Database Migration - dogtagpki/pki GitHub Wiki
Use db2ldif to export PKI database:
$ db2ldif -Z pki-tomcat -U -n ca -a /tmp/ca.ldif
Newer DS server might have more restrictive attribute syntax. Edit /tmp/ca.ldif and perform the following changes:
- remove blank attributes (e.g. telephoneNumber)
- capitalize DomainManager and Clone attributes
Use the same settings to create the new DS instance:
$ setup-ds.pl --silent --\ General.FullMachineName=$HOSTNAME\ General.SuiteSpotUserID=nobody\ General.SuiteSpotGroup=nobody\ slapd.ServerPort=389\ slapd.ServerIdentifier=pki-tomcat\ slapd.Suffix=dc=example,dc=com\ slapd.RootDN="cn=Directory Manager"\ slapd.RootDNPwd=Secret.123
$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/schema.ldif
$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/database.ldif
$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 << EOF dn: cn=ca,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: nsBackendInstance objectClass: extensibleObject cn: ca nsslapd-suffix: dc=ca,dc=example,dc=com EOF
$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 << EOF dn: cn=dc\3Dca\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: dc=ca,dc=example,dc=com nsslapd-backend: ca nsslapd-state: backend EOF
$ systemctl stop [email protected]
$ ldif2db -Z pki-tomcat -n ca -i /tmp/ca.ldif
$ systemctl start [email protected]
$ ldapsearch -x -D "cn=Directory Manager" -w Secret.123 -b "dc=ca,dc=example,dc=com"