number of entries returned 2
----------------------------
Displaying Backend Info#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-show ca --suffix dc=ca,dc=example,dc=com
Backend ID: ca
Suffix: dc=ca,dc=example,dc=com
Adding Backend#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-add ca --suffix dc=ca,dc=example,dc=com
------------------
Added "ca" backend
------------------
Backend ID: ca
Suffix: dc=ca,dc=example,dc=com
Deleting Backend#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-del ca
--------------------
Deleted "ca" backend
--------------------
Backend User Management (NOT IMPLEMENTED)#
Adding Backend User#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-user-add ca uid=pkidbuser,dc=ca,dc=example,dc=com
--------------------------------------------------
Added "uid=pkidbuser,dc=ca,dc=example,dc=com" user
--------------------------------------------------
Deleting Backend User#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-user-del ca uid=pkidbuser,dc=ca,dc=example,dc=com
----------------------------------------------------
Deleted "uid=pkidbuser,dc=ca,dc=example,dc=com" user
----------------------------------------------------
Backend User Certificate Management (NOT IMPLEMENTED)#
Adding Backend User Certificate#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-user-cert-add ca uid=pkidbuser,dc=ca,dc=example,dc=com --cert-file cert.pem
------------------------------------------------------------------
Added certificate for "uid=pkidbuser,dc=ca,dc=example,dc=com" user
------------------------------------------------------------------
Deleting Backend User Certificate#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-user-cert-del ca uid=pkidbuser,dc=ca,dc=example,dc=com <cert ID>
--------------------------------------------------------------------
Deleted certificate for "uid=pkidbuser,dc=ca,dc=example,dc=com" user
--------------------------------------------------------------------
Backend Access Management (NOT IMPLEMENTED)#
Deny Backend Access#
$ pki-ds -D "cn=Directory Manager" -w Secret.123 backend-access-deny ca uid=pkidbuser,dc=ca,dc=example,dc=com
--------------------------------------------------------------
Denied access for "uid=pkidbuser,dc=ca,dc=example,dc=com" user
--------------------------------------------------------------