PingDirectory

Installing the server in non-interactive mode

You can run the setup command in non-interactive mode to automate the installation process using a script or to run the command directly from the command line.

The following sections describe how to install the first PingDirectoryProxy server, how to install additional servers, and how to install the server with a truststore.

Installing the first server

About this task

The setup command automatically chooses the maximum heap size. You can manually tune the maximum amount of memory devoted to the server’s process heap using the --maxHeapSize option. The --maxHeapSize option is only valid if the --entryBalancing option is also present.

If you are using entry balancing, tune the amount of memory devoted to the PingDirectoryProxy server using the --entryBalancing option as follows.

--entryBalancing --maxHeapSize 1g

The amount of memory allowed when using the --entryBalancing option is calculated and depends on the amount of system memory available.

If you already configured a truststore, you can run the setup command to enable security. The following example enables both SSL and StartTLS security. It also specifies a Java Keystore (JKS) and Truststore that define the server certificate and trusted CA. The passwords for the keystore files are defined in the corresponding .pin files, where the password is written on the first line of the file. The values in the .pin files are copied to the <server-root>/config directory in the keystore.pin file.

$ env JAVA_HOME=/ds/java ./setup \
   --no-prompt --rootUserDN "cn=Directory Manager" \
   --rootUserPassword "password" --ldapPort 389 \
   --enableStartTLS --ldapsPort 636 \
   --useJavaKeystore /path/to/devkeystore.jks \
   --keyStorePasswordFile /path/to/devkeystore.pin \
   --certNickName server-cert \
   --useJavaTrustStore /path/to/devtruststore.jks \
   --trustStorePasswordFile /path/to/devtruststore.pin \
   --acceptLicense

The password to the private key within the keystore is expected to be the same as the password to the keystore. If this is not the case, you can define the private key password within the administrative console or using the dsconfig command by editing the Trust Manager Provider standard configuration object.

Steps

  1. Run the setup command with the --no-prompt option.

The command uses the default root user distinguished name (DN) (cn=Director Manager) with the specified --rootUserPassword option. You must include the --acceptLicense, --instanceName, and --location options or the setup command will generate an error message.

$ env JAVA_HOME=/ds/java ./setup --no-prompt \
--rootUserDN "cn=Directory Manager" \
--rootUserPassword "password" --ldapPort 389 \
--acceptLicense \
--instanceName ds1 --location Denver

Installing additional servers

Steps

  1. Run the setup tool with the --no-prompt option.

$ env JAVA_HOME=/ds/java ./setup --no-prompt \
--rootUserDN "cn=Directory Manager" \
--rootUserPassword "password" --ldapPort 1389 \
--localHostName proxy2.example.com \
--peerHostName proxy1.example.com --peerPort 389 \
--peerUseNoSecurity --acceptLicense --instanceName ds1 \
--location austin1

Installing the server with a truststore

About this task

If you’ve already configured a trust store, you can use the setup command to enable security. The following example enables SSL security and specifies a Java KeyStore (JKS) and truststore that define the server certificate and trusted certificate authority (CA). The passwords for the keystore files are defined in the corresponding .pin files, where the password displays on the first line of the file. The values in the .pin files are copied to the server-root/config directory in the keystore.pin and truststore.pin files.

Steps

  1. To install a PingDirectoryProxy server with a truststore, run the setup command.

$ env JAVA_HOME=/ds/java ./setup \
  --no-prompt --rootUserDN "cn=Directory Manager" \
  --rootUserPassword "password" \
  --ldapPort 389 --ldapsPort 636 \
  --useJavaKeystore /path/to/devkeystore.jks \
  --keyStorePasswordFile /path/to/devkeystore.pin \
  --certNickName server-cert \
  --useJavaTrustStore /path/to/devtruststore.jks \
  --acceptLicense \
  --instanceName ds1 --location Denver

In order to update the trust store, the password must be provided

See 'prepare-external-server --help' for general overview

Testing connection to ds-east-01.example.com:1636 ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' access .....
Created 'cn=Proxy User,cn=Root DNs,cn=config'

Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ..... Done
Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges ..... Done
Verifying backend 'dc=example,dc=com' ..... Done