丢失ISVD种子和盐怎么导入组织和人员信息

首先，我们确认ISVD的种子和盐没有文档记录了，

只能通过idsimigr从源服务器迁移过来，再基于生成的配置文件创建新的实例。

1. 用idsdb2ldif，从源导出条目，指定种子-k 盐-t 实例名 -I

$ sudo idsdb2ldif -I simldap -k passw0rd7788 -t passw0rd7788 -o /tmp
/simldap-data-0415.ldif

GLPWRP123I The program ‘/opt/ibm/ldap/V10.0.3/sbin/64/db2ldif’ is used with the following arguents ‘-I simldap -k * -t
GLPCTL113I Largest core file size creation limit for the process (in bytes) : ‘0’ (Soft limit) and ‘0’ (Hard limit) .
GLPCTL119I Maximum Data Segment (Kbytes) soft ulimit for the process is -1 and the prescribed minimum is 262144.
GLPCTL119I Maximum File Size (512 bytes block) soft ulimit for the process is -1 and the prescribed minimum is 2097152.
GLPCTL122I Maximum Open Files soft ulimit for the process is 65535 and the prescribed minimum is 500.
GLPCTL121I Maximum Stack Size (Kbytes) soft ulimit for the process was 8192 and it is modified to the prescribed minimum -1.
GLPCTL119I Maximum Virtual Memory (Kbytes) soft ulimit for the process is -1 and the prescribed
minimum is -1.
GLPSRV221I Replication of security attributes feature is disabled.
GLPSRV200I Initializing primary database and its connections.
GLPD2L011I 100 entries have been successfully exported from the directory.
GLPD2L011I 200 entries have been successfully exported from the directory.
GLPD2L011I 300 entries have been successfully exported from the directory.
GLPD2L011I 400 entries have been successfully exported from the directory.
GLPD2L011I 500 entries have been successfully exported from the directory.
GLPD2L011I 600 entries have been successfully exported from the directory.
GLPD2L011I 700 entries have been successfully exported from the directory.
GLPD2L011I 800 entries have been successfully exported from the directory.
GLPD2L011I 900 entries have been successfully exported from the directory.
GLPD2L011I 1000 entries have been successfully exported from the directory.
GLPD2L011I 1100 entries have been successfully exported from the directory.
GLPD2L011I 1200 entries have been successfully exported from the directory.

---

2. 在目标ISVD 10.0.3，命令行创建实例simldap
-p 明文端口 -s 加密端口 -e 加密种子 -g 加密盐 -t 数据库用户 -l 目录名

$ sudo mkdir /opt/simldap

$ sudo chown -R simldap:idsldap /opt/simldap

$ sudo idsadduser -u simldap -w Hei20#wukong24 -l /opt/simldap -g idsldap -n

$ sudo /opt/ibm/ldap/V10.0.3/sbin/idsicrt -I simldap -p 489 -s 736 -e passw0rd7788 -g passw0rd7788 -t simldap -l /opt/simldap/
GLPWRP123I The program ‘/opt/ibm/ldap/V10.0.3/sbin/64/idsicrt’ is used with the following argum
ents ‘idsicrt -I simldap -p 489 -s 736 -e *
You have chosen to perform the following actions:

GLPICR020I A new directory server instance ‘simldap’ will be created.
GLPICR057I The directory server instance will be created at: ‘/opt/simldap’.
GLPICR013I The directory server instance’s port will be set to ‘489’.
GLPICR014I The directory server instance’s secure port will be set to ‘736’.
GLPICR015I The directory instance’s administration server port will be set to ‘3538’.
GLPICR016I The directory instance’s administration server secure port will be set to ‘3539’.
GLPICR019I The description will be set to: ‘IBM Security Verify Directory Instance V10.0.3’.
GLPICR021I Database instance ‘simldap’ will be configured.

Do you want to ….
(1) Continue with the above actions, or
(2) Exit without making any changes:1

