Configuring ACME with OpenLDAP Database - dogtagpki/pki GitHub Wiki

Overview

This document describes the process to configure ACME responder to use an OpenLDAP database.

Initializing OpenLDAP Database

First, add the ACME OpenLDAP schema by importing /usr/share/pki/acme/database/openldap/schema.ldif with the following command:

$ ldapadd -H ldapi:/// -Y EXTERNAL \
    -f /usr/share/pki/acme/database/openldap/schema.ldif

Next, prepare an LDIF file to create the ACME subtree. A sample LDIF file is available at /usr/share/pki/acme/database/openldap/create.ldif. This example uses dc=acme,dc=pki,dc=example,dc=com as the base DN. Import the file with the following command:

$ ldapadd -H ldap://$HOSTNAME -x -D "cn=Manager,dc=example,dc=com" -w Secret.123 \
    -f /usr/share/pki/acme/database/openldap/create.ldif

Configuring ACME Database

A sample database configuration is available at /usr/share/pki/acme/database/openldap/database.conf.

To use the OpenLDAP database, copy the sample database.conf into the /var/lib/pki/pki-tomcat/conf/acme folder, or execute the following command to customize some of the parameters:

$ pki-server acme-database-mod --type openldap \
    -DbindPassword=Secret.123

Customize the configuration as needed. The database.conf should look like the following:

class=org.dogtagpki.acme.database.OpenLDAPDatabase
url=ldap://<hostname>:389
authType=BasicAuth
bindDN=cn=Manager,dc=example,dc=com
bindPassword=Secret.123
baseDN=dc=acme,dc=pki,dc=example,dc=com

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️