This document describes the process to configure ACME responder to use an OpenLDAP database.
First, add the ACME OpenLDAP schema by importing /usr/share/pki/acme/database/openldap/schema.ldif with the following command:
$ ldapadd -H ldapi:/// -Y EXTERNAL \
-f /usr/share/pki/acme/database/openldap/schema.ldif
Next, prepare an LDIF file to create the ACME subtree.
A sample LDIF file is available at
/usr/share/pki/acme/database/openldap/create.ldif.
This example uses dc=acme,dc=pki,dc=example,dc=com as the base DN.
Import the file with the following command:
$ ldapadd -h $HOSTNAME -x -D "cn=Manager,dc=example,dc=com" -w Secret.123 \
-f /usr/share/pki/acme/database/openldap/create.ldif
A sample database configuration is available at /usr/share/pki/acme/database/openldap/database.conf.
To use the OpenLDAP database, copy the sample database.conf into the /etc/pki/pki-tomcat/acme folder,
or execute the following command to customize some of the parameters:
$ pki-server acme-database-mod --type openldap \
-DbindPassword=Secret.123
Customize the configuration as needed. The database.conf should look like the following:
class=org.dogtagpki.acme.database.OpenLDAPDatabase url=ldap://<hostname>:389 authType=BasicAuth bindDN=cn=Manager,dc=example,dc=com bindPassword=Secret.123 baseDN=dc=acme,dc=pki,dc=example,dc=com