mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 20:47:01 +01:00
a78692e9d1
* fix(docs): document the "instance" settings and flag for the CLI Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
# Domain Rename
|
|
|
|
There are some cases where you may need to rename the domain. You should have configured this
|
|
initially in the setup, however you may have a situation where a business is changing name, merging
|
|
or other needs which may prompt this needing to be changed.
|
|
|
|
> [!WARNING]
|
|
>
|
|
> This WILL break ALL PassKeys (WebAuthn tokens) that have been enrolled, which MAY cause accounts
|
|
> to be locked out and unrecoverable until further action is taken. DO NOT CHANGE the domain name
|
|
> unless REQUIRED and have a plan on how to manage these issues.
|
|
|
|
|
|
|
|
> [!NOTE]
|
|
>
|
|
> This operation MAY take an extensive amount of time as ALL accounts and groups in the domain MUST
|
|
> have their Security Principal Names (SPNs) regenerated. This WILL also cause a large delay in
|
|
> replication once the system is restarted.
|
|
|
|
You should make a backup before proceeding with this operation.
|
|
|
|
When you have a created a migration plan and strategy on handling the invalidation of webauthn, you
|
|
can then rename the domain.
|
|
|
|
First, stop the instance.
|
|
|
|
```bash
|
|
docker stop <container name>
|
|
```
|
|
|
|
Second, change `domain` and `origin` in `server.toml`.
|
|
|
|
Third, trigger the database domain rename process.
|
|
|
|
```bash
|
|
docker run --rm -i -t -v kanidmd:/data \
|
|
kanidm/server:latest /sbin/kanidmd domain rename -c /data/server.toml
|
|
```
|
|
|
|
Finally, you can now start your instance again.
|
|
|
|
```bash
|
|
docker start <container name>
|
|
```
|