RESTORE/ROLLBACK, IF REQUIRED
Assuming that a backup was created for the database, keystores and openLDAP directory, a restore can be performed to rollback to the previous state. Rollback for the keystores and database can be executed as "strongkey" user. However, restoring LDAP requires "root" access.
Prerequisites
- StrongKey FIDO Server (SKFS)
- OpenJDK 21
- Rocky 9.3
- Backups
Restore - Database and keystores
Follow the steps below to rollback the database and keystores:
-
Login as "strongkey" user and open a terminal
-
Restore the database from the backups:
shell> mariadb --user=root -p skfs < /usr/local/strongkey/backup/skfs_databasebackup.db -
Restore the keystores from the backups:
shell> cp /usr/local/strongkey/backup/ssosigningkeystore.bcfks /usr/local/strongkey/skfs/keystores shell> cp /usr/local/strongkey/backup/ssosigningtruststore.bcfks /usr/local/strongkey/skfs/keystores shell> cp /usr/local/strongkey/backup/signingkeystore.bcfks /usr/local/strongkey/skfs/keystores shell> cp /usr/local/strongkey/backup/signingtruststore.bcfks /usr/local/strongkey/skfs/keystores
Restore - openLDAP
Follow the steps to rollback are as follows:
-
Login as "root" user and open a terminal
-
Stop the LDAP server and make copies of the following directories:
shell> systemctl stop slapdshell> cp -r /etc/openldap/slapd.d /etc/openldap/slapd-<date> shell> cp -r /var/lib/ldap /var/lib/ldap-<date>
-
Remove the contents of /etc/openldap/slapd.d and /var/lib/ldap:
shell> rm -r /etc/openldap/slapd.d/* shell> rm -r /var/lib/ldap/*
-
Restore the databases for OpenLDAP. Slapadd the configuration.ldif and the database.ldif copied under backup directory:
shell> slapadd -F /etc/openldap/slapd.d -n 0 -l /usr/local/strongkey/backup/config-<date>.ldif shell> slapadd -F /etc/openldap/slapd.d -n 2 -l /usr/local/strongkey/backup/databackup-<date>.ldif
-
Change the ownership:
shell> chown -R ldap:ldap /etc/openldap/slapd.d shell> chown -R ldap:ldap /var/lib/ldap
-
Restart slapd:
shell> systemctl restart slapd
Log out as "root"