PingDirectory

Preparing two new external servers using the prepare-external-server tool

Prepare the external directory servers, ds-central-01 and ds-central-02, by creating the proxy user account and the supporting access rules.

About this task

Connect to the ds-central-01 PingDirectory server using StartTLS. Because you are using StartTLS, you must capture the ds-central-01 server’s certificate and put it in the trust store on your PingDirectoryProxy server instance.

The prepare-external-server tool is located in the bin or bat directory of the server root directory, PingDirectoryProxy. In this example, run the tool on the ds-east-01 instance of the PingDirectoryProxy server.

Steps

  1. Run the prepare-external-server tool to prepare the two new servers.

    Example:

    On the first attempted bind to the server, the tool reports a failed to bind message because it can’t bind to the cn=Proxy User entry because it hasn’t been created yet. The tool sets up the cn=Proxy User entry so that the PingDirectoryProxy server can access it and tests the communication settings to the server.

    root@proxy-east-01: ./prepare-external-server \
    --hostname ds-central-01.example.com --port 389 \
    --baseDN dc=example,dc=com \
    --proxyBindPassword password  \
    --useStartTLS \
    --proxyTrustStorePath ../config/ExampleTruststore.jks
    
    Failed to bind as ‘cn=Proxy User’
    
    Would you like to create or modify root user ‘cn=Proxy User” so that it is
    available for this Directory Proxy Server? (yes / no)[yes]:
    
    Enter the DN of an account on ds-central-01:389 with which to create or manage the ‘cn=Proxy User’
    account [cn=Directory Manager]:
    
    Enter the password for ‘cn=Directory Manager’:
    
    Created ‘cn=Proxy User,cn=Root DNs,cn=config’
    Testing ‘cn=Proxy User’ privileges ....Done
  2. Repeat the process on the other new server in the central location, ds-central-02.

    For entry-balancing deployments, the global base distinguished name (DN) is required when using prepare-external-server.