Exporting Encrypted File System keystore data to LDAP

You must populate the LDAP server with the keystore data to use LDAP as a centralized repository for the Encrypted File System (EFS) keystore.

Before you create or migrate EFS keystore entries on LDAP, ensure that the user and group names and IDs on the system are unique.
To populate the LDAP server with the EFS keystore data, complete the following steps:
  1. Install the EFS keystore schema for LDAP on to the LDAP server:
    1. Retrieve the EFS keystore schema for LDAP from the /etc/security/ldap/sec.ldif file on the AIX system.
    2. Run the ldapmodify command to update the schema of the LDAP server with the EFS keystore schema for LDAP.
  2. Run the efskstoldif command to read the data in the local EFS keystore files and output the data in a format that is suitable for LDAP.
    To maintain unique keystore access, consider placing the EFS keystore data that resides in LDAP under the same parent distinguished name (DN) as the user and group data.
  3. Save the data to a file.
  4. Run the ldapadd -b command to populate the LDAP server with the keystore data.