11.3. Enabling LDAP-based Enrollment Profiles

To install with LDAP-based profiles set the pki_profile_in_ldap=True option in the [CA] section of the pkispawn configuration file.

Note

In this case, profile files will still appear in /var/lib/pki/instance_name/ca/profiles/ca/, but will be ignored.

To enable LDAP-based profiles on an existing instance, change the following in the instance's CS.cfg:

subsystem.1.class=com.netscape.cmscore.profile.LDAPProfileSubsystem

Then, import profiles manually into the database using either the pki command line utility or a custom script.

Select Your Language