Sample dsconfig batch files
PingAuthorize provides sample dsconfig
batch files that you can use to easily make a number of common or recommended changes to the server configuration.
The config/sample-dsconfig-batch-files
directory contains dsconfig
batch files that you can use to configure various aspects of the server. For example, these files can enable additional security capabilities or take advantage of features that might require customization from one environment to another.
Each file includes comments that describe the purpose and benefit of its configuration change. You can choose which of the changes you want to apply.
You need to customize some of the batch files to provide values that might vary from one environment to another. To apply a batch file that requires changes, copy it to another directory and edit the copy. Leave the files in the config/sample-dsconfig-batch-files
directory unchanged so that they can be updated when you upgrade the server. To specify the path to the file that contains the changes to apply, use the dsconfig
tool (bin/dsconfig
on UNIX-based systems or bat\dsconfig.bat
on Windows) with the --batch-file
argument.
You should also provide the arguments needed to connect and authenticate to the server. The --no-prompt
argument ensures that the tool does not block while waiting for input if any necessary arguments are missing. Consider this example.
bin/dsconfig --hostname localhost \ --port 636 --useSSL --trustStorePath config/truststore \ --bindDN "uid=admin,dc=example,dc=com" \ --bindPasswordFile admin-password.txt \ --batch-file config/hardening-dsconfig-batch-files/reject-insecure-request.dsconfig \ --no-prompt