1. Run the create-initial-proxy-config tool.
    root@austin-proxy1: ./bin/create-initial-proxy-config     
  2. Our topology meets the requirements, press Enter to continue:
    Some assumptions are made about the topology to keep 
    this tool simple:    
    
    1) all servers will be accessible via a single user account 
    2) all servers support the same communication security type 
    3) all servers are PingDirectoryProxy Servers
    
    If your topology does not have these characteristics you can 
    use this tool to define a basic configuration and then use the 
    'dsconfig' tool or the Administrative Console to fine tune the configuration.
    
    Would you like to continue? (yes / no) [yes]:
  3. Provide the external server access credentials. All of our proxies have identical proxy user accounts and passwords.
    Enter the DN of the proxy user account [cn=Proxy User,cn=Root DNs,cn=config]:    
    
    Enter the password for 'cn=Proxy User,cn=Root DNs,cn=config': 
    Confirm the password for 'cn=Proxy User,cn=Root DNs,cn=config':    
    
  4. Specify the type of security that the Directory Proxy Server will use to communicate with Directory Servers.
  5. Enter a base DN of the Directory Server instances that will be accessed by the Directory Proxy Server.
  6. Define the balancing point as a separate base DN, which is entry balanced:
    Enter another base DN of the directory server instances that 
    will be accessed through the Directory Proxy Server:
    
        1)Remove dc=example,dc=com
    
        b)back
    
        q)quit
    
    Enter a DN or choose a menu item [Press ENTER when finished 
    entering base DNs]: ou=people,dc=example,dc=com    
    
    Are entries within 'ou=people,dc=example,dc=com' split across 
    multiple servers so that each server stores only a subset of 
    the entries (i.e. is this base DN 'entry balanced')? (yes / no)
    [no]: yes    
    
  7. In this example, the data in ou=people,dc=example,dc=com will be split across two backend sets. Enter 2 to specify that the data will be balanced across two sets of servers.
    Across how many sets of servers is the data balanced? 
    
        c) cancel creating ou=people,dc=example,dc=com 
        q) quit    
    
    Enter a number greater than one or choose a menu item: 2    
  8. The balancing point is the same as our base DN, ou=people,dc=example,dc=com., so we use it as the entry balancing base.
    >>>> Entry Balancing Base
    
    The entry balancing base DN specifies the entry below which the 
    data is balanced. Entries not below this entry must be duplicated 
    in all the server sets. If all the entries in the base DN are 
    distributed the entry balancing base DN is the same as the base DN. 
    
        c) cancel creating ou=people,dc=example,dc=com 
        b) back 
        q) quit    
    
    Enter the entry balancing base DN or choose a menu item 
    [ou=people,dc=example,dc=com]: ou=people,dc=example,dc=com    
    
  9. To improve the performance for equality search filters referencing the uid attribute, create a uid global index. Enter yes to add a new attribute to the global index.
  10. Specify the uid attribute.
    Enter attributes that you would like to add to the global index:
    
        c)cancel creating ou=people,dc=example,dc=com 
        b)back 
        q)quit    
    
    Enter an attribute name or choose a menu item [Press ENTER when 
    finished entering index attributes]: uid    
    
  11. To optimize Directory Proxy Server performance from the moment it starts accepting connections, enter the number corresponding to "Yes, and all subsequent attributes."
  12. Press Enter to finish specifying index attributes.
  13. Press Enter to enable RDN index priming.
    Would you like to enable RDN index priming for 
    'ou=people,dc=example,dc=com'? (yes / no) [yes]:   
    
  14. Press Enter to finish specifying base DNs.
    Enter another base DN of the directory server instances that 
    will be accessed through the Directory Proxy Server:
    
        1) Remove dc=example,dc=com 
        2) Remove ou=people,dc=example,dc=com (distributed)         
    
        b)  back
        q)  quit
    
    Enter a DN or choose a menu item [Press ENTER when finished 
    entering base DNs]:    
    
  15. The external servers are spread among two locations, New York and Austin. This Directory Proxy Server instance is located in the austin location.
    A good rule of thumb when naming locations is to use the 
    name of your data centers or the cities containing them.     
    
