Configuring the PingAuthorize user store
Configure PingAuthorize Server to use PingDirectory Server as its user store.
Steps
-
To make a set of changes to PingDirectory Server that PingAuthorize Server needs, including the creation of a service account, run the
prepare-external-storecommand.Example:
{pingauthorize}/bin/prepare-external-store \ --hostname <your-ds-host> --port 1636 --useSSL --trustAll \ --governanceTrustStorePath {pingauthorize}/config/truststore \ --governanceTrustStorePasswordFile \ {pingauthorize}/config/truststore.pin \ --bindDN "cn=directory manager" \ --bindPassword <your-ds-password> \ --governanceBindDN "cn=Authorize User,cn=Root DNs,cn=config" \ --governanceBindPassword <your-pingauthorize-service-account-password> \ --userStoreBaseDN "ou=people,dc=example,dc=com" \ --no-prompt -
To configure PingAuthorize Server with a store adapter that allows it to communicate with PingDirectory Server to retrieve identity attributes, run the
create-initial-configcommand.Using
create-initial-configis optional. However, if you do not use it, you do not get the user’s profile (the requester’s attributes). For more information, see User profile availability in policies.Example:
{pingauthorize}/bin/create-initial-config \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --governanceBindPassword <your-pingauthorize-service-account-password> \ --externalServerConnectionSecurity useSSL \ --governanceTrustStorePath {pingauthorize}/config/truststore \ --governanceTrustStorePasswordFile \ {pingauthorize}/config/truststore.pin \ --userStoreBaseDN "ou=people,dc=example,dc=com" \ --userStore "<your-ds-host>:1636:Austin" \ --userObjectClass "inetOrgPerson" \ --initialSchema pass-throughThis command also sets up a System for Cross-domain Identity Management (SCIM) resource type that defines a
Userstype with a SCIM schema that is automatically mapped to an LDAP type,inetOrgPerson, on PingDirectory Server.