Security Domain Database - dogtagpki/pki GitHub Wiki

Overview

This page describe the structure of security domain database in LDAP.

Database Structure

ou=Security Domain,<CA base DN>
+ cn=<subsystem type>List
  + cn=<hostname>:<port>
+ ou=sessions
  + cn=<session ID>

Security Domain Entry

dn: ou=Security Domain,dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Security Domain
name: EXAMPLE

Security Group Entry

dn: cn=CAList,ou=Security Domain,dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: pkiSecurityGroup
cn: CAList

Subsystem Entry

dn: cn=pki.example.com:8443,cn=CAList,ou=Security Domain,dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: pkiSubsystem
cn: pki.example.com:844
Host: pki.example.com
UnSecurePort: 8080
SecurePort: 8443
SecureEEClientAuthPort: 8443
SecureAgentPort: 8443
SecureAdminPort: 8443
Clone: FALSE
SubsystemName: CA pki.example.com 8443
DomainManager: FALSE

Sessions Entry

dn: ou=sessions,ou=Security Domain,dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: sessions

Session Entry

dn: cn=<session ID>,ou=sessions,ou=Security Domain,dc=ca,dc=pki,dc=example,dc=com
objectClass: top
objectClass: securityDomainSessionEntry
cn: <session ID>
host: <IP address>
uid: <uid>
cmsUserGroup: <group>
dateOfCreate: <timestamp>
⚠️ **GitHub.com Fallback** ⚠️