Once the Directory Proxy Server has been installed, it can be automatically configured using the create-initial-proxy-config tool. This tool can only be used once for this initial configuration, after which we will have to use dsconfig to make any changes to our proxy server configuration.

Configuring the Directory Proxy Server with the create-initial-proxy-config tool involves the following steps:
  • Providing a Directory Proxy Server base DN and password.
  • Defining locations for each of our data centers, east and west.
  • Configuring the LDAP external server in the east location.
  • Configuring the LDAP external servers in the west location.
  • Applying the changes to the Directory Proxy Server.
  1. Once we have completed setup, we run the create-initial-proxy-config tool as follows:
    root@proxy-east01: bin/create-initial-proxy-config
  2. Provide the bind DN and password that the Directory Proxy Server will use to authenticate to the backend PingDirectory Server instances. The create-initial-proxy-config tool requires that the same bind DN and password be used to authenticate to all of the backend servers. All Directory Proxy Server instances have identical proxy user accounts and passwords. If necessary, the proxy user account password can be defined differently for each external server using dsconfig after the create-initial-proxy-config tool has been executed.
  3. Specify the type of external server communication security that will be used to communicate with the PingDirectory Server instances. For this example, enter the option for 'None'.
  4. Specify the base DNs of the PingDirectory Server instances that the Directory Proxy Server will access. For this example, use dc=example,dc=com.
  5. Enter any other base DNs of the PingDirectory Server instances that will be accessed through the proxy server. Because we are only using one proxy base DN, press Enter to finished.