Preparing two new external servers using the prepare-external-server tool

Prepare the external directory servers, ds-central-01 and ds-central-02, by creating the proxy user account and the supporting access rules.

About this task

Connect to the ds-central-01 PingDirectory server using StartTLS. Because you are using StartTLS, you must capture the ds-central-01 server’s certificate and put it in the trust store on your PingDirectoryProxy server instance.

The prepare-external-server tool is located in the bin or bat directory of the server root directory, PingDirectoryProxy. In this example, run the tool on the ds-east-01 instance of the PingDirectoryProxy server.

Steps

Run the prepare-external-server tool to prepare the two new servers.

Example:

On the first attempted bind to the server, the tool reports a failed to bind message because it can’t bind to the cn=Proxy User entry because it hasn’t been created yet. The tool sets up the cn=Proxy User entry so that the PingDirectoryProxy server can access it and tests the communication settings to the server.

root@proxy-east-01: ./prepare-external-server \
--hostname ds-central-01.example.com --port 389 \
--baseDN dc=example,dc=com \
--proxyBindPassword password  \
--useStartTLS \
--proxyTrustStorePath ../config/ExampleTruststore.jks

Failed to bind as ‘cn=Proxy User’

Would you like to create or modify root user ‘cn=Proxy User” so that it is
available for this Directory Proxy Server? (yes / no)[yes]:

Enter the DN of an account on ds-central-01:389 with which to create or manage the ‘cn=Proxy User’
account [cn=Directory Manager]:

Enter the password for ‘cn=Directory Manager’:

Created ‘cn=Proxy User,cn=Root DNs,cn=config’
Testing ‘cn=Proxy User’ privileges ....Done

Repeat the process on the other new server in the central location, ds-central-02.

For entry-balancing deployments, the global base distinguished name (DN) is required when using prepare-external-server.