Configure a proxy server
About this task
The following procedure configures a proxy server, including defining the external servers and configuring the client-connection policy. The procedure is the same for the source servers and the destination servers in a synchronization topology.
For additional changes, use the dsconfig
command. For proxy installation and configuration details, see the PingDirectoryProxy Server Administration Guide.
Steps
-
From the PingDirectoryProxy server root directory, run the
prepare-external-server
command to set up thecn=Proxy User
account for access to the backend directory servers. The server tests the connection and creates thecn=Proxy User
account.$ bin/prepare-external-server --no-prompt \ --hostname ldap-west-01.example.com \ --port 389 --bindDN "cn=Directory Manager" \ --bindPassword password \ --proxyBindDN "cn=Proxy User,cn=Root DNs,cn=config" \ --proxyBindPassword pass \ --baseDN "dc=example,dc=com"
-
Repeat step 1 for any other directory server instances.
-
Run the
dsconfig
command to define the external servers and their types. For this example, round-robin load balancing algorithms are defined, which do not require health checks or locations to be specified.$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-01 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-01.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-02 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-02.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-03 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-03.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server --server-name ldap-west-04 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-04.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Create a load-balancing algorithm for each backend set.
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-1" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-01" \ --set "backend-server:ldap-west-02" \ --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-2" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-03" --set "backend-server:ldap-west-04" --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Configure the proxying request processors, one for each load-balanced directory server set. A request processor provides the logic to either process the operation directly, forward the request to another server, or hand off the request to another request processor.
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-1" --type "proxying" \ --set "load-balancing-algorithm:test-lba-1" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-2" --type "proxying" \ --set "load-balancing-algorithm:test-lba-2" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define an entry-balancing request processor. This request processor is used to distribute entries under a common parent entry among multiple backend sets. A backend set is a collection of replicated directory servers that contain identical portions of the data. Multiple proxying request processors are used to process operations.
Next, define the placement algorithm, which selects the server set to use for new add operations to create new entries. In this example, a round-robin placement algorithm forwards LDAP add requests to backend sets.
$ bin/dsconfig --no-prompt create-placement-algorithm \ --processor-name "entry-balancing-processor" \ --algorithm-name "round-robin-placement" \ --set "enabled:true" \ --type "round-robin" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define the subtree view that specifies the base distinguished name (DN) for the entire deployment.
$ bin/dsconfig --no-prompt create-subtree-view \ --view-name "test-view" \ --set "base-dn:dc=example,dc=com" \ --set "request-processor: entry-balancing-processor" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Finally, define a client connection policy that specifies how the client connects to the proxy server.
$ bin/dsconfig --no-prompt set-client-connection-policy-prop \ --policy-name "default" \ --add "subtree-view:test-view" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd