Configuring the first PingDirectoryProxy server
After the PingDirectoryProxy server has been installed, it can be automatically configured using the create-initial-proxy-config
tool.
About this task
The create-initial-proxy-config
tool can only be used once for this initial configuration, after which you must use dsconfig
to make any changes to your proxy server configuration.
Configuring the PingDirectoryProxy server with the create-initial-proxy-config
tool involves the following steps:
-
Providing PingDirectoryProxy server base distinguished name (DN) and password.
-
Defining locations for each of our data centers, east and west.
-
Configuring the LDAP external server in the east location.
-
Configuring the LDAP external servers in the west location.
-
Applying the changes to the PingDirectoryProxy server.
Steps
-
After completing setup, run the
create-initial-proxy-config
tool.Example:
root@proxy-east01: bin/create-initial-proxy-config
-
Provide the bind DN and password that the PingDirectoryProxy server will use to authenticate to the backend PingDirectory server instances.
The
create-initial-proxy-config
tool requires that the same bind DN and password be used to authenticate to all of the backend servers. All PingDirectoryProxy server instances have identical proxy user accounts and passwords. If necessary, the proxy user account password can be defined differently for each external server usingdsconfig
after thecreate-initial-proxy-config
tool has been executed. -
Specify the type of external server communication security that will be used to communicate with the PingDirectory server instances.
For this example, enter the option for
None
. -
Specify the base DNs of the PingDirectory server instances that the PingDirectoryProxy server will access.
For this example, use
dc=example,dc=com
. -
Enter any other base DNs of the PingDirectory server instances that will be accessed through the proxy server.
Because you are only using one proxy base DN, press Enter to finish.