You must populate the LDAP server with the keystore data
to use LDAP as a centralized repository for the Encrypted File System
(EFS) keystore.
Before you create or migrate EFS keystore entries on LDAP,
ensure that the user and group names and IDs on the system are unique.
To populate the LDAP server with the EFS keystore data, complete
the following steps:
- Install the EFS keystore schema for LDAP on to the LDAP
server:
- Retrieve the EFS keystore schema for LDAP from the /etc/security/ldap/sec.ldif file on the AIX system.
- Run the ldapmodify command to update
the schema of the LDAP server with the EFS keystore schema for LDAP.
- Run the efskstoldif command to read
the data in the local EFS keystore files and output the data in a
format that is suitable for LDAP.
To maintain unique keystore
access, consider placing the EFS keystore data that resides in LDAP
under the same parent distinguished name (DN) as the user and group
data.
- Save the data to a file.
- Run the ldapadd -b command to populate
the LDAP server with the keystore data.