        b)  back
        q)  quit
    
    Enter a location name or choose a menu item: austin
    
        1)  Remove austin
    
        b)  back
        q)  quit  
    
  16. Define the newyork location:
    Enter another location name or choose a menu item [Press ENTER      
    when finished entering locations]: newyork
    
        1)  Remove austin
        2)  Remove newyork
    
        b)  back
        q)  quit
    
    Enter another location name or choose a menu item [Press ENTER 
    when finished entering locations]:     
    
  17. Select the austin location for this Directory Proxy Server instance:
    Choose the location for this Directory Proxy Server     
    
        1) austin
        2) newyork
    
        b) back
        q) quit
    
    Enter choice [1]:
  18. Specify the LDAP external server instances associated with this location.
    Enter the host and port (host:port) of the first directory server 
    in 'austin'     
    
         b)  back
         q)  quit
      
    Enter a host:port or choose a menu item [localhost:389]: 
    austin-set1.example.com:389    
    
  19. Specify that the austin-set1 server can handle requests from the global domain and from set 1 restricted domain.
    Assign server austin-set1.example.com:389 to handle requests for 
    one or more of the defined sets of data:      
    
        1) dc=example,dc=com
        2) ou=people,dc=example,dc=com; Server Set 1
        3) ou=people,dc=example,dc=com; Server Set 2
        
    Enter one or more choices separated by commas: 1,2
  20. Enter the number corresponding to "Yes, and all subsequent servers" to prepare the server for access by the Directory Proxy Server.
    Would you like to prepare austin-set1.example.com:389 for access 
    by the Directory Proxy Server?
    
           1)Yes
           2)No
           3)Yes, and all subsequent servers
           4)No, and all subsequent servers
    
    Enter choice [3]:
  21. Select the entry-balanced data set that the austin-set1 server replicates with other servers.
    You may choose a single entry-balanced data set with which 
    austin-set1.example.com:389 will replicate data with other servers   
    
        1) ou=people,dc=example,dc=com; Server Set 1
        2) None, data will not be replicated
       
    Enter choice: 1
      
    Testing connection to austin-set1.example.com:389 ..... Done 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ....Denied    
    
  22. Modify the root user for use by the Directory Proxy Server, specifying the directory manager password for the initial creation of the proxy user.
    Would you like to create or modify root user 'cn=Proxy User,
    cn=Root DNs,cn=config' so that it is available for this 
    Directory Proxy Server? (yes / no) [yes]:    
    
    Enter the DN of an account on austin-set1.example.com:389 
    with which to create or manage the 'cn=Proxy User,cn=Root DNs,
    cn=config' account and configuration [cn=Directory Manager]:
    
    Enter the password for 'cn=Directory Manager':    
    Created 'cn=Proxy User,cn=Root DNs,cn=config' 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config'privileges...Done 
    Setting replication set name .....    
    
  23. Since the replication set name has already been configured, we do not need to use the name created automatically by the Directory Proxy Server.
    This server is currently configured for replication set 'dataset1'. 
    Would you like to reconfigure this server for replication set 
    'set-1'? (yes / no) [no]:    
    
    Setting replication set name ..... Done 
    Verifying backend 'dc=example,dc=com' ..... Done
    Verifying backend 'ou=people,dc=example,dc=com' ..... Done    
    Testing 'cn=Proxy User' privileges ..... Done 
    Verifying backend 'dc=example,dc=com' ..... Done
  24. Define the other Austin and New York servers using the same procedure as in the previous example:
    Enter another server in 'austin'
    
        1) Remove austin-set1.example.com:389
        b) back
        q) quit
      
    Enter a host:port or choose a menu item [Press ENTER when 
    finished entering servers]: austin-set2.example.com:389    
    
    Assign server austin-set2.example.com:389 to handle requests 
    for one or more of the defined sets of data
    
        1) dc=example,dc=com
        2) ou=people,dc=example,dc=com; Server Set 1
        3) ou=people,dc=example,dc=com; Server Set 2
    
    Enter one or more choices separated by commas: 1,3
    
    You may choose a single entry-balanced data set with which 
    austin-set2.example.com:389 will replicate data with other    
    servers
    
