The setup tool automatically chooses the maximum heap size. You can manually tune the maximum amount of memory devoted to the server’s process heap using the --maxHeapSize option. The --maxHeapSize argument is only valid if the --entryBalancing or --aggressiveJVMTuning options are also present.

For example, use the --aggressiveJVMTuning option to set the maximum amount of memory used by the Directory Proxy Server and tools as follows.

--aggressiveJVMTuning --maxHeapSize 256m

If you are using entry balancing, tune the amount of memory devoted to the Directory Proxy Server using the --entryBalancing option as follows.

--entryBalancing --maxHeapSize 1g

The amount of memory allowed when using the --entryBalancing option is calculated and depends on the amount of system memory available. If you are using entry balancing and also want the tools to get more memory, include both the --entryBalancing and the --aggressiveJVMTuning options.

--entryBalancing --aggressiveJVMTuning --maxHeapSize 1g

If you already configured a truststore, you can run the setup tool to enable security. The following example enables both SSL and StartTLS security. It also specifies a Java Keystore (JKS) and Truststore that define the server certificate and trusted CA. The passwords for the keystore files are defined in the corresponding .pin files, where the password is written on the first line of the file. The values in the .pin files are copied to the server-root/config directory in the file.

$ env JAVA_HOME=/ds/java ./setup --cli \
   --no-prompt --rootUserDN "cn=Directory Manager" \
   --rootUserPassword "password" --ldapPort 389 \
   --enableStartTLS --ldapsPort 636 \
   --useJavaKeystore /path/to/devkeystore.jks \
   --keyStorePasswordFile /path/to/ \
   --certNickName server-cert \
   --useJavaTrustStore /path/to/devtruststore.jks \
   --trustStorePasswordFile /path/to/ \

The password to the private key within the keystore is expected to be the same as the password to the keystore. If this is not the case, you can define the private key password within the Administrative Console or dsconfig by editing the Trust Manager Provider standard configuration object.

  • Run setup with the --no-prompt option.

    The command uses the default root user distinguished name (DN) (cn=Director Manager) with the specified --rootUserPassword option. You must include the --acceptLicense, --instanceName, and --location options or the setup tool will generate an error message.

    $ env JAVA_HOME=/ds/java ./setup --no-prompt \ 
    --rootUserDN "cn=Directory Manager" \
    --rootUserPassword "password" --ldapPort 389 \ 
    --acceptLicense \
    --instanceName ds1 --location Denver