UnboundID Identity Broker Command-Line Tool Reference

Identity Broker Documentation Index
Command-Line Tool Reference Home

prepare-external-store

Description

Prepare an Identity Broker and an external server for for communication.

This tool can be used to update a directory or proxy server for use as a Broker Store or user store by the Identity Broker. Use of this tool is unnecessary if you use the create-initial-broker-config tool to define and prepare Broker Store and user store instances.

This tool creates the Identity Broker user account, sets the correct password, and configures the account with required privileges. It will also install the necessary schema required by the Identity Broker. If necessary, you are prompted for manager credentials so that the tool can perform any required modifications to the external server.

If a secure connection will be used by Identity Broker to communicate with the external server, you can supply the path and password of the trust store to have this tool populate it with the server certificate of the external server.

Examples

Prepares the directory server on the remote host and listening on port 1389 for access by the Identity Broker. The use of the --isBrokerStore and --isUserStore arguments imply that the target server will act as both a Broker Store and a user store:

prepare-external-store --hostname server.example.com --port 1389 \
     --bindDN "cn=Directory Manager" --bindPassword secret \
     --brokerBindDN "cn=Broker User,cn=Root DNs,cn=config" \
     --brokerBindPassword password --isBrokerStore \
     --brokerStoreBaseDN "ou=Identity Broker,dc=example,dc=com" \
     --brokerAdminUID admin --brokerAdminPassword password --isUserStore \
     --userStoreBaseDN ou=people,dc=example,dc=com

Prepares the directory server on the remote host and listening on port 1636 for access by the Identity Broker. In anticipation of the Identity Broker being configured for SSL-based communication with this external server, the target server's trusted certificate will be placed in the local trust store:

prepare-external-store --hostname server.example.com --port 1636 --useSSL \
     --brokerBindPassword password --brokerTrustStorePath config/truststore \
     --brokerTrustStorePasswordFile config/truststore.pin --isUserStore \
     --userStoreBaseDN ou=people,dc=example,dc=com

Prepares the directory server that is currently serving as a Broker Store, updating the schema and data so they are current with this version of the Identity Broker:

prepare-external-store --hostname server.example.com --port 1636 --useSSL \
     --isBrokerStore --brokerStoreBaseDN "ou=Identity Broker,dc=example,dc=com" \
     --update

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description

Display Identity Broker version information

-H
--help

Description

Display general usage information

--help-ldap

Description

Display help for using LDAP options

--help-sasl

Description

Display help for using SASL options

--help-debug

Description	Display help for using debug options
Advanced	Yes

-Z
--useSSL

Description

Use SSL for secure communication with the server

-q
--useStartTLS

Description

Use StartTLS to secure communication with the server

--useNoSecurity

Description

Use no security when communicating with the server

-D {bindDN}
--bindDN {bindDN}

Description	DN used to bind to the server
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

-w {bindPassword}
--bindPassword {bindPassword}

Description	Password used to bind to the server
Required	No
Multi-Valued	No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description	Bind password file
Required	No
Multi-Valued	No

-X
--trustAll

Description

Trust all server SSL certificates

-h {host}
--hostname {host}

Description	External server hostname or IP address
Default Value	localhost
Required	No
Multi-Valued	No

-p {port}
--port {port}

Description	External server port number
Default Value	389
Required	No
Multi-Valued	No

-n
--no-prompt

Description

Perform an installation in non-interactive mode. If some data in the command is missing, you will not be prompted and the tool will fail

-Q
--quiet

Description

Use quiet mode

--brokerBindDN {bindDN}

Description	User account DN used by this Identity Broker to access the server to be prepared
Default Value	cn=Broker User,cn=Root DNs,cn=config
Required	No
Multi-Valued	No

--brokerBindPassword {bindPassword}

Description	User account password used by this Identity Broker to access the server to be prepared
Required	No
Multi-Valued	No

--brokerBindPasswordFile {bindPasswordFile}

Description	Path to file containing the user account password used by this Identity Broker to access the server to be prepared
Required	No
Multi-Valued	No

--brokerStoreBaseDN {baseDN}

Description	Base DN under which the Broker Store data will be stored
Required	No
Multi-Valued	No

--userStoreBaseDN {baseDN}

Description	Base DN under which user entries are stored
Required	No
Multi-Valued	No

--isBrokerStore

Description

Indicates that the target server will act as a Broker Store

--isUserStore

Description

Indicates that the target server will act as a user store

--skipBrokerStoreInitialization

Description

Skip Broker Store initialization. Use this option when preparing a server whose Broker Store has been initialized through some other means such as replication

--update

Description

Update an existing Broker Store so that it is compatible with this version of the Identity Broker

--brokerAdminUID {uid}

Description	The UID of the Identity Broker administrative user entry to be created in the user store to be used by REST clients such as the broker-admin tool and Identity Broker Console for managing the Broker Store
Required	No
Multi-Valued	No

--brokerAdminPassword {bindPassword}

Description	The password for the Identity Broker administrative user
Required	No
Multi-Valued	No

--brokerAdminPasswordFile {bindPasswordFile}

Description	The file containing the password of the Identity Broker administrative user
Required	No
Multi-Valued	Yes

--propertiesFilePath {propertiesFilePath}

Description	Path to the file that contains default property values used for command-line arguments
Required	No
Multi-Valued	No

--noPropertiesFile

Description

Specify that no properties file will be used to get default command-line argument values

--brokerTrustStorePath {trustStorePath}

Description	Path to the trust store which contains certificates for the external servers that are configured in this Identity Broker
Required	No
Multi-Valued	No

--brokerTrustStorePassword {trustStorePassword}

Description	Password for the specified trust store. A trust store password is required in order for this tool to add the prepared server's certificate to the Identity Broker trust store
Required	No
Multi-Valued	No

--brokerTrustStorePasswordFile {path}

Description	Path to file containing the password for the specified trust store. A trust store password is required in order for this tool to add the prepared server's certificate to the Identity Broker trust store
Required	No
Multi-Valued	No