Create an initial Identity Broker configuration.
This tool is used to generate a basic Identity Broker configuration. You will be asked to identify one or more UnboundID Identity Data Store instances that will store policy definitions, application registry, and identity service configuration. You can also identify one or more UnboundID Identity Data Store instances where you currently store or intend to store user entries. The UnboundID Identity Proxy is also supported as both a Broker Store and user store proxy.
This tool will configure both the local server and the Broker Store to be shared by other Identity Broker instances. For each Broker Store server identified, an account for Identity Broker access will be created, schema will be updated to allow the storage of Identity Broker operational data, and an initial administrative account will be defined for managing the Broker Store. This tool will also update the schema for each LDAP user store server identified to support additional information for each user entry.
Before configuring the Identity Broker, you should have set up one or more Identity Data Store instances to serve as the Broker Store. You can use a Broker Store server as a user store. If you intend to use a separate Identity Data Store as a user store, make sure that you have access to this server as well.
create-initial-broker-config --hostname idbroker.example.com --port 1389 \
--bindDN "cn=Directory Manager" --bindPassword password
-V
--version
| Description | Display Identity Broker version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
--useNoSecurity
| Description | Use no security when communicating with the server |
-h {host}
--hostname {host}
| Description | Fully qualified host name or IP address of the local Identity Broker |
| Default Value | localhost |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | Identity Broker port number |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-D {bindDN}
--bindDN {bindDN}
| Description | DN used to bind to the server |
| Default Value | cn=Directory Manager |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | Password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | Bind password file |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
-X
--trustAll
| Description | Trust all server SSL certificates |
-P {trustStorePath}
--trustStorePath {trustStorePath}
| Description | Certificate trust store path |
| Required | No |
| Multi-Valued | No |
-T {trustStorePassword}
--trustStorePassword {trustStorePassword}
| Description | Certificate trust store PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate trust store PIN file |
| Required | No |
| Multi-Valued | No |
-K {keyStorePath}
--keyStorePath {keyStorePath}
| Description | Certificate key store path |
| Required | No |
| Multi-Valued | No |
-W {keyStorePassword}
--keyStorePassword {keyStorePassword}
| Description | Certificate key store PIN |
| Required | No |
| Multi-Valued | No |
-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}
| Description | Certificate key store PIN file |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
| Description | Use script-friendly mode |
--brokerTrustStorePath {trustStorePath}
| Description | Path to the trust store which contains certificates for the external servers that are configured in this Identity Broker |
| Required | No |
| Multi-Valued | No |
--brokerTrustStorePassword {trustStorePassword}
| Description | Password for the specified trust store. A trust store password is required in order for this tool to add the prepared server's certificate to the Identity Broker trust store |
| Required | No |
| Multi-Valued | No |
--brokerTrustStorePasswordFile {path}
| Description | Path to file containing the password for the specified trust store. A trust store password is required in order for this tool to add the prepared server's certificate to the Identity Broker trust store |
| Required | No |
| Multi-Valued | No |