After the Directory Proxy Server has been installed, it can be automatically configured using the create-initial-proxy-config tool.
This tool can only be used once for this initial configuration after which you will have to use dsconfig to make any changes to the Directory Proxy Server configuration.
-
Run the create-initial-proxy-config tool.
root@austin-proxy1: ./bin/create-initial-proxy-config
-
If the topology meets the requirements, press Enter to continue.
Some assumptions are made about the topology to keep this tool simple: 1) all servers will be accessible via a single user account 2) all servers support the same communication security type 3) all servers are PingDirectory Servers If your topology does not have these characteristics you can use this tool to define a basic configuration and then use the 'dsconfig' tool or the Administrative Console to fine tune the configuration. Would you like to continue? (yes / no) [yes]:
-
Provide the external server access credentials.
All of the proxies have identical proxy user accounts and passwords.
Enter the DN of the proxy user account [cn=Proxy User,cn=Root DNs,cn=config]: Enter the password for 'cn=Proxy User,cn=Root DNs,cn=config': Confirm the password for 'cn=Proxy User,cn=Root DNs,cn=config':
- Specify the type of security that the Directory Proxy Server will use to communicate with Directory Servers.
- Enter a base distinguished name (DN) of the Directory Server instances that will be accessed by the Directory Proxy Server.
-
Define the balancing point as a separate base DN, which is entry balanced.
Enter another base DN of the directory server instances that will be accessed through the Directory Proxy Server: 1)Remove dc=example,dc=com b)back q)quit Enter a DN or choose a menu item [Press ENTER when finished entering base DNs]: ou=people,dc=example,dc=com Are entries within 'ou=people,dc=example,dc=com' split across multiple servers so that each server stores only a subset of the entries (i.e. is this base DN 'entry balanced')? (yes / no) [no]: yes
-
Because the data in
ou=people,dc=example,dc=com
will be split across two backend sets, enter 2 to specify that the data will be balanced across two sets of servers.Across how many sets of servers is the data balanced? c) cancel creating ou=people,dc=example,dc=com q) quit Enter a number greater than one or choose a menu item: 2
-
Because the balancing point is the same as the base DN,
ou=people,dc=example,dc=com
, use it as the entry balancing base.>>>> Entry Balancing Base The entry balancing base DN specifies the entry below which the data is balanced. Entries not below this entry must be duplicated in all the server sets. If all the entries in the base DN are distributed the entry balancing base DN is the same as the base DN. c) cancel creating ou=people,dc=example,dc=com b) back q) quit Enter the entry balancing base DN or choose a menu item [ou=people,dc=example,dc=com]: ou=people,dc=example,dc=com
-
To improve the performance for equality search filters referencing the
uid
attribute, create auid
global index. Enter yes to add a new attribute to the global index. -
Specify the
uid
attribute.Enter attributes that you would like to add to the global index: c)cancel creating ou=people,dc=example,dc=com b)back q)quit Enter an attribute name or choose a menu item [Press ENTER when finished entering index attributes]: uid
-
To optimize Directory Proxy Server performance from the moment
it starts accepting connections, enter the number corresponding to
Yes, and all subsequent attributes
. - Press Enter to finish specifying index attributes.
-
Press Enter to enable relative distinguished name (RDN) index priming.
Would you like to enable RDN index priming for 'ou=people,dc=example,dc=com'? (yes / no) [yes]:
-
Press Enter to finish specifying base DNs.
Enter another base DN of the directory server instances that will be accessed through the Directory Proxy Server: 1) Remove dc=example,dc=com 2) Remove ou=people,dc=example,dc=com (distributed) b) back q) quit Enter a DN or choose a menu item [Press ENTER when finished entering base DNs]:
-
The external servers are spread among two locations, New York and Austin. Define
austin as the location of this Directory Proxy Server
instance.
A good rule of thumb when naming locations is to use the name of your data centers or the cities containing them. b) back q) quit Enter a location name or choose a menu item: austin 1) Remove austin b) back q) quit
-
Define the newyork location.
Enter another location name or choose a menu item [Press ENTER when finished entering locations]: newyork 1) Remove austin 2) Remove newyork b) back q) quit Enter another location name or choose a menu item [Press ENTER when finished entering locations]:
-
Select the austin location for this Directory Proxy Server
instance.
Choose the location for this Directory Proxy Server 1) austin 2) newyork b) back q) quit Enter choice [1]:
-
Specify the LDAP external server instances associated with this location.
