Show Table of Contents
14.3. Upgrading the KRA database
To update the key recovery authority (KRA) database:
- Upgrade the database indexes:
# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x dn: cn=realm,cn=index,cn=KRA_database_name,cn=ldbm database, cn=plugins,cn=config changetype: add objectClass: top objectClass: nsIndex nsindexType: eq nsindexType: pres nsSystemindex: false cn: realm
- Add the
realmattribute:# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) delete: objectClasses objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' ) add: objectClasses objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user defined' ) delete: objectClasses objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status ) X-ORIGIN 'user defined' ) add: objectClasses objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status $ realm ) X-ORIGIN 'user defined' )
- Update and re-index the virtual list views (VLV):
- Delete the existing indexes:
# pki-server kra-db-vlv-del -i CS_instance_name -D DS_bind_DN \ -w DS_bind_password - Add the new indexes:
# pki-server kra-db-vlv-add -i CS_instance_name -D DS_bind_DN \ -w DS_bind_password - Restart the Directory Server instance:
# systemctl restart dirsrv@DS_instance_name
- Re-index the database:
# pki-server kra-db-vlv-reindex -i CS_instance_name -D DS_bind_DN \ -w DS_bind_password
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.