PingDirectory

Installing the PingDirectory server in interactive mode

The setup command provides an interactive text-based command-line interface to set up a PingDirectory server instance.

Before you begin

Steps

  1. Extract the distribution .zip archive, then go to the server root directory.

  2. Run the setup command.

    Example:

    $ ./setup

    If the JAVA_HOME environment variable is set to an older version of Java, explicitly specify the path to the Java Development Kit (JDK) installation during the setup process. Either set the <JAVA_HOME> environment variable with the JDK path or execute the setup command in a modified Java environment using the env command.

    Example:

    $ env JAVA_HOME=/ds/java ./setup
  3. Read the Ping Identity End-User License Agreement, and type yes to continue.

  4. Enter the fully qualified host name or IP address of the local host, or press Enter to accept the default.

  5. Enter the distinguished name (DN) for the initial root user, or press Enter to accept the default (cn=Directory Manager).

  6. Enter and confirm the root user password.

  7. Press Enter to enable the Ping Identity services (Configuration, Consent, Delegated Admin, Documentation, and Directory REST API) and Administrative Console over HTTPS.

    After setup, you can enable or disable individual services and applications by configuring the HTTPS Connection Handler.

  8. Enter the port on which the PingDirectory server will accept connections from HTTPS clients, or press Enter to accept the default.

  9. Select the unencrypted LDAP connection setting option for this server or press Enter to accept the default (option 3).

    Choose from:

    • Do not accept unencrypted LDAP connections

      If you select this option, skip to step 12.

    • Accept unencrypted LDAP connections, but require StartTLS to secure all communication on those connections

    • Accept unencrypted LDAP connections, but optionally allow StartTLS to secure communication on those connections

    • Accept unencrypted LDAP connections and do not enable support for StartTLS

  10. Enter the port on which the PingDirectory server will accept connections from LDAP clients, or press Enter to accept the default.

  11. Select the desired setting for enabling LDAPS, or press Enter to accept the default.

    If you do not enable LDAPS, skip to step 12.

  12. Enter the port on which the PingDirectory server will accept connections from LDAPS clients, or press Enter to accept the default.

  13. Select the certificate option for this server:

    Choose from:

    • Generate self-signed certificate (recommended for testing purposes only).

    • Use an existing certificate located on a Java Keystore (JKS). Enter the keystore path and keystore PIN to use an existing certificate using a Java Keystore.

    • Use an existing certificate located on a PKCS12 keystore. Enter the keystore path and the keystore PIN to use an existing certificate using use a PKCS#12 keystore.

    • Use an existing certificate on a PKCS11 token. Enter only the keystore PIN to use the PKCS#11 token.

  14. Choose the desired encryption for the directory data, backups, and log files from the choices provided:

    Choose from:

    • Encrypt data with a key generated from an interactively provided passphrase. Using a passphrase (obtained interactively or read from a file) is the recommended approach for new deployments. Use the same encryption passphrase when setting up each server in the topology.

    • Encrypt data with a key generated from a passphrase read from a file.

    • Encrypt data with a randomly generated key. This option is primarily intended for testing purposes, especially when only testing with a single instance, or if you intend to import the resulting encryption settings definition into other instances in the topology.

    • Encrypt data with an imported encryption settings definition. This option is recommended if you are adding a new instance to an existing topology that has older server instances with data encryption enabled.

    • Do not encrypt server data.

  15. Type the base DN for the data, or accept the default base DN of dc=example,dc=com.

  16. To choose an option to generate and import sample data, type the desired number of entries, or press Enter to accept the default number (10000).

    This option is used for quick evaluation of the PingDirectory server. See Importing data if you want to use other options to initialize the server.

  17. Choose the option to tune the amount of memory that will be consumed by the PingDirectory server and its tools.

  18. Press Enter to prime or preload the database cache at startup before accepting client connections.

    Priming the cache can increase the startup time for the PingDirectory server but provides optimum performance after startup has completed. This option is best used for strict throughput or response time performance requirements, or if other replicas in a replication topology can accept traffic while this PingDirectory server instance is starting. Priming the cache can also allow the server to collect information at startup that can be helpful in tuning garbage collection in the Java virtual machine (JVM). See JVM garbage collection using CMS.

  19. Enter a location name for this server.

  20. Enter a unique instance name for this server.

    You cannot change the name after you set it.

  21. Press Enter to accept the default (yes) to start the PingDirectory server after the configuration has completed.

    Enter no if you want to configure additional settings or import data. Doing this keeps the server in shutdown mode.

  22. Select the desired option for populating the config/tools.properties file during setup, or press Enter to select the default (option 1).

    Choose from:

    • Do not populate the tools.properties file

    • Populate the tools.properties file with properties needed to connect to the server

    • Populate the tools.properties file with properties needed to connect to the server, and also include the initial root user DN as the default bind DN

    • Populate the tools.properties

    file with propertiesThis fourth option, which is not recommended for production environments, populates the tools.properties file with properties needed to connect to the server, includes the DN for the initial root user as the default bind DN, and writes the password for that user to a tools.pin file for use as the default bind password.

  23. In the Setup Summary window, review your configuration details, and then select your setup option, or press Enter to select the default (option 1): file with properties needed to connect to the server, and also include the DN and password for the initial root user DN as the default bind DN and password

    Choose from:

    • Set up the server with the parameters you have given

    • Provide the setup parameters again

    • Cancel the setup

Result

If you select option 1, your PingDirectory server is configured and initialized.