Enter the host and port (host:port) of the first directory server in 'austin' b) back q) quit Enter a host:port or choose a menu item [localhost:389]: austin-set1.example.com:389
-
Specify that the
austin-set1
server can handle requests from the global domain and from set 1 restricted domain.Assign server austin-set1.example.com:389 to handle requests for one or more of the defined sets of data: 1) dc=example,dc=com 2) ou=people,dc=example,dc=com; Server Set 1 3) ou=people,dc=example,dc=com; Server Set 2 Enter one or more choices separated by commas: 1,2
-
Enter the number corresponding to
Yes, and all subsequent servers
to prepare the server for access by the Directory Proxy Server.Would you like to prepare austin-set1.example.com:389 for access by the Directory Proxy Server? 1)Yes 2)No 3)Yes, and all subsequent servers 4)No, and all subsequent servers Enter choice [3]:
-
Select the entry-balanced data set that the
austin-set1
server replicates with other servers.You may choose a single entry-balanced data set with which austin-set1.example.com:389 will replicate data with other servers 1) ou=people,dc=example,dc=com; Server Set 1 2) None, data will not be replicated Enter choice: 1 Testing connection to austin-set1.example.com:389 ..... Done Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ....Denied
-
Modify the root user for use by the Directory Proxy Server,
specifying the directory manager password for the initial creation of the proxy
user.
Would you like to create or modify root user 'cn=Proxy User, cn=Root DNs,cn=config' so that it is available for this Directory Proxy Server? (yes / no) [yes]: Enter the DN of an account on austin-set1.example.com:389 with which to create or manage the 'cn=Proxy User,cn=Root DNs, cn=config' account and configuration [cn=Directory Manager]: Enter the password for 'cn=Directory Manager': Created 'cn=Proxy User,cn=Root DNs,cn=config' Testing 'cn=Proxy User,cn=Root DNs,cn=config'privileges...Done Setting replication set name .....
-
Because the replication set name has already been configured, you do not need to
use the name created automatically by the Directory Proxy Server.
This server is currently configured for replication set 'dataset1'. Would you like to reconfigure this server for replication set 'set-1'? (yes / no) [no]: Setting replication set name ..... Done Verifying backend 'dc=example,dc=com' ..... Done Verifying backend 'ou=people,dc=example,dc=com' ..... Done Testing 'cn=Proxy User' privileges ..... Done Verifying backend 'dc=example,dc=com' ..... Done
-
Define the other Austin and New York servers using the same procedure in steps
17-24.
Enter another server in 'austin' 1) Remove austin-set1.example.com:389 b) back q) quit Enter a host:port or choose a menu item [Press ENTER when finished entering servers]: austin-set2.example.com:389 Assign server austin-set2.example.com:389 to handle requests for one or more of the defined sets of data 1) dc=example,dc=com 2) ou=people,dc=example,dc=com; Server Set 1 3) ou=people,dc=example,dc=com; Server Set 2 Enter one or more choices separated by commas: 1,3 You may choose a single entry-balanced data set with which austin-set2.example.com:389 will replicate data with other servers 1) ou=people,dc=example,dc=com; Server Set 2 2) None, data will not be replicated Enter choice: 1 Testing connection to austin-set2.example.com:389 ....Done Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ... Denied Would you like to create or modify root user 'cn=Proxy User, cn=Root DNs,cn=config' so that it is available for this Directory Proxy Server? (yes / no) [yes]: Would you like to use the previously entered manager credentials to access all prepared servers? (yes / no) [yes]: Created 'cn=Proxy User,cn=Root DNs,cn=config' Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done Setting replication set name ..... This server is currently configured for replication set 'dataset2'. Would you like to reconfigure this server for replication set 'set-2'? (yes / no) [no]: Setting replication set name ..... Done Verifying backend 'dc=example,dc=com' ..... Done Verifying backend 'ou=people,dc=example,dc=com' ..... Done Enter another server in 'austin' 1) Remove austin-set1.example.com:389 2) Remove austin-set2.example.com:389 b) back q) quit Enter a host:port or choose a menu item [Press ENTER when finished entering servers]: >>>> >>>> Location 'newyork' Details >>>> External Servers External Servers identify directory server instances including host, port, and authentication information. Enter the host and port (host:port) of the first directory server in 'newyork': b) back q) quit Enter a host:port or choose a menu item [localhost:389]: newyork-set1.example.com:389 Assign server newyork-set1.example.com:389 to handle requests for one or more of the defined sets of data 1) dc=example,dc=com 2) ou=people,dc=example,dc=com; Server Set 1 3) ou=people,dc=example,dc=com; Server Set 2 Enter one or more choices separated by commas: 1,2 You may choose a single entry-balanced data set with which newyork-set1.example.com:389 will replicate data with other servers 1) ou=people,dc=example,dc=com; Server Set 1 2) None, data will not be replicated Enter choice: 1 Testing