Ce contenu n'est pas disponible dans la langue sélectionnée.

22.3. Importing the Data into the New CA


After finishing setting up the new CA in Section 22.2, “Setting up the CA on the New Host”, you can import the data to the Directory Server database:
  1. When migrating from a previous version, it can be necessary to manually clean up the LDAP data interchange format (LDIF) file. Before Red Hat Directory Server 10, syntax checking was disabled by default. Therefore, data from a previous version can include entries that are now invalid in Directory Server 10. For example:
    • Values of boolean attributes must be set either to TRUE or FALSE (all capitalized).

      Important

      Do not automatically update all occurrences to uppercase by using a search and replace utility. Some attributes in the LDIF file contain these strings, but are not using the boolean type. Updating these attributes' values can cause the import to fail. Typically, boolean attributes are only used in the cn=CAList,ou=Security Domain,CS_instance_name security domain database entries.
    • Empty strings must be removed. The Directory Server syntax validation does not allow to set empty strings.
      Empty strings often appear in userType and userState attributes in cmsUser entries in ou=People,CS_instance_name.
    During the import, other entries can fail, too. It is important to verify the log file after the database import. Optionally, you can import the LDIF file into a temporary, empty database to find out which entries caused the import to fail.
  2. Shut down the CA service:
    # systemctl stop pki-tomcatd@instance_name.service
    Copy to Clipboard Toggle word wrap
  3. Optionally, back up the CA database on the new host:
    # db2bak
    Copy to Clipboard Toggle word wrap
    The backup is stored in the /var/lib/dirsrv/instance_name/bak/host_name-time_stamp/ directory.
  4. Import the data into the new database. For example:
    # ldapmodify -h <hostname> -x -W -D 'cn=Directory Manager' -a -c -f /tmp/ds_bak/old_ca.ldif | \
         tee /root/import.log
    Copy to Clipboard Toggle word wrap
    The ldapmodify utility only adds new entries and does not update existing entries, created when you installed the CA. For example:
    • Top level entries. For example: o=pki-tomcat-CA.
    • Default groups. For example: cn=Certificate Manager Agents,ou=groups,o=pki-tomcat-CA.
      Because the standard groups are not updated, the users are not automatically added to these groups. After the import, you must add members to each default group manually. See Section 22.4, “Reassigning Users to Default Groups”.
    • Default access control lists (ACL) for the CA.
    As mentioned earlier, Directory Server 10 uses syntax validation. Verify the output in the /root/import.log file and search for failed actions, such as ldap_add: Invalid syntax (21). For further details, see Step 1.
  5. Remove the directory entry for the old security domain. For example:
    # ldapmodify -W -x -D "cn=Directory Manager"
    dn: cn=server.example.com:9445,cn=CAList,ou=Security Domain,o=pki-tomcat-CA
    changetype: delete
    Copy to Clipboard Toggle word wrap
  6. Enable the CA in the /etc/pki/instance_name/ca/CS.cfg file to act as the certificate revocation list (CRL) master:
    ca.crl.MasterCRL.enable=true
    Copy to Clipboard Toggle word wrap
  7. Restart the CA service:
    # systemctl start pki-tomcat@instance_name
    Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat