Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
After you have unzipped the Directory Server ZIP file, you may want to carry out the following functions depending on your deployment requirements:
Custom Schema Elements. If your deployment uses custom schema elements in a custom
schema file (for example, 98-schema.ldif), you may do one of the
- Copy your custom schema file to the config/schema directory before running setup.
- Copy your custom schema file to the config/schema directory after setup and re-start the server. If replication is enabled, the restart will result in the schema replicating to other servers in the replication topology.
- Use the Schema Editor after setup. If replication is enabled, schema definitions added through the Schema Editor will replicate to all servers in the replication topology without the need for a server restart.
- Certificates. If you are setting up a new machine instance, copy your keystore and truststore files to the <server-root>/config directory prior to running setup. The keystore and truststore passwords can be placed, in clear text, in corresponding keystore.pin and truststore.pin files in <server-root>/config.
- Encryption Passphrase. Encryption for directory data, backups, LDIF exports, and log files can be enabled during setup by providing or generating an encryption key with a passphrase.
- Locations. Location names are used to define a grouping of PingDirectory Server products based on physical proximity. For example, a location is most often associated with a single datacenter location. During the installation, assign a location to each server for optimal inter-server behavior. The location assigned to a server within Global Configuration can be referenced by components within the server as well as processes external to the server to satisfy "local" versus "remote" decisions used in replication, load balancing, and failover.
- Validate ACIs. Many directory servers allow for less restrictive application of its access control instructions (ACIs), so that they accept invalid ACIs. For example, if a Sun/Oracle server encounters an access control rule that it cannot parse, then it will simply ignore it without any warning, and the server may not offer the intended access protection. Rather than unexpectedly exposing sensitive data, PingDirectory Server rejects any ACIs that it cannot interpret, which ensures data access is properly limited as intended, but it can cause problems when migrating data with existing access control rules to a PingDirectory Server. If you are migrating from a Sun/Oracle deployment to a PingDirectory Server, PingDirectory Server provides a validate-acis tool in the bin directory (UNIX or Linux systems) or bat directory (Windows systems) that identifies any ACI syntax problems before migrating data. For more information, see Validating ACIs Before Migrating Data.
Each Server Deployment Requires an Execution of Setup - Duplicating a Server-root is not Supported. The installation of the server does not write or require any data outside of the server-root directory. After executing setup, copying the server-root to another location or system, in order to duplicate the installation, is not a supported method of deployment. The server-root can be moved to another host or disk location if a host or file system change is needed.