For additional changes, use the dsconfig
command. For proxy installation and configuration details, see the PingDirectoryProxy Server Administration Guide.
-
From the PingDirectoryProxy server root directory, run
the prepare-external-server command to set up the
cn=Proxy User
account for access to the backend directory servers. The server tests the connection and creates thecn=Proxy User
account.$ bin/prepare-external-server --no-prompt \ --hostname ldap-west-01.example.com \ --port 389 --bindDN "cn=Directory Manager" \ --bindPassword password \ --proxyBindDN "cn=Proxy User,cn=Root DNs,cn=config" \ --proxyBindPassword pass \ --baseDN "dc=example,dc=com"
- Repeat step 1 for any other directory server instances.
-
Run the dsconfig command to define the external servers and
their types. For this example, round-robin load balancing algorithms are defined,
which do not require health checks or locations to be specified.
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-01 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-01.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-02 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-02.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-03 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-03.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server --server-name ldap-west-04 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-04.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Create a load-balancing algorithm for each backend set.
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-1" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-01" \ --set "backend-server:ldap-west-02" \ --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-2" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-03" --set "backend-server:ldap-west-04" --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Configure the proxying request processors, one for each load-balanced directory
server set. A request processor provides the logic to either process the operation
directly, forward the request to another server, or hand off the request to another
request processor.
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-1" --type "proxying" \ --set "load-balancing-algorithm:test-lba-1" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-2" --type "proxying" \ --set "load-balancing-algorithm:test-lba-2" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define an entry-balancing request processor. This request processor is used to
distribute entries under a common parent entry among multiple backend sets. A backend
set is a collection of replicated directory servers that contain identical portions
of the data. Multiple proxying request processors are used to process operations.
Next, define the placement algorithm, which selects the server set to use for new add operations to create new entries. In this example, a round-robin placement algorithm forwards LDAP add requests to backend sets.
$ bin/dsconfig --no-prompt create-placement-algorithm \ --processor-name "entry-balancing-processor" \ --algorithm-name "round-robin-placement" \ --set "enabled:true" \ --type "round-robin" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define the subtree view that specifies the base distinguished name (DN)
for the entire deployment.
$ bin/dsconfig --no-prompt create-subtree-view \ --view-name "test-view" \ --set "base-dn:dc=example,dc=com" \ --set "request-processor: entry-balancing-processor" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Finally, define a client connection policy that specifies how the client connects
to the proxy server.
$ bin/dsconfig --no-prompt set-client-connection-policy-prop \ --policy-name "default" \ --add "subtree-view:test-view" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd