Red Hat SummitChapter 8. Installing an IdM server or replica with custom Directory Server and certificate authority settings from LDIF and INI files
You can use a configuration file to install an Identity Management (IdM) server or replicas with custom settings for:
- The IdM Directory Server.
- The IdM Certificate Authority.
You can install an Identity Management (IdM) server and replicas with custom settings for the Directory Server (DS). The following procedure shows you how to create an LDAP Data Interchange Format (LDIF) file with the IdM DS settings, and how to pass those settings to the IdM server and replica installation commands.
Prerequisites
- You have determined custom Directory Server settings that improve the performance of your IdM environment. See Adjusting IdM Directory Server performance.
-
You have
rootprivileges.
Procedure
Create a text file in LDIF format with your custom DS settings. Separate LDAP attribute modifications with a dash (-). This example sets non-default values for the idle timeout and maximum file descriptors.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use the
--dirsrv-config-fileparameter to pass the LDIF file to the installation script.To install an IdM server:
ipa-server-install --dirsrv-config-file <filename.ldif>
# ipa-server-install --dirsrv-config-file <filename.ldif>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To install an IdM replica:
ipa-replica-install --dirsrv-config-file <filename.ldif>
# ipa-replica-install --dirsrv-config-file <filename.ldif>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
You can install an Identity Management (IdM) server and IdM replicas with custom settings for the IdM Certificate Authority (CA) and Key Recovery Authority (KRA).
The following procedure describes how to create an INI file containing an override for the CA, and how to pass it to the IdM server and replica installation commands.
Prerequisites
-
You have
rootprivileges.
Procedure
Create a text file in
INIformat with your custom CA settings. Write each parameter on a new line. This example sets the CA signing key size to 4096 bits.[CA] pki_ca_signing_key_size=4096
[CA] pki_ca_signing_key_size=4096Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use the
--pki-config-overrideparameter to pass the INI file to the installation script.To install an IdM server:
ipa-server-install --pki-config-override <pkiconfig.ini>
# ipa-server-install --pki-config-override <pkiconfig.ini>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To install an IdM replica:
ipa-replica-install --pki-config-override <pkiconfig.ini>
# ipa-replica-install --pki-config-override <pkiconfig.ini>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}