Appendix C. A Reference of Identity Management Files and Logs

C.1. Identity Management Configuration Files and Directories

Table C.1. IdM Server and Client Configuration Files and Directories

Directory or File Description
/etc/ipa/ The main IdM configuration directory.
/etc/ipa/default.conf Primary configuration file for IdM. Referenced when servers and clients start and when the user uses the ipa utility.
/etc/ipa/server.conf
An optional configuration file, does not exist by default. Referenced when the IdM server starts.
If the file exists, it takes precedence over /etc/ipa/default.conf.
/etc/ipa/cli.conf
An optional configuration file, does not exist by default. Referenced when the user uses the ipa utility.
If the file exists, it takes precedence over /etc/ipa/default.conf.
/etc/ipa/ca.crt The CA certificate issued by the IdM server's CA.
~/.ipa/
The user-specific IdM directory created on the local system the first time the user runs an IdM command.
Users can set individual configuration overrides by creating user-specific default.conf, server.conf, or cli.conf files in ~./ipa/.
/etc/sssd/sssd.conf Configuration for the IdM domain and for IdM services used by SSSD.
/usr/share/sssd/sssd.api.d/sssd-ipa.conf A schema of IdM-related SSSD options and their values.
/etc/gssproxy/ The directory for the configuration of the GSS-Proxy protocol. The directory contains files for each GSS-API service and a general /etc/gssproxy/gssproxy.conf file.

Table C.2. System Service Files and Directories

Directory or File Description
/etc/sysconfig/ systemd-specific files

Table C.3. Web UI Files and Directories

Directory or File Description
/etc/ipa/html/ A symbolic link for the HTML files used by the IdM web UI.
/etc/httpd/conf.d/ipa.conf Configuration files used by the Apache host for the web UI application.
/etc/httpd/conf.d/ipa-rewrite.conf
/etc/httpd/conf/ipa.keytab The keytab file used by the web server.
/usr/share/ipa/ The directory for all HTML files, scripts, and stylesheets used by the web UI.
/usr/share/ipa/ipa.conf  
/usr/share/ipa/updates/ Contains LDAP data, configuration, and schema updates for IdM.
/usr/share/ipa/html/ Contains the HTML files, JavaScript files, and stylesheets used by the web UI.
/usr/share/ipa/migration/ Contains HTML pages, stylesheets, and Python scripts used for running the IdM server in migration mode.
/usr/share/ipa/ui/ Contains the scripts used by the UI to perform IdM operations.
/etc/httpd/conf.d/ipa-pki-proxy.conf The configuration file for web-server-to-Certificate-System bridging.

Table C.4. Kerberos Files and Directories

Directory or File Description
/etc/krb5.conf The Kerberos service configuration file.
/var/lib/sss/pubconf/krb5.include.d/ Includes IdM-specific overrides for Kerberos client configuration.

Table C.5. Directory Server Files and Directories

Directory or File Description
/var/lib/dirsrv/slapd-REALM_NAME/ The database associated with the Directory Server instance used by the IdM server.
/etc/sysconfig/dirsrv IdM-specific configuration of the dirsrv systemd service.
/etc/dirsrv/slapd-REALM_NAME/ The configuration and schema files associated with the Directory Server instance used by the IdM server.

Table C.6. Certificate System Files and Directories

Directory or File Description
/etc/pki/pki-tomcat/ca/ The main directory for the IdM CA instance.
/var/lib/pki/pki-tomcat/conf/ca/CS.cfg The main configuration file for the IdM CA instance.

Table C.7. Cache Files and Directories

Directory or File Description
~/.cache/ipa/ Contains a per-server API schema for the IdM client. IdM caches the API schema on the client for one hour.

Table C.8. System Backup Files and Directories

Directory or File Description
/var/lib/ipa/sysrestore/ Contains backups of the system files and scripts that were reconfigured when the IdM server was installed. Includes the original .conf files for NSS, Kerberos (both krb5.conf and kdc.conf), and NTP.
/var/lib/ipa-client/sysrestore/ Contains backups of the system files and scripts that were reconfigured when the IdM client was installed. Commonly, this is the sssd.conf file for SSSD authentication services.