Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 8. Installing an IdM server or replica with custom Directory Server and certificate authority settings from LDIF and INI files

Simplify large-scale Identity Management (IdM) deployments by using LDIF and INI files to automate server and replica installations. You can ensure consistent environments and reduce manual errors by predefining custom directory server and certificate authority settings.

You can use a configuration file to install an Identity Management (IdM) server or replicas with custom settings for:

  • The IdM Directory Server.
  • The IdM Certificate Authority.

Install Identity Management (IdM) server and replica with custom settings for the Directory Server (DS) to optimize performance and meet specific deployment requirements.

Create an LDAP Data Interchange Format (LDIF) file with the IdM DS settings and pass this file directly into the server and replica installation commands to apply the custom configurations automatically.

Prerequisites

Procedure

  1. Create a text file in LDIF format with your custom DS settings. Separate LDAP attribute modifications with a dash (-). This example sets non-default values for the idle timeout and maximum file descriptors. 

    dn: cn=config
changetype: modify
replace: nsslapd-idletimeout
nsslapd-idletimeout: 1800
-
replace: nsslapd-maxdescriptors
nsslapd-maxdescriptors: 8192

  2. Use the --dirsrv-config-file parameter to pass the LDIF file to the installation script.

    1. To install an IdM server: 

      # ipa-server-install --dirsrv-config-file <filename.ldif>

    2. To install an IdM replica: 

      # ipa-replica-install --dirsrv-config-file <filename.ldif>

Install an Identity Management (IdM) server and replica with custom settings for the IdM certificate authority (CA) and Key Recovery Authority (KRA) to meet specific security or operational requirements.

The following procedure describes how to create an INI file containing an override for the CA, and how to pass it to the IdM server and replica installation commands.modules/identity-management/installing-an-idm-server-or-replica-with-custom-directory-server-settings-from-an-ldif-file.adoc

Prerequisites

  • You have root privileges.

Procedure

  1. Create a text file in INI format with your custom CA settings. Write each parameter on a new line. This example sets the CA signing key size to 4096 bits. 

    [CA]
pki_ca_signing_key_size=4096

  2. Use the --pki-config-override parameter to pass the INI file to the installation script.

    1. To install an IdM server: 

      # ipa-server-install --pki-config-override <pkiconfig.ini>

    2. To install an IdM replica: 

      # ipa-replica-install --pki-config-override <pkiconfig.ini>
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2026 Red HatRetour au début