Prepare the external directory servers,
ds-central-02, by creating the proxy
user account and the supporting access rules.
Connect to the
ds-central-01 PingDirectory Server using StartTLS. Because you are using
StartTLS, you must capture the
ds-central-01 server’s certificate and
put it in the trust store on your Directory Proxy Server
The prepare-external-server tool is located in the
bin or bat directory of the server root
directory, PingDirectory. In this example, run the tool on the
ds-east-01 instance of the Directory Proxy Server.
Run the prepare-external-server tool to prepare the two new
On the first attempted bind to the server, the tool reports a failed to bind message because it can't bind to the cn=Proxy User entry because it hasn't been created yet. The tool sets up the cn=Proxy User entry so that the Directory Proxy Server can access it and tests the communication settings to the server.
root@proxy-east-01: ./prepare-external-server \ --hostname ds-central-01.example.com --port 389 \ --baseDN dc=example,dc=com \ --proxyBindPassword password \ --useStartTLS \ --proxyTrustStorePath ../config/ExampleTruststore.jks Failed to bind as ‘cn=Proxy User’ Would you like to create or modify root user ‘cn=Proxy User” so that it is available for this Directory Proxy Server? (yes / no)[yes]: Enter the DN of an account on ds-central-01:389 with which to create or manage the ‘cn=Proxy User’ account [cn=Directory Manager]: Enter the password for ‘cn=Directory Manager’: Created ‘cn=Proxy User,cn=Root DNs,cn=config’ Testing ‘cn=Proxy User’ privileges ....Done
Repeat the process on the other new server in the central location,
For entry-balancing deployments, the global base distinguished name (DN) is required when using prepare-external-server.