        1) ou=people,dc=example,dc=com; Server Set 2
        2) None, data will not be replicated
     
    Enter choice: 1
      
    Testing connection to austin-set2.example.com:389 ....Done 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ... Denied    
    
    Would you like to create or modify root user 'cn=Proxy User,
    cn=Root DNs,cn=config' so that it is available for this 
    Directory Proxy Server? (yes / no) [yes]:    
    
    Would you like to use the previously entered manager credentials 
    to access all prepared servers? (yes / no) [yes]:    
    
    Created 'cn=Proxy User,cn=Root DNs,cn=config' 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done 
    Setting replication set name .....    
    
    This server is currently configured for replication set 'dataset2'. 
    
    Would you like to reconfigure this server for replication set 'set-2'? 
    (yes / no) [no]:    
    
    Setting replication set name ..... Done 
    Verifying backend 'dc=example,dc=com' ..... Done 
    Verifying backend 'ou=people,dc=example,dc=com' ..... Done   
    
    Enter another server in 'austin'
    
        1) Remove austin-set1.example.com:389
        2) Remove austin-set2.example.com:389
    
        b) back
        q) quit
    
    Enter a host:port or choose a menu item [Press ENTER when 
    finished entering servers]:   
    
    >>>> >>>> Location 'newyork' Details
     >>>> External Servers
    
    External Servers identify directory server instances including 
    host, port, and authentication information.    
    
    Enter the host and port (host:port) of the first directory server 
    in 'newyork':    
    
        b) back
        q) quit
      
    Enter a host:port or choose a menu item [localhost:389]: 
    newyork-set1.example.com:389  
    
    Assign server newyork-set1.example.com:389 to handle requests 
    for one or more of the defined sets of data   
    
        1) dc=example,dc=com
        2) ou=people,dc=example,dc=com; Server Set 1
        3) ou=people,dc=example,dc=com; Server Set 2
     
    Enter one or more choices separated by commas: 1,2
     
    You may choose a single entry-balanced data set with which 
    newyork-set1.example.com:389 will replicate data with other servers   
    
        1) ou=people,dc=example,dc=com; Server Set 1
        2) None, data will not be replicated
     
    Enter choice: 1
      
    Testing connection to newyork-set1.example.com:389 ....Done 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ... Denied    
    
    Would you like to create or modify root user 'cn=Proxy User,
    cn=Root DNs,cn=config' so that it is available for this 
    Directory Proxy Server? (yes / no) [yes]:    
    
    Created 'cn=Proxy User,cn=Root DNs,cn=config' 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done 
    Setting replication set name .....    
    
    This server is currently configured for replication set 'dataset1'. 
    
    Would you like to reconfigure this server for replication set 
    'set-1'? (yes / no) [no]:    
    
    Setting replication set name ..... Done 
    Verifying backend 'dc=example,dc=com' ..... Done
    Verifying backend 'ou=people,dc=example,dc=com' ..... Done   
    
    Enter another server in 'newyork'
    
        1) Remove newyork-set1.example.com:389
        b) back
        q) quit
      
    Enter a host:port or choose a menu item [Press ENTER when 
    finished entering servers]: newyork-set2.example.com:389    
    
    Assign server newyork-set2.example.com:389 to handle requests 
    for one or more of the defined sets of data:    
    
        1) dc=example,dc=com
        2) ou=people,dc=example,dc=com; Server Set 1
        3) ou=people,dc=example,dc=com; Server Set 2
     
    Enter one or more choices separated by commas: 1,3
      
    You may choose a single entry-balanced data set with which 
    new-york-set2.example.com:389 will replicate data with other servers   
    
        1) ou=people,dc=example,dc=com; Server Set 2
        2) None, data will not be replicated
     
    Enter choice: 1
      
    Testing connection to newyork-set2.example.com:389 ..... Done 
    Testing 'cn=Proxy User,cn=Root DNs,cn=config' access.... Denied    
    
    Would you like to create or modify root user 'cn=Proxy User,
    cn=Root DNs,cn=config' so that it is available for this Directory 
    Proxy Server? (yes / no) [yes]:    
    
    Created 'cn=Proxy User,cn=Root DNs,cn=config' Testing 
    'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done
    Setting replication set name .....    
    