connection to newyork-set1.example.com:389 ....Done Testing 'cn=Proxy User,cn=Root DNs,cn=config' access ... Denied Would you like to create or modify root user 'cn=Proxy User, cn=Root DNs,cn=config' so that it is available for this Directory Proxy Server? (yes / no) [yes]: Created 'cn=Proxy User,cn=Root DNs,cn=config' Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done Setting replication set name ..... This server is currently configured for replication set 'dataset1'. Would you like to reconfigure this server for replication set 'set-1'? (yes / no) [no]: Setting replication set name ..... Done Verifying backend 'dc=example,dc=com' ..... Done Verifying backend 'ou=people,dc=example,dc=com' ..... Done Enter another server in 'newyork' 1) Remove newyork-set1.example.com:389 b) back q) quit Enter a host:port or choose a menu item [Press ENTER when finished entering servers]: newyork-set2.example.com:389 Assign server newyork-set2.example.com:389 to handle requests for one or more of the defined sets of data: 1) dc=example,dc=com 2) ou=people,dc=example,dc=com; Server Set 1 3) ou=people,dc=example,dc=com; Server Set 2 Enter one or more choices separated by commas: 1,3 You may choose a single entry-balanced data set with which new-york-set2.example.com:389 will replicate data with other servers 1) ou=people,dc=example,dc=com; Server Set 2 2) None, data will not be replicated Enter choice: 1 Testing connection to newyork-set2.example.com:389 ..... Done Testing 'cn=Proxy User,cn=Root DNs,cn=config' access.... Denied Would you like to create or modify root user 'cn=Proxy User, cn=Root DNs,cn=config' so that it is available for this Directory Proxy Server? (yes / no) [yes]: Created 'cn=Proxy User,cn=Root DNs,cn=config' Testing 'cn=Proxy User,cn=Root DNs,cn=config' privileges...Done Setting replication set name ..... This server is currently configured for replication set 'dataset2'. Would you like to reconfigure this server for replication set 'set-2'? (yes / no) [no]: Setting replication set name ..... Done Verifying backend 'dc=example,dc=com' ..... Done Verifying backend 'ou=people,dc=example,dc=com' ..... Done Enter another server in 'newyork' 1)Remove newyork-set1.example.com:389 2)Remove newyork-set2.example.com:389 b)back q)quit Enter a host:port or choose a menu item [Press ENTER when finished entering servers]: >>>> >>>> Configuration Summary External Server Security: None Proxy User DN: cn=Proxy User,cn=Root DNs,cn=config Location austin Failover Order: newyork Servers: austin-set1.example.com:389, austin-set2.example.com:389 Location newyork Failover Order: austin Servers: newyork-set1.example.com:389, newyork-set2.example.com:389 Base DN: dc=example,dc=com Servers: austin-set1.example.com:389, austin-set2.example.com:389, newyork-set1.example.com:389, newyork-set2.example.com:389 Base DN:vou=people,dc=example,dc=com Entry Balancing Base: ou=people,dc=example,dc=com Server Set 1: austin-set1.example.com:389, newyork-set1.example.com:389 Server Set 2: austin-set2.example.com:389, newyork-set2.example.com:389 Index Attributes: uid (primed,unique) Prime RDN Index: Yes NOTE: The Directory Proxy Server must be restarted after this tool has completed to have index priming take place b) back q) quit w) write configuration Enter choice [w] >>>> Write Configuration The configuration will be written to a 'dsconfig' batch file that can be used to configure other Directory Proxy Servers. Writing Directory Proxy Server configuration to /proxy/dps-cfg.txt.....Done
-
To apply the configuration changes to the Directory Proxy Serverenter yes.
Apply these configuration changes to the local Directory Proxy Server? (yes /no) [yes]: How do you want to connect to the Directory Proxy Server on localhost? 1) LDAP 2) LDAP with SSL 3) LDAP with StartTLS Enter choice [1]: Administrator user bind DN [cn=Directory Manager]: Password for user 'cn=Directory Manager': Creating Locations ..... Done Updating Failover Locations ..... Done Updating Global Configuration ..... Done Creating Health Checks ..... Done Creating External Servers ..... Done Creating Load-Balancing Algorithm for dc=example,dc=com .... Done Creating Request Processor for dc=example,dc=com ..... Done Creating Subtree View for dc=example,dc=com ..... Done Updating Client Connection Policy for dc=example,dc=com ..... Done Creating Load-Balancing Algorithm for ou=people,dc=example,dc=com; Server Set 1 ..... Done Creating Request Processor for ou=people,dc=example,dc=com; Server Set 1...Done Creating Load-Balancing Algorithm for ou=people,dc=example,dc=com; Server Set 2 .... Done Creating Request Processor for ou=people,dc=example,dc=com; Server Set 2...Done Creating Entry Balancing Request Processor for ou=people,dc=example,dc=com ..... Done Creating Placement Algorithm for ou=people,dc=example,dc=com .... Done Creating Global Attribute Indexes for ou=people,dc=example,dc=com ..... Done Creating Subtree View for ou=people,dc=example,dc=com ..... Done Updating Client Connection Policy for ou=people,dc=example,dc=com ..... Done See /logs/create-initial-proxy-config.log for a detailed log of this operation To see basic server configuration status and configuration you can launch /bin/status