ldctl not support X509 format, need certutil to import.
$ mkdir openldap-cert-db
$ cd openldap-cert-db
$ certutil -N -d .
$ certutil -A -n openldap-ca -t "P,P,P" -i $HOME/ca.pem -d .Then enter cert password.
Result:
$ ls -l
total 76
drwxr-xr-x 2 root root 4096 Aug 26 05:16 .
drwx------ 1 root root 4096 Aug 26 06:45 ..
-rw------- 1 root root 28672 Aug 26 05:16 cert9.db
-rw------- 1 root root 36864 Aug 26 05:16 key4.db
-rw------- 1 root root 408 Aug 26 05:16 pkcs11.txtUse with ldctl
Update url to ldaps:// and add -Z with full path to certX.db from previous step.
ldclt -H ldaps://openldap.openldap.svc.cluster.local -b "ou=test,dc=example,dc=org" \
-D "cn=admin,dc=example,dc=org" -w "Super@SecurePassw0rd" \
-e add,person,incr,noloop,commoncounter -r90000 -R90001 -f "cn=testXXXXX" \
-n1 -V -Z $HOME/openldap-cert-db/cert9.dbExample:
$ ldclt -H ldaps://openldap.openldap.svc.cluster.local -Z $HOME/openldap-cert-db/cert9.db .........
ldclt version 4.23
ldclt -H ldaps://openldap.openldap.svc.cluster.local ......
Process ID = 1783
Ldap url = ldaps://openldap.openldap.svc.cluster.local
Bind DN = cn=admin,dc=example,dc=org
Passwd = Super@SecurePassw0rd
Referral = on
Base DN = ou=test,dc=example,dc=org
Filter = "cn=testXXXXX"
Max times inactive = 3
Max allowed errors = 1000
Number of samples = -1
Number of threads = 1
Total op. req. = -1
Running mode = 0x0e040223
Running mode = verbose very_verbose incremental commoncounter noloop ssl add class=person
LDAP oper. timeout = 30 sec
Sampling interval = 10 sec
Values range = [90000 , 90020]
Filter's head = "cn=test"
Filter's tail = ""
ldclt[1783]: Starting at Sat Aug 26 09:20:24 2023That’s all.
