Installing the PingDirectory server in non-interactive mode
Run the setup
command in non-interactive mode to automate the installation process using a script or to run the command directly from the command line.
Non-interactive mode is useful when setting up production or QA servers with specific configuration requirements.
The non-interactive command-line mode requires that all mandatory options be present for each command call. If there are missing or incorrect arguments, the setup
tool fails and aborts the process. You must also use a --no-prompt
option to suppress interactive output, except for errors, when running in non-interactive mode. Additionally, you must also use the --acceptLicense
option and specify the port using the --ldapPort
or --ldapsPort
option. If neither option is specified, an error message is displayed. To view the license, run the bin/review-license
command.
To automatically tune the Java virtual machine (JVM) to use maximum memory, use the --maxHeapSize
{memory} option. To preload the database at startup, use the --primeDB
option.
To configure a deployment using a truststore, see Installing the PingDirectory server in non-interactive mode with a truststore.
To see a description of the available command-line options for the setup
tool, use setup --help
.
Installing the PingDirectory server in non-interactive mode
Install a PingDirectory server in a production or QA environment with no security enabled.
Steps
-
Extract the distribution
.zip
file, review “Before You Begin”, and then usesetup
with the--no-prompt
option for non-interactive mode from the<server-root>
directory.The following command uses the default root user distinguished name (DN) (cn=Directory Manager) with the specified
--rootUserPassword
option. You must include the--acceptLicense
option or the setup generates an error message. The--instancename
option specifies the name for the server instance and should be unique across all instances in the topology. The--location
option specifies the name of the location in which the instance will be installed. You should generally configure your topology with a separate location for each data center to allow inter-server communication to prioritize servers in the same location over those in remote locations.Example:
$ ./setup --no-prompt --rootUserPassword "password" \ --baseDN "dc=example,dc=com" --acceptLicense --ldapPort 389 \ --instancename Instance1 --location Location1
Installing the PingDirectory server in non-interactive mode with a truststore
You can set up the PingDirectory server using an existing truststore for secure communication. This section assumes that you have an existing keystore and truststore with trusted certificates.
About this task
Steps
-
Unzip the distribution
.zip
file, review Before you begin, and then, from the server root directory, usesetup
with the--no-prompt
option for non-interactive mode. The following example enables security using both SSL and StartTLS. It also specifies a JKS keystore and truststore that define the server certificate and trusted CA. TheuserRoot
database contents will remain empty and the base DN entry will not be created.Example:
$ ./setup --no-prompt --rootUserPassword "password" \ --baseDN "dc=example,dc=com" --ldapPort 389 --enableStartTLS \ --ldapsPort 636 --useJavaKeystore config/keystore.jks \ --keyStorePasswordFile config/keystore.pin \ --certNickName server-cert --useJavaTrustStore config/truststore.jks \ --acceptLicense --instancename Instance1 --location Location1
The password to the private key with the keystore is expected to be the same as the password to the keystore. If this is not the case, the private key password can be defined with the administrative console or the
dsconfig
tool by editing the Trust Manager Provider standard configuration object.