1. Change to the server root directory.
    cd Directory Proxy Server
                   
  2. Use the setup command.
    $ ./setup
  3. Read the Ping Identity End-User License Agreement, and type yes to continue.
  4. Press Enter to accept the default of no in response to adding this new server to an existing topology.
    Would you like to add this server to an existing Directory Proxy Server topology? (yes / no) [no]:
  5. Enter the fully qualified host name for this server, or press Enter to accept the default.
  6. Create the initial root user DN for this server, or press Enter to accept the default.
  7. Enter and confirm a password for this account.
  8. To enable the Directory Proxy Server services (Configuration, Documentation, and Directory REST API) and Administrative Console over HTTPS, press Enter to accept the default. After setup, individual services can be enabled or disabled by configuring the HTTPS Connection Handler.
  9. Enter the port on which the Directory Proxy Server should accept connections from HTTPS clients, press Enter to accept the default.
  10. Enter the port on which the Directory Proxy Server should accept connections from LDAP clients, press Enter to accept the default.
  11. The next two options enable LDAPS and StartTLS. Press Enter to accept the default (yes), or type no. If either are enabled, certificate options are required. To use the Java Keystore or the PKCS#12 keystore, the keystore path and the key PIN are required. To use the PKCS#11 token, only the key PIN is required.
  12. Choose a certificate server option:
    Certificate server options:
      1) Generate self-signed certificate (recommended for testing purposes only)
      2) Use an existing certificate located on a Java Keystore (JKS)
      3) Use an existing certificate located on a PKCS#12 keystore
      4) Use an existing certificate on a PKCS#11 token
  13. Choose the desired encryption for backups and log files from the choices provided:
    • Encrypt data with a key generated from an interactively provided passphrase. Using a passphrase (obtained interactively or read from a file) is the recommended approach for new deployments, and you should use the same encryption passphrase when setting up each server in the topology.

    • Encrypt data with a key generated from a passphrase read from a file.

    • Encrypt data with a randomly generated key. This option is primarily intended for testing purposes, especially when only testing with a single instance, or if you intend to import the resulting encryption settings definition into other instances in the topology.

    • Encrypt data with an imported encryption settings definition. This option is recommended if you are adding a new instance to an existing topology that has older server instances with data encryption enabled.

    • Do not encrypt server data.

  14. To configure your Directory Proxy Server to use entry balancing, type yes, or accept the default no. In an entry balancing environment, entries immediately beneath the balancing base DN are divided into disjoint subsets. Each subset of data is handled by a separate set of one or more directory server instances, which replicate this subset of data between themselves. Choosing yes will enable more memory be allocated to the server and tools.
  15. Choose the option for the amount of memory to assign to this server.
  16. Enter an option to set up the server with the current configuration, provide new parameters, or cancel.
  17. After setup is complete, choose the next configuration option.
    This server is now ready for configuration What would you like to do?
    
       1) Start 'create-initial-proxy-config' to create a basic 
          initial configuration (recommended for new users) 
       2) Start 'dsconfig' to create a configuration from scratch 
       3) Quit           
    
    Enter choice [1]: