PingDirectory

Installing the PingDirectory server in non-interactive mode

Run the setup command in non-interactive mode to automate the installation process using a script or to run the command directly from the command line.

Non-interactive mode is useful when setting up production or QA servers with specific configuration requirements.

The non-interactive command-line mode requires that all mandatory options be present for each command call. If there are missing or incorrect arguments, the setup tool fails and aborts the process. You must also use a --no-prompt option to suppress interactive output, except for errors, when running in non-interactive mode. Additionally, you must also use the --acceptLicense option and specify the port using the --ldapPort or --ldapsPort option. If neither option is specified, an error message is displayed. To view the license, run the bin/review-license command.

To automatically tune the Java virtual machine (JVM) to use maximum memory, use the --maxHeapSize {memory} option. To preload the database at startup, use the --primeDB option.

To configure a deployment using a truststore, see Installing the PingDirectory server in non-interactive mode with a truststore.

To see a description of the available command-line options for the setup tool, use setup --help.

Installing the PingDirectory server in non-interactive mode

Install a PingDirectory server in a production or QA environment with no security enabled.

Steps

  • Extract the distribution .zip file, review “Before You Begin”, and then use setup with the --no-prompt option for non-interactive mode from the <server-root> directory.

    The following command uses the default root user distinguished name (DN) (cn=Directory Manager) with the specified --rootUserPassword option. You must include the --acceptLicense option or the setup generates an error message. The --instancename option specifies the name for the server instance and should be unique across all instances in the topology. The --location option specifies the name of the location in which the instance will be installed. You should generally configure your topology with a separate location for each data center to allow inter-server communication to prioritize servers in the same location over those in remote locations.

    Example:

    $ ./setup --no-prompt --rootUserPassword "password" \
      --baseDN "dc=example,dc=com" --acceptLicense --ldapPort 389 \
      --instancename Instance1 --location Location1

Installing the PingDirectory server in non-interactive mode with a truststore

You can set up the PingDirectory server using an existing truststore for secure communication. This section assumes that you have an existing keystore and truststore with trusted certificates.

About this task

Steps

  • Unzip the distribution .zip file, review Before you begin, and then, from the server root directory, use setup with the --no-prompt option for non-interactive mode. The following example enables security using both SSL and StartTLS. It also specifies a JKS keystore and truststore that define the server certificate and trusted CA. The userRoot database contents will remain empty and the base DN entry will not be created.

    Example:

    $ ./setup --no-prompt --rootUserPassword "password" \
      --baseDN "dc=example,dc=com" --ldapPort 389 --enableStartTLS \
      --ldapsPort 636 --useJavaKeystore config/keystore.jks \
      --keyStorePasswordFile config/keystore.pin \
      --certNickName server-cert --useJavaTrustStore config/truststore.jks \
      --acceptLicense --instancename Instance1 --location Location1

    The password to the private key with the keystore is expected to be the same as the password to the keystore. If this is not the case, the private key password can be defined with the administrative console or the dsconfig tool by editing the Trust Manager Provider standard configuration object.