/usr/share/pki/ca/conf/db.ldif is in pki-ca 10.6.0-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 | dn: ou=people,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: people
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";)
dn: ou=groups,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: cn=Certificate Manager Agents,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Certificate Manager Agents
description: Agents for Certificate Manager
dn: cn=Registration Manager Agents,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Registration Manager Agents
description: Agents for Registration Manager
dn: cn=Subsystem Group, ou=groups, {rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Subsystem Group
description: Subsystem Group
dn: cn=Trusted Managers,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Trusted Managers
description: Managers trusted by this PKI instance
dn: cn=Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrators
description: People who manage the Certificate System
dn: cn=Auditors,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Auditors
description: People who can read the signed audits
dn: cn=ClonedSubsystems,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: ClonedSubsystems
description: People who can clone the master subsystem
dn: cn=Security Domain Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Security Domain Administrators
description: People who are the Security Domain administrators
dn: cn=Enterprise CA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise CA Administrators
description: People who are the administrators for the security domain for CA
dn: cn=Enterprise KRA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise KRA Administrators
description: People who are the administrators for the security domain for KRA
dn: cn=Enterprise OCSP Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise OCSP Administrators
description: People who are the administrators for the security domain for OCSP
dn: cn=Enterprise TKS Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise TKS Administrators
description: People who are the administrators for the security domain for TKS
dn: cn=Enterprise RA Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise RA Administrators
description: People who are the administrators for the security domain for RA
dn: cn=Enterprise TPS Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Enterprise TPS Administrators
description: People who are the administrators for the security domain for TPS
dn: ou=requests,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: requests
dn: cn=crossCerts,{rootSuffix}
cn: crossCerts
sn: crossCerts
objectClass: top
objectClass: person
objectClass: pkiCA
cACertificate;binary:
authorityRevocationList;binary:
certificateRevocationList;binary:
crossCertificatePair;binary:
dn: ou=ca,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: ca
dn: ou=certificateRepository,ou=ca,{rootSuffix}
objectClass: top
objectClass: repository
ou: certificateRepository
serialno: 011
dn: ou=crlIssuingPoints,ou=ca,{rootSuffix}
objectClass: top
objectClass: repository
ou: crlIssuingPoints
serialno: 010
dn: ou=ca, ou=requests,{rootSuffix}
objectClass: top
objectClass: repository
ou: ca
serialno: 010
publishingStatus: -2
dn: ou=replica,{rootSuffix}
objectClass: top
objectClass: repository
ou: replica
serialno: 010
nextRange: 1000
dn: ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: ranges
dn: ou=replica, ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: replica
dn: ou=requests, ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: requests
dn: ou=certificateRepository, ou=ranges,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: certificateRepository
dn: ou=certificateProfiles,ou=ca,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: certificateProfiles
dn: ou=authorities,ou=ca,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: authorities
|