The tool create-initial-proxy-configcan only be used once for this initial configuration, after which you must use dsconfig to make any changes to your proxy server configuration.

Configuring the PingDirectoryProxy server with the create-initial-proxy-config tool involves the following steps:

  • Providing PingDirectoryProxy server base distinguished name (DN) and password.
  • Defining locations for each of our data centers, east and west.
  • Configuring the LDAP external server in the east location.
  • Configuring the LDAP external servers in the west location.
  • Applying the changes to the PingDirectoryProxy server.
  1. After completing setup, run the create-initial-proxy-config tool.
    root@proxy-east01: bin/create-initial-proxy-config
  2. Provide the bind DN and password that the PingDirectoryProxy server will use to authenticate to the backend PingDirectory server instances.

    The create-initial-proxy-config tool requires that the same bind DN and password be used to authenticate to all of the backend servers. All PingDirectoryProxy server instances have identical proxy user accounts and passwords. If necessary, the proxy user account password can be defined differently for each external server using dsconfig after the create-initial-proxy-config tool has been executed.

  3. Specify the type of external server communication security that will be used to communicate with the PingDirectory server instances.

    For this example, enter the option for None.

  4. Specify the base DNs of the PingDirectory server instances that the PingDirectoryProxy server will access.

    For this example, use dc=example,dc=com.

  5. Enter any other base DNs of the PingDirectory server instances that will be accessed through the proxy server.

    Because you are only using one proxy base DN, press Enter to finish.