/usr/share/pki/tks/conf/db.ldif is in pki-tks 10.2.6+git20160317-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | # --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2006 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
dn: ou=people,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: people
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";)
dn: ou=groups,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: cn=Token Key Service Manager Agents,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Token Key Service Manager Agents
description: Agents for Token Key Service Manager
dn: cn=Subsystem Group, ou=groups, {rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Subsystem Group
description: Subsystem Group
dn: cn=Trusted Managers,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Trusted Managers
description: Managers trusted by this PKI instance
dn: cn=Administrators,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrators
description: People who manage the Certificate System
dn: cn=Auditors,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: Auditors
description: People who can read the signed audits
dn: cn=ClonedSubsystems,ou=groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
cn: ClonedSubsystems
description: People who can clone the master subsystem
dn: ou=requests,{rootSuffix}
objectClass: top
objectClass: organizationalUnit
ou: requests
dn: cn=crossCerts,{rootSuffix}
cn: crossCerts
sn: crossCerts
objectClass: top
objectClass: person
objectClass: pkiCA
cACertificate;binary:
authorityRevocationList;binary:
certificateRevocationList;binary:
|