GLPICR028I Creating directory server instance: ‘simldap’.
GLPICR025I Registering directory server instance: ‘simldap’.
GLPICR026I Registered directory server instance: : ‘simldap’.
GLPICR049I Creating directories for directory server instance: ‘simldap’.
GLPICR050I Created directories for directory server instance: ‘simldap’.
GLPICR043I Creating key stash files for directory server instance: ‘simldap’.
GLPICR044I Created key stash files for directory server instance: ‘simldap’.
GLPICR040I Creating configuration file for directory server instance: ‘simldap’.
GLPICR041I Created configuration file for directory server instance: ‘simldap’.
GLPICR034I Creating schema files for directory server instance: ‘simldap’.
GLPICR035I Created schema files for directory server instance: ‘simldap’.
GLPICR037I Creating log files for directory server instance: ‘simldap’.
GLPICR038I Created log files for directory server instance: ‘simldap’.
GLPICR088I Configuring log files for directory server instance: ‘simldap’.
GLPICR089I Configured log files for directory server instance: ‘simldap’.
GLPICR085I Configuring schema files for directory server instance: ‘simldap’.
GLPICR086I Configured schema files for directory server instance: ‘simldap’.
GLPICR073I Configuring ports and IP addresses for directory server instance: ‘simldap’.
GLPICR074I Configured ports and IP addresses for directory server instance: ‘simldap’.
GLPICR077I Configuring key stash files for directory server instance: ‘simldap’.
GLPICR078I Configured key stash files for directory server instance: ‘simldap’
GLPICR046I Creating profile scripts for directory server instance: ‘simldap’.
GLPICR047I Created profile scripts for directory server instance: ‘simldap’.
GLPICR103I Adding instance information to the .profile file for directory server instance: ‘sim
ldap’.
GLPICR104I Added instance information to the .profile file for directory server instance: ‘siml
dap’.
GLPICR069I Adding entry to /etc/inittab (if supported) for the administration server for direct
ory instance: ‘simldap’.
GLPICR070I Added entry to /etc/inittab for the administration server for directory instance: ‘s
imldap’.

GLPICR118I Creating runtime executable for directory server instance: ‘simldap’.
GLPICR119I Created runtime executable for directory server instance: ‘simldap’.
GLPCTL074I Starting admin server for directory server instance: ‘simldap’.
GLPCTL075I Started admin server for directory server instance: ‘simldap’.
GLPICR029I Created directory server instance: : ‘simldap’.
GLPICR031I Adding database instance ‘simldap’ to directory server instance: ‘simldap’.
GLPCTL002I Creating database instance: ‘simldap’.
GLPCTL003I Created database instance: ‘simldap’.
GLPICR133I Setting the DB2 registry for database instance ‘simldap’ to allow DB2 SELECTIVITY.
GLPICR134I The DB2 registry for database instance ‘simldap’ has been set to allow DB2 SELECTIVI
TY.
GLPCTL017I Cataloging database instance node: ‘simldap’
GLPCTL018I Cataloged database instance node: ‘simldap’.
GLPCTL008I Starting database manager for database instance: ‘simldap’.
GLPCTL010E Failed to start database manager for database instance: ‘simldap’.
GLPCTL049I Adding TCP/IP services to database instance: ‘simldap’.
GLPCTL050I Added TCP/IP services to database instance: ‘simldap’.
GLPICR081I Configuring database instance ‘simldap’ for directory server instance: ‘simldap’.
GLPICR082I Configured database instance ‘simldap’ for directory server instance: ‘simldap’.
GLPICR052I Creating DB2 instance link for directory server instance: ‘simldap’.
GLPICR053I Created DB2 instance link for directory server instance: ‘simldap’.
GLPICR032I Added database instance ‘simldap’ to directory server instance: ‘simldap’.

sudo idscfgdb -I simldap -a simldap -t simldap -l /opt/simldap -w Hei20#wukong24 -n

设置管理员
sudo idsdnpw -I simldap -u cn=root -p Passw0rd -n
创建后缀
sudo idscfgsuf -I simldap -s “secAuthority=default”
sudo idscfgsuf -I simldap -s “o=acme”

---

3. 复制etc目录下的所有V3文件

源服务器上执行：

sudo mkdir /opt/V3

sudo find /opt/simldap/idsslapd-simldap/etc/ -name ‘V3*’ -exec cp {} /opt/V3/ \;

sudo tar -cvf /opt/V3.tar /opt/V3/

目标服务器上执行：

sudo find /opt/opt/V3/ -name ‘V3*’ -exec cp {} /opt/simldap/idsslapd-simldap/etc/ \;

---

4. idsdb2ldif，导出DB到LDIF

sudo idsdb21dif -I simldap -k passw0rd7788 -t passw0rd7788 -o /tmp/simldap-data.ldif
sudo /opt/ibm/ldap/v10.0.3/sbin/idsldif2db -I simldap -i /tmp/simldap-data-0415.1dif

