Preparing two new external servers using the prepare-external-server tool
Prepare the external directory servers, ds-central-01
and ds-central-02
, by creating the proxy user account and the supporting access rules.
About this task
Connect to the ds-central-01
PingDirectory server using StartTLS. Because you are using StartTLS, you must capture the ds-central-01
server’s certificate and put it in the trust store on your PingDirectoryProxy server instance.
The prepare-external-server
tool is located in the bin
or bat
directory of the server root directory, PingDirectoryProxy. In this example, run the tool on the ds-east-01
instance of the PingDirectoryProxy server.
Steps
-
Run the
prepare-external-server
tool to prepare the two new servers.Example:
On the first attempted bind to the server, the tool reports a
failed to bind
message because it can’t bind to thecn=Proxy User
entry because it hasn’t been created yet. The tool sets up thecn=Proxy User
entry so that the PingDirectoryProxy server can access it and tests the communication settings to the server.root@proxy-east-01: ./prepare-external-server \ --hostname ds-central-01.example.com --port 389 \ --baseDN dc=example,dc=com \ --proxyBindPassword password \ --useStartTLS \ --proxyTrustStorePath ../config/ExampleTruststore.jks Failed to bind as ‘cn=Proxy User’ Would you like to create or modify root user ‘cn=Proxy User” so that it is available for this Directory Proxy Server? (yes / no)[yes]: Enter the DN of an account on ds-central-01:389 with which to create or manage the ‘cn=Proxy User’ account [cn=Directory Manager]: Enter the password for ‘cn=Directory Manager’: Created ‘cn=Proxy User,cn=Root DNs,cn=config’ Testing ‘cn=Proxy User’ privileges ....Done
-
Repeat the process on the other new server in the central location,
ds-central-02
.For entry-balancing deployments, the global base distinguished name (DN) is required when using
prepare-external-server
.