Configure PingAuthorize Server to use PingDirectory Server as its user store.
-
To make a set of changes to PingDirectory Server that
PingAuthorize Server needs, including the creation
of a service account, run the prepare-external-store command.
PingAuthorize/bin/prepare-external-store \ --hostname <your-ds-host> --port 1636 --useSSL --trustAll \ --governanceTrustStorePath PingAuthorize/config/truststore \ --governanceTrustStorePasswordFile \ PingAuthorize/config/truststore.pin \ --bindDN "cn=directory manager" \ --bindPassword <your-ds-password> \ --governanceBindDN "cn=Authorize User,cn=Root DNs,cn=config" \ --governanceBindPassword <your-pingauthorize-service-account-password> \ --userStoreBaseDN "ou=people,dc=example,dc=com" \ --no-prompt
-
To configure PingAuthorize Server with a store
adapter that allows it to communicate with PingDirectory
Server to retrieve identity attributes, run the create-initial-config
command.
Note:
Using create-initial-config is optional. However, if you do not use it, you do not get the user's profile (the requester's attributes). For more information, see User profile availability in policies.
PingAuthorize/bin/create-initial-config \ --no-prompt --port 8636 --useSSL --trustAll \ --bindDN "cn=directory manager" \ --bindPassword <your-pingauthorize-password> \ --governanceBindPassword <your-pingauthorize-service-account-password> \ --externalServerConnectionSecurity useSSL \ --governanceTrustStorePath PingAuthorize/config/truststore \ --governanceTrustStorePasswordFile \ PingAuthorize/config/truststore.pin \ --userStoreBaseDN "ou=people,dc=example,dc=com" \ --userStore "<your-ds-host>:1636:Austin" \ --userObjectClass "inetOrgPerson" \ --initialSchema pass-through
This command also sets up a System for Cross-domain Identity Management (SCIM) resource type that defines a
Users
type with a SCIM schema that is automatically mapped to an LDAP type,inetOrgPerson
, on PingDirectory Server.