Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 8. Installing an IdM server or replica with custom Directory Server and certificate authority settings from LDIF and INI files
You can use a configuration file to install an Identity Management (IdM) server or replicas with custom settings for:
- The IdM Directory Server.
- The IdM Certificate Authority.
8.1. Installing an IdM server or replica with custom Directory Server settings from an LDIF file
You can install an Identity Management (IdM) server and replicas with custom settings for the Directory Server (DS). The following procedure shows you how to create an LDAP Data Interchange Format (LDIF) file with the IdM DS settings, and how to pass those settings to the IdM server and replica installation commands.
Prerequisites
- You have determined custom Directory Server settings that improve the performance of your IdM environment. See Adjusting IdM Directory Server performance.
-
You have
rootprivileges.
Procedure
Create a text file in LDIF format with your custom DS settings. Separate LDAP attribute modifications with a dash (-). This example sets non-default values for the idle timeout and maximum file descriptors.
changetype: modify replace: nsslapd-idletimeout nsslapd-idletimeout: 1800 - replace: nsslapd-maxdescriptors nsslapd-maxdescriptors: 8192Use the
--dirsrv-config-fileparameter to pass the LDIF file to the installation script.To install an IdM server:
# ipa-server-install --dirsrv-config-file <filename.ldif>To install an IdM replica:
# ipa-replica-install --dirsrv-config-file <filename.ldif>
8.2. Installing an IdM server or replica with custom certificate authority settings from an INI file
You can install an Identity Management (IdM) server and IdM replicas with custom settings for the IdM Certificate Authority (CA) and Key Recovery Authority (KRA).
The following procedure describes how to create an INI file containing an override for the CA, and how to pass it to the IdM server and replica installation commands.
Prerequisites
-
You have
rootprivileges.
Procedure
Create a text file in
INIformat with your custom CA settings. Write each parameter on a new line. This example sets the CA signing key size to 4096 bits.[CA] pki_ca_signing_key_size=4096Use the
--pki-config-overrideparameter to pass the INI file to the installation script.To install an IdM server:
# ipa-server-install --pki-config-override <pkiconfig.ini>To install an IdM replica:
# ipa-replica-install --pki-config-override <pkiconfig.ini>
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}