PingAuthorize

Sample dsconfig batch files

PingAuthorize provides sample dsconfig batch files that you can use to easily make a number of common or recommended changes to the server configuration.

The config/sample-dsconfig-batch-files directory contains dsconfig batch files that you can use to configure various aspects of the server. For example, these files can enable additional security capabilities or take advantage of features that might require customization from one environment to another.

Each file includes comments that describe the purpose and benefit of its configuration change. You can choose which of the changes you want to apply.

You need to customize some of the batch files to provide values that might vary from one environment to another. To apply a batch file that requires changes, copy it to another directory and edit the copy. Leave the files in the config/sample-dsconfig-batch-files directory unchanged so that they can be updated when you upgrade the server. To specify the path to the file that contains the changes to apply, use the dsconfig tool (bin/dsconfig on UNIX-based systems or bat\dsconfig.bat on Windows) with the --batch-file argument.

You should also provide the arguments needed to connect and authenticate to the server. The --no-prompt argument ensures that the tool does not block while waiting for input if any necessary arguments are missing. Consider this example.

bin/dsconfig --hostname localhost \
  --port 636 --useSSL --trustStorePath config/truststore \
  --bindDN "uid=admin,dc=example,dc=com" \
  --bindPasswordFile admin-password.txt \
  --batch-file config/hardening-dsconfig-batch-files/reject-insecure-request.dsconfig \
  --no-prompt