    This server is currently configured for replication set 'dataset2'. 
    Would you like to reconfigure this server for replication 
    set 'set-2'? (yes / no) [no]:    
    
    Setting replication set name ..... Done 
    Verifying backend 'dc=example,dc=com' ..... Done 
    Verifying backend 'ou=people,dc=example,dc=com' ..... Done   
    
    Enter another server in 'newyork'
    
        1)Remove newyork-set1.example.com:389
        2)Remove newyork-set2.example.com:389
    
        b)back
        q)quit
    
    Enter a host:port or choose a menu item [Press ENTER when
    finished entering servers]:
    
    >>>> >>>> Configuration Summary
    
      External Server Security: None 
      Proxy User DN: cn=Proxy User,cn=Root DNs,cn=config     
      Location austin
        Failover Order: newyork
        Servers: austin-set1.example.com:389,
                 austin-set2.example.com:389
      Location newyork
        Failover Order: austin
        Servers: newyork-set1.example.com:389,
                 newyork-set2.example.com:389
      Base DN: dc=example,dc=com
        Servers: austin-set1.example.com:389,
                 austin-set2.example.com:389,
                 newyork-set1.example.com:389,
                 newyork-set2.example.com:389
      Base DN:vou=people,dc=example,dc=com 
        Entry Balancing Base: ou=people,dc=example,dc=com 
        Server Set 1: austin-set1.example.com:389,                     
                      newyork-set1.example.com:389
        Server Set 2: austin-set2.example.com:389,
                      newyork-set2.example.com:389
        Index Attributes: uid (primed,unique)
        Prime RDN Index: Yes
    
        NOTE: The Directory Proxy Server must be restarted after 
        this tool has completed to have index priming take place          
    
           b) back
           q) quit
           w) write configuration
     
        Enter choice [w]
        >>>> Write Configuration
      
        The configuration will be written to a 'dsconfig' batch 
        file that can be used to configure other Directory Proxy Servers.
    
        Writing Directory Proxy Server configuration to /proxy/dps-cfg.txt.....Done    
  25. Enter yes to apply our configuration changes to the Directory Proxy Server.
    Apply these configuration changes to the local Directory Proxy 
    Server? (yes /no) [yes]:    
    
    How do you want to connect to the Directory Proxy Server on localhost?     
    
        1) LDAP
        2) LDAP with SSL
        3) LDAP with StartTLS
    
    Enter choice [1]:
    
    Administrator user bind DN [cn=Directory Manager]:
    Password for user 'cn=Directory Manager':
    Creating Locations ..... Done
    Updating Failover Locations ..... Done
    Updating Global Configuration ..... Done
    Creating Health Checks ..... Done
    Creating External Servers ..... Done
    Creating Load-Balancing Algorithm for dc=example,dc=com .... Done
    Creating Request Processor for dc=example,dc=com ..... Done
    Creating Subtree View for dc=example,dc=com ..... Done
    Updating Client Connection Policy for dc=example,dc=com ..... Done
    Creating Load-Balancing Algorithm for ou=people,dc=example,dc=com; Server Set 1 ..... Done
    Creating Request Processor for ou=people,dc=example,dc=com; Server Set 1...Done    
    Creating Load-Balancing Algorithm for ou=people,dc=example,dc=com; Server Set 2 .... Done
    Creating Request Processor for ou=people,dc=example,dc=com; Server Set 2...Done      
    Creating Entry Balancing Request Processor for ou=people,dc=example,dc=com ..... Done
    Creating Placement Algorithm for ou=people,dc=example,dc=com .... Done
    Creating Global Attribute Indexes for ou=people,dc=example,dc=com ..... Done
    Creating Subtree View for ou=people,dc=example,dc=com ..... Done
    Updating Client Connection Policy for ou=people,dc=example,dc=com ..... Done
       
    See /logs/create-initial-proxy-config.log for a detailed log of this operation
               
    To see basic server configuration status and configuration you can launch /bin/status