Setting up TPS Authentication - dogtagpki/pki GitHub Wiki

Overview

This page describes the process to set up a subtree containing uses in DS to be used as the authentication database for TPS. The subtree can be new or existing as long as it has the proper structure and permissions.

Configuring LDAP Connection

$ pki-server tps-config-set \
    auths.instance.ldap1.ldap.ldapconn.secureConn \
    false
$ pki-server tps-config-set \
    auths.instance.ldap1.ldap.ldapconn.host \
    ds.example.com
$ pki-server tps-config-set \
    auths.instance.ldap1.ldap.ldapconn.port \
    3389
$ pki-server tps-config-set \
    auths.instance.ldap1.ldap.basedn \
    ou=people,dc=example,dc=com

Creating LDAP Subtree

To create a new subtree, prepare an LDIF file that defines the base entry with the proper attributes. A sample base entry is available at /usr/share/pki/tps/auth/ds/create.ldif:

dn: ou=people,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: people
aci: (target = "ldap:///ou=people,dc=example,dc=com")
 (targetattr=objectClass||dc||ou||uid||cn||sn||givenName)
 (version 3.0; acl "Allow anyone to read and search basic attributes"; allow (search, read) userdn = "ldap:///anyone";)
aci: (target = "ldap:///ou=people,dc=example,dc=com")
 (targetattr=*)
 (version 3.0; acl "Allow anyone to read and search itself"; allow (search, read) userdn = "ldap:///self";)

To import the base entry, execute the following command:

$ ldapadd \
    -H ldap://ds.example.com:3389 \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    -f /usr/share/pki/tps/auth/ds/create.ldif

Adding LDAP Users

To add new users, prepare an LDIF file that defines the user entries with the proper attributes. Sample users are available at /usr/share/pki/tps/auth/ds/example.ldif:

dn: uid=testuser,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: testuser
cn: Test User
sn: User
givenName: Test
userPassword: Secret.123

To import the user entries, execute the following command:

$ ldapadd \
    -H ldap://ds.example.com:3389 \
    -D "cn=Directory Manager" \
    -w Secret.123 \
    -f /usr/share/pki/tps/auth/ds/example.ldif
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️