从SDS 6.4迁移LDAP数据到ISVD 10.0.3
2025 年 3 月 5 日ISIMDB数据库异地还原备份
2025 年 3 月 26 日
环境:
ISVGIM 10.0.2.3 VA
ISVA 10.0.8 VA
ISVDI 10.0.0.2 RHEL 8.9
ISVD 10.0.3 RHEL 8.9
执行 RgyConfig 后,没有报错。
sudo java -cp “/opt/IBM/TDI/V10/java/export/rgy/com.tivoli.pd.rgy.jar” com.tivoli.pd.rgy.util.RgyConfig “/opt/IBM/TDI/V10/timsol/tam.conf” create Default Default “10.2.3.4:389:readwrite:5” “cn=root,secAuthority=Default” Pa55w0rd “/opt/IBM/TDI/V10/serverapi/testadmin.jks” administrator
生成了tam.conf文件
$ sudo cat /opt/IBM/TDI/V10/timsol/tam.conf
#IBM Security Access Manager
#Fri Mar 07 17:25:52 CST 2025
mgmt_domain=Default
ldap.bind-pwd={obf2}S29912bluh\=
ldap.ssl-enable=false
ldap.bind-dn=cn\=root,secAuthority\=Default
ldap.mgmt=true
ldap.svrs=10.2.3.4\:389\:readwrite\:5;
ldap.mgmt-version=10.0.8
ldap.ssl-truststore-pwd={obf2}Q210903BluhI\=
local_domain=Default
ldap.ssl-truststore=file\:/opt/IBM/TDI/V10/serverapi/testadmin.jks
$ sudo /opt/IBM/TDI/V10/timsol/ITIMAd stop
Platform is Linux
Shutting down the IBM Security Verify Governance Adapter service
PID File Exists
问题:点开ISAM Service,输入连接信息,
点Test Connection,报错CTGIMT600E。
问题排查:
登陆ISVGIM的管理端,参考下文
Understanding the settings of the enRoleLogging.properties file in ISVG-IM
开启’logger.trace.com.ibm.itim.remoteservices.level=DEBUG_MAX’ 后trace.log里记录报错
从ibmdi.log日志里看到,2025-03-13 18:45:04,261 INFO [ITIM_Dispatcher] – Binding RMIDispatcherImpl[UnicastServerRef2 [liveRef: [endpoint:10.2.3.4:38765,com.ibm.di.dispatcher.socketFactory.SecureRMIServerFactory@f0e5f750,com.ibm.di.dispatcher.socketFactory.SecureRMIClientFactory@fa0612a1,objID:[6b4e3d48:1958f1b7bc3:-7ffd, -1952169880889706378]]]] Dispatcher as [SDIDispatcher]
mi://10.2.3.4:1099/ITDIDispatcher 这个配置地址在V10中应该被改成mi://10.2.3.4:1099/SDIDispatcher
保存重启后,证书提示不被信任,需要将ISVDI的SSL证书通过openssl导出,然后手工添加到cacerts受信任的SSL证书库:
https://www.ibm.com/docs/en/sig-and-i/10.0.2?topic=configuration-managing-ssl-certificate
