For additional changes, use the dsconfig
tool. For proxy installation and configuration details, see the PingDirectoryProxy
Server Administration Guide.
-
From the PingDirectoryProxy Server root directory, run the
prepare-external-server command to set up the
cn=Proxy User
account for access to the backend directory servers. The server tests the connection and creates thecn=Proxy User
account.$ bin/prepare-external-server --no-prompt \ --hostname ldap-west-01.example.com \ --port 389 --bindDN "cn=Directory Manager" \ --bindPassword password \ --proxyBindDN "cn=Proxy User,cn=Root DNs,cn=config" \ --proxyBindPassword pass \ --baseDN "dc=example,dc=com"
- Repeat step 1 for any other directory server instances.
-
Run the dsconfig command to define the external servers and
their types. For this example, round-robin load balancing algorithms are
defined, which do not require health checks or locations to be specified.
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-01 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-01.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-02 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-02.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server \ --server-name ldap-west-03 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-03.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-external-server --server-name ldap-west-04 \ --type "ping-identity-ds" \ --set "server-host-name:ldap-west-04.example.com" \ --set "server-port:389" \ --set "bind-dn:cn=Proxy User" \ --set "password:password" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Create a load-balancing algorithm for each backend set.
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-1" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-01" \ --set "backend-server:ldap-west-02" \ --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-load-balancing-algorithm \ --algorithm-name "test-lba-2" \ --type "round-robin" --set "enabled:true" \ --set "backend-server:ldap-west-03" --set "backend-server:ldap-west-04" --set "use-location:false" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Configure the proxying request processors, one for each load-balanced directory
server set. A request processor provides the logic to either process the
operation directly, forward the request to another server, or hand off the
request to another request processor.
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-1" --type "proxying" \ --set "load-balancing-algorithm:test-lba-1" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
$ bin/dsconfig --no-prompt create-request-processor \ --processor-name "proxying-processor-2" --type "proxying" \ --set "load-balancing-algorithm:test-lba-2" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define an entry-balancing request processor. This request processor is used to
distribute entries under a common parent entry among multiple backend sets. A
backend set is a collection of replicated directory servers that contain
identical portions of the data. Multiple proxying request processors are used to
process operations.
Next, define the placement algorithm, which selects the server set to use for new add operations to create new entries. In this example, a round-robin placement algorithm forwards LDAP add requests to backend sets.
$ bin/dsconfig --no-prompt create-placement-algorithm \ --processor-name "entry-balancing-processor" \ --algorithm-name "round-robin-placement" \ --set "enabled:true" \ --type "round-robin" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Define the subtree view that specifies the base DN for the entire
deployment.
$ bin/dsconfig --no-prompt create-subtree-view \ --view-name "test-view" \ --set "base-dn:dc=example,dc=com" \ --set "request-processor: entry-balancing-processor" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd
-
Finally, define a client connection policy that specifies how the client
connects to the proxy server.
$ bin/dsconfig --no-prompt set-client-connection-policy-prop \ --policy-name "default" \ --add "subtree-view:test-view" \ --bindDN "cn=Directory Manager" \ --bindPassword pxy-pwd