Create an initial PingAuthorize Server configuration.
This tool is used to create a basic PingAuthorize Server configuration, and features both interactive and non-interactive modes for specifying one or more Ping Identity Directory Server instances (user stores) where you currently store, or intend to store, user entries. This tool will generate a dsconfig batch script that can be used to create external servers, a load-balancing algorithm, a store adapter, and a SCIM Resource Type. You may specify whether or not to have this tool perform the server configuration using the script.
In interactive mode, you will be prompted whether or not you would like to prepare user store server instances for access by the PingAuthorize Server. When used in non-interactive mode, you must prepare the servers separately using the prepare-external-store tool.
create-initial-config --port 1389 --bindDN "cn=Directory Manager" \
--bindPassword password
create-initial-config --no-prompt --port 1389 --bindDN "cn=Directory Manager" \
--bindPassword password --governanceBindPassword password \
--externalServerConnectionSecurity useSSL \
--userStoreBaseDN ou=people,dc=example,dc=com \
--userStore ds1.example.com:1636:Houston \
--userStore ds2.example.com:1636:Dallas
-V
--version
| Description | Display PingAuthorize Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
--governanceTrustStorePath {truststorePath}
| Description | Path to the truststore to which this tool should add the prepared server's certificate. You must also specify a password to the truststore |
| Required | No |
| Multi-Valued | No |
--governanceTrustStorePassword {truststorePassword}
| Description | Password for the specified truststore. A truststore password is required in order for this tool to add the prepared server's certificate to the PingAuthorize Server truststore |
| Required | No |
| Multi-Valued | No |
--governanceTrustStorePasswordFile {path}
| Description | Path to file containing the password for the specified truststore. A truststore password is required in order for this tool to add the prepared server's certificate to the PingAuthorize Server truststore |
| Required | No |
| Multi-Valued | No |
--governanceBindDN {bindDN}
| Description | User account DN to be used by this PingAuthorize Server to access external user store servers |
| Default Value | cn=Authorize User,cn=Root DNs,cn=config |
| Required | No |
| Multi-Valued | No |
--governanceBindPassword {bindPassword}
| Description | User account password to be used by this PingAuthorize Server to access external user store servers |
| Required | No |
| Multi-Valued | No |
--governanceBindPasswordFile {bindPasswordFile}
| Description | Path to file containing the user account password to be used by this PingAuthorize Server to access external user store servers |
| Required | No |
| Multi-Valued | No |
--externalServerConnectionSecurity {connectionSecurityOption}
| Description | Type of security the PingAuthorize Server will use when connecting to external servers. Must be one of [noSecurity,useSSL,useStartTLS] |
| Allowed Values |
noSecurity useSSL useStartTLS |
| Required | No |
| Multi-Valued | No |
--userStore {host:port[:location]}
| Description | Colon-separated host name, LDAP/LDAPS port, and optional location of a user store server. If unspecified, the location will be configured to be the same location configured for the PingAuthorize Server |
| Required | No |
| Multi-Valued | Yes |
--userStoreBaseDN {baseDN}
| Description | Base DN under which user entries are stored |
| Required | No |
| Multi-Valued | No |
--userObjectClass {objectClass}
| Description | Structural object class used to represent user entries in the user store. May only be used with an --initialSchema value of 'none' or 'pass-through' |
| Default Value | inetOrgPerson |
| Required | No |
| Multi-Valued | No |
--initialSchema {schema}
| Description | Specifies which initial schema and mappings to use for the PingAuthorize Server. Must be one of [none,pass-through,user] |
| Allowed Values |
none pass-through user |
| Default Value | none |
| Required | No |
| Multi-Valued | No |
--dry-run
| Description | Generate a dsconfig batch file that may be used for initial configuration, but do not apply it to the local server |
-n
--no-prompt
| Description | Configure the server in non-interactive mode. When used in this mode, this tool will require additional options. See the examples below |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
--useNoSecurity
| Description | Use no security when communicating with the server |
-h {host}
--hostname {host}
| Description | Fully qualified host name or IP address of the local PingAuthorize Server |
| Default Value | localhost |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | PingAuthorize Server port number |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-D {bindDN}
--bindDN {bindDN}
| Description | DN used to bind to the server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | Password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | Bind password file |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
-X
--trustAll
| Description | Trust all server SSL certificates |
-P {truststorePath}
--trustStorePath {truststorePath}
| Description | Certificate truststore path |
| Default Value | /home/centos/workspace/Core-Release-Pipeline/build/package/PingAuthorize/config/truststore |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Certificate truststore PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate truststore PIN file |
| Required | No |
| Multi-Valued | No |
--trustStoreFormat {trustStoreFormat}
| Description | Certificate truststore format |
| Required | No |
| Multi-Valued | No |
-K {keystorePath}
--keyStorePath {keystorePath}
| Description | Certificate keystore path |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore PIN |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore PIN file |
| Required | No |
| Multi-Valued | No |
--keyStoreFormat {keyStoreFormat}
| Description | Certificate keystore format |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
| Description | Use script-friendly mode |