---

5. idsldif2db，导入LDIF到DB

$ sudo /opt/ibm/ldap/V10.0.3/sbin/idsldif2db -I simldap -i /tmp/simldap-data-0415.ldif
GLPWRP123I The program ‘/opt/ibm/ldap/V10.0.3/sbin/64/ldif2db’ is used with the followi
ng arguments ‘-I simldap -i /tmp/simldap-data-0415.ldif’.
GLPCTL113I Largest core file size creation limit for the process (in bytes) : ‘0’ (Soft 1
imit) and ‘0’(Hard limit) .
GLPCTL119I Maximum Data Segment (Kbytes) soft ulimit for the process is -1 and the presc
ribed minimum is 262144.
GLPCTL119I Maximum File Size (512 bytes block) soft ulimit for the process is -1 and the
prescribed minimum is 2097152.
GLPCTL122I Maximum Open Files soft ulimit for the process is 65535 and the prescribed m
inimum is 500.
GLPCTL121I Maximum Stack Size (Kbytes) soft ulimit for the process was 8192 and it is mo
dified to the prescribed minimum 10240.
GLPCTL119I Maximum Virtual Memory (Kbytes) soft ulimit for the process is -1 and the pre
scribed minimum is 1048576.
GLPCOM022I The database plugin is successfully loaded from libback-config.so.
GLPSRV221I Replication of security attributes feature is disabled.
GLPSRV200I Initializing primary database and its connections.
GLPRPL137I Restricted Access to the replication topology is set to false.
GLPRPL137I Restricted Access to the replication topology is set to false.
GLPRPL137I Restricted Access to the replication topology is set to false.
GLPL2D003I ldif2db: 100 entries have been processed.
GLPL2D003I ldif2db: 200 entries have been processed.
GLPL2D003I ldif2db: 300 entries have been processed.
GLPL2D003I ldif2db: 400 entries have been processed.
GLPL2D003I ldif2db: 500 entries have been processed.
GLPL2D003I ldif2db: 600 entries have been processed.
GLPL2D003I ldif2db: 700 entries have been processed.

---

6. 对数据库进行维护
$ sudo /opt/ibm/ldap/V10.0.3/sbin/idsdbmaint -I simldap -i

GLPDBA021I All Index on table ‘UNIQUEIDENTIFIER’ will be reorganized.
GLPDBA044I The table ‘UNIQUEIDENTIFIER’ has been reorganized.
GLPDBA046I All statistics on table ‘SIMLDAP. UNIQUEIDENTIFIER’ have been updated.
GLPDBA021I All Index on table ‘UNIQUEMEMBER’ will be reorganized.
GLPDBA044I The table ‘UNIQUEMEMBER’ has been reorganized.
GLPDBA046I All statistics on table ‘SIMLDAP. UNIQUEMEMBER’ have been updated.
GLPDBA021I All Index on table ‘UPN’ will be reorganized.
GLPDBA044I The table ‘UPN’ has been reorganized.
GLPDBA046I All statistics on table ‘SIMLDAP. UPN’ have been updated.
GLPDBA021I All Index on table ‘USERPASSWORD’ will be reorganized.
GLPDBA044I The table ‘USERPASSWORD’ has been reorganized.
GLPDBA046I All statistics on table ‘SIMLDAP. USERPASSWORD’ have been updated.
GLPDBA021I All Index on table ‘WORKLOCATION’ will be reorganized.
GLPDBA044I The table ‘WORKLOCATION’ has been reorganized.
GLPDBA046I All statistics on table ‘SIMLDAP. WORKLOCATION’ have been updated.
GLPDBA027I Index reorganization task is complete.

7. SSL证书配置

编辑/opt/samldap/ibmslapd-samldap/etc/ibmslapd.conf

dn: cn=SSL, cn=Configuration
cn: SSL
ibm-slapdSecurePort: 636
#启用加密端口
ibm-slapdSecurity: SSL
ibm-slapdSecurityProtocol: TLS12
ibm-slapdSecurityProtocol: TLS13
ibm-slapdSslAuth: serverAuth
#证书标签
ibm-slapdSslCertificate: sam-qa
ibm-slapdSs1CipherSpec: AES
ibm-slapdSs1CipherSpec: AES-128
ibm-slapdSs1FIPSModeEnabled: true
ibm-slapdSs1FIPSProcessingMode: false
#证书文件路径，这个kdb格式证书可以用IBM HTTP Server的ikeyman来创建和管理。
ibm-slapdSs1KeyDatabase: /opt/samldap/idsslapd-samldap/etc/vgc2025.kdb
#证书文件密码，第一次ibm-slapdSSLKeyDatabasePW: 后输入密码保存后，再启动服务会自动加密
ibm-slapdSSLKeyDatabasePW: {AES256}iMigAPhzDg7E8sSsjD2IBA ==
ibm-slapdSs1PKCS11AcceleratorMode: none
ibm-slapdSs1PKCS11Enabled: false
ibm-slapdSs1PKCS11Keystorage: false
ibm-slapdSs1PKCS11Lib: libcknfast.so
ibm-slapdSs1PKCS11TokenLabel: none
objectclass: top
objectclass: ibm-slapdConfigEntry
obiectclass: ibm-slapdSSL