Installing the first server
Steps
-
Change to the server root directory.
Example:
cd PingDirectoryProxy
-
Run the
setup
command.$ ./setup
-
Read the Ping Identity End-User License Agreement, and type
yes
to continue. -
Press Enter to accept the default of
no
in response to adding this new server to an existing topology.Would you like to add this server to an existing Directory Proxy Server topology? (yes / no) [no]:
-
Enter the fully qualified host name for this server, or press Enter to accept the default.
-
Create the initial root user DN for this server, or press Enter to accept the default.
-
Enter and confirm a password for this account.
-
To enable the PingDirectoryProxy server services (Configuration, Documentation, and Directory REST API) and Administrative Console over HTTPS, press Enter to accept the default. After setup, individual services can be enabled or disabled by configuring the HTTPS Connection Handler.
-
Enter the port on which the PingDirectoryProxy server should accept connections from HTTPS clients, or press Enter to accept the default.
-
Enter the port on which the PingDirectoryProxy server should accept connections from LDAP clients, or press Enter to accept the default.
-
The next two options enable LDAPS and StartTLS. Press Enter to accept the default (yes), or type no. If either are enabled, certificate options are required. To use the Java Keystore or the PKCS#12 keystore, the keystore path and the key PIN are required. To use the PKCS#11 token, only the key PIN is required.
-
Choose a certificate server option:
Choose from:
-
1) Generate self-signed certificate (recommended for testing purposes only)
-
2) Use an existing certificate located on a Java Keystore (JKS)
-
3) Use an existing certificate located on a PKCS#12 keystore
-
4) Use an existing certificate on a PKCS#11 token
-
-
Choose the desired encryption for backups and log files from the choices provided:
Choose from:
-
Encrypt data with a key generated from an interactively provided passphrase. Using a passphrase (obtained interactively or read from a file) is the recommended approach for new deployments, and you should use the same encryption passphrase when setting up each server in the topology.
-
Encrypt data with a key generated from a passphrase read from a file.
-
Encrypt data with a randomly generated key. This option is primarily intended for testing purposes, especially when only testing with a single instance, or if you intend to import the resulting encryption settings definition into other instances in the topology.
-
Encrypt data with an imported encryption settings definition. This option is recommended if you are adding a new instance to an existing topology that has older server instances with data encryption enabled.
-
Do not encrypt server data.
-
-
To configure your PingDirectoryProxy server to use entry balancing, type
yes
, or accept the defaultno
. In an entry balancing environment, entries immediately beneath the balancing base DN are divided into disjoint subsets. Each subset of data is handled by a separate set of one or more directory server instances, which replicate this subset of data between themselves. Choosingyes
will enable more memory be allocated to the server and tools. -
Choose the option for the amount of memory to assign to this server.
-
Enter an option to set up the server with the current configuration, provide new parameters, or cancel.
-
After setup is complete, choose the next configuration option.
This server is now ready for configuration What would you like to do? 1) Start 'create-initial-proxy-config' to create a basic initial configuration (recommended for new users) 2) Start 'dsconfig' to create a configuration from scratch 3) Quit Enter choice [1]: