PKI Server Subsystem Database Configuration CLI - dogtagpki/pki GitHub Wiki

Overview

The pki-server <subsystem>-db-config commands can be used to manage the subsystem database configuration.

Displaying Database Configuration

$ pki-server <subsystem>-db-config-show
  Hostname: localhost.localdomain
  Port: 389
  Secure: false
  Authentication: BasicAuth
  Bind DN: cn=Directory Manager
  Bind Password Prompt: internaldb
  Database: ca
  Base DN: dc=ca,dc=pki,dc=example,dc=com
  Multiple suffix: false
  Maximum connections: 15
  Minimum connections: 3

Switching to Plain LDAP Connection

$ pki-server <subsystem>-db-config-mod --port 389 --secure false

Switching to LDAPS Connection

$ pki-server <subsystem>-db-config-mod --port 636 --secure true

Switching to LDAPI Connection (NOT IMPLEMENTED)

$ pki-server <subsystem>-db-config-mod --protocol ldapi --socket /var/run/slapd-pki-tomcat.socket
  Protocol: ldapi
  Socket: /var/run/slapd-pki-tomcat.socket
  Base DN: dc=ca,dc=example,dc=com
  Backend Database: ca
  Authentication: none

Switching to Basic Authentication (NOT IMPLEMENTED)

$ pki-server <subsystem>-db-config-mod --auth basic --bind-dn "cn=Directory Manager" --bind-password Secret.123
  Protocol: ldap
  Hostname: pki.example.com
  Port: 389
  Base DN: dc=ca,dc=example,dc=com
  Backend Database: ca
  Authentication: basic
  Bind DN: cn=Directory Manager

Switching to Client Certificate Authentication (NOT IMPLEMENTED)

$ pki-server <subsystem>-db-config-mod --auth client-cert --nickname "subsystemCert cert-pki-ca"
  Protocol: ldaps
  Hostname: pki.example.com
  Port: 636
  Base DN: dc=ca,dc=example,dc=com
  Backend Database: ca
  Authentication: client-cert
  Nickname: subsystemCert cert-pki-ca

Switching to No Authentication / Auto Bind (NOT IMPLEMENTED)

$ pki-server <subsystem>-db-config-mod --auth none
  Protocol: ldapi
  Socket: /var/run/slapd-pki-tomcat.socket
  Base DN: dc=ca,dc=example,dc=com
  Backend Database: ca
  Authentication: none
⚠️ **GitHub.com Fallback** ⚠️