Updating the topology registry
After the server connection handlers are updated to enable TLS, update the topology registry to provide information about the new configuration.
The topology registry holds information about server instances that are part of the environment, and it helps to facilitate inter-server communication, such as replication, mirroring portions of the configuration, and the PingAuthorize automatic backend server-discovery functionality.
The following table details the two types of entries that require updating.
Configuration Type | Update description | ||
---|---|---|---|
Server instance listener configuration |
bin/dsconfig set-server-instance-listener-prop \ --instance-name ds1 \ --listener-name ldap-listener-mirrored-config \ --set server-ldap-port:636 \ --set connection-security:ssl \ --set 'listener-certificate>/ca/ds1-cert.pem'
|
||
Server instance configuration |
The following example code sets the LDAPS and HTTPS ports, indicates that StartTLS support is enabled, and instructs other instances to use SSL (LDAPS) when communicating with the instance. dsconfig set-server-instance-prop \ --instance-name ds1 \ --set ldaps-port:636 \ --set https-port:443 \ --set preferred-security:ssl \ --set start-tls-enabled:true |