Use the prepare-external-server tool if you have added LDAP external servers using dsconfig. The create-initial-proxy-config tool automatically runs the prepare-external-server tool to configure server communications so that you do not need to invoke it separately. The create-initial-proxy-config tool verifies that the proxy user account exists and has the correct password and required privileges. If it detects any problems, it prompts for manager credentials to rectify them.

If you want the prepare-external-server tool to add the LDAP external server’s certificates to the Directory Proxy Server’s trust store, you must include the --proxyTrustStorePath option, and either the --proxyTrustStorePassword or the --proxyTrustStorePasswordFile option. The default location of the Directory Proxy Server trust store is config/truststore. The pin is encoded in the config/truststore.pin file.

For example, run the tool as follows to prepare a PingDirectory Server on the remote host, ds-east-01.example.com, listening on port 1389 for access by the Directory Proxy Server using the default user account cn=Proxy User:
prepare-external-server --hostname ds-east-01.example.com \ 
--port 1389 --baseDN dc=example,dc=com --proxyBindPassword secret  
When the prepare-external-server command above is executed, it creates the cn=Proxy User Root DN entry as well as an access control rule in the Directory Server to grant the proxy user the proxy access right.
Note: For non-Ping Identity servers, the --baseDN argument is required for the prepare-external-server tool. The base DN is used to create the global ACI entries for these servers.