This tool creates the following configuration:
  • An LDAP store adapter named UserStoreAdapter
  • A load-balancing algorithm named User Store LBA
  • One or more LDAP external servers
  • (Optional) A SCIM resource type named Users
  • (Optional) SCIM schema, attributes, and attribute mappings for the Users resource type

If run interactively, create-initial-config walks you through the configuration process. You should be prepared to provide connection information for your directory servers.

You can also run create-initial-config noninteractively, which is useful when performing a scripted deployment. For an example, see Configuring the PingAuthorize user store.

The following table describes a key subset of the tool's command-line options.

Option Description
--governanceBindDN The bind DN for a user account that PingAuthorize Server will use to access backend LDAP servers. Create this account using the prepare-external-store tool.
--governanceBindPassword The password for the above account.
--userStore The host, LDAP / LDAPS port, and optional location of a backend LDAP server. You can specify this option once per each backend server.
--userStoreBaseDN The base DN under which entries are stored.
--userObjectClass The structural LDAP object class of entries for the SCIM subsystem to handle if --initialSchema has the none or pass-through value.
--initialSchema
The SCIM schema and resource type configuration to use. Supports the following values:
  • pass-through

    Creates a pass-through SCIM resource type called Users for the LDAP object class specified by the --userObjectClass option.

  • user

    Creates a mapping SCIM resource type called Users with an example schema. For more information about this schema, see <server-root>/resource/starter-schemas/README.txt.

  • none

    Does not create a SCIM resource type.

For more information about running create-initial-config, see its help by running the following command.

create-initial-config --help

When using create-initial-config noninteractively, you should also run prepare-external-store for each backend LDAP server. This tool creates a privileged user account on the LDAP server for use by PingAuthorize Server and configures a set of global access control instructions (ACIs) needed by this account.