UnboundID Identity Proxy Command-Line Tool Reference

Identity Proxy Documentation Index
Command-Line Tool Reference Home

prepare-external-server

Description

Prepare Identity Proxy and a directory server for communication.

This tool performs several functions that update a directory server to be used as an external server by the Identity Proxy. If you use the create-initial-proxy-config tool to define and prepare directory server instances use of this tool is unnecessary.

Among other functions, this tool creates the proxy user account, sets the correct password, and configures the account with required privileges. If necessary you are prompted for manager credentials in order that the tool can perform any required modifications to the external server.

When using this tool, specify the LDAP connection options to establish a connection to the external server. Other options are used to specify information about the Identity Proxy which this tool uses to configure the external server.

If a secure connection will be used by Identity Proxy to communicate with the external server you can supply the path and password of the trust store to have this tool populate the Identity Proxy's trust store with the server certificate of the external server.

Examples

Prepares the directory server on the remote host and listening on port 1389 for access by the proxy to use the default user account 'cn=Proxy User,cn=Root DNs,cn=config' with the specified base DN:

prepare-external-server --hostname server.example.com --port 1389 \
     --proxyBindPassword password --baseDN dc=example,dc=com

Prepares the directory server on the remote host and listening on port 1636 for access by the proxy to use the default user account 'cn=Proxy User,cn=Root DNs,cn=config' with the specified base DN. In anticipation of the proxy being configured for SSL-based communication with this external server, the server's trusted certificate will be placed in the trust store:

prepare-external-server --hostname server.example.com --port 1636 --useSSL \
     --proxyBindPassword password --proxyTrustStorePath /path/to/truststore \
     --proxyTrustStorePasswordFile /path/to/pin/file --baseDN dc=example,dc=com

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description

Display Identity Proxy version information

-H
--help

Description

Display general usage information

--help-ldap

Description

Display help for using LDAP options

--help-sasl

Description

Display help for using SASL options

--help-debug

Description	Display help for using debug options
Advanced	Yes

-Z
--useSSL

Description

Use SSL for secure communication with the server

-q
--useStartTLS

Description

Use StartTLS to secure communication with the server

--useNoSecurity

Description

Use no security when communicating with the server

-D {bindDN}
--bindDN {bindDN}

Description	DN used to bind to the server
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

-w {bindPassword}
--bindPassword {bindPassword}

Description	Password used to bind to the server
Required	No
Multi-Valued	No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description	Bind password file
Required	No
Multi-Valued	No

-X
--trustAll

Description

Trust all server SSL certificates

-h {host}
--hostname {host}

Description	External server hostname or IP address
Default Value	localhost
Required	No
Multi-Valued	No

-p {port}
--port {port}

Description	External server port number
Default Value	389
Required	No
Multi-Valued	No

-n
--no-prompt

Description

Perform an installation in non-interactive mode. If some data in the command is missing, you will not be prompted and the tool will fail

-Q
--quiet

Description

Use quiet mode

--proxyBindDN {bindDN}

Description	Proxy user account DN
Default Value	cn=Proxy User,cn=Root DNs,cn=config
Required	No
Multi-Valued	No

--proxyBindPassword {bindPassword}

Description	Proxy user account password
Required	Yes
Multi-Valued	No

--baseDN {baseDN}

Description	DN of the server serving as a base DN for the proxy server
Required	Yes
Multi-Valued	Yes

--replicationSetName {setName}

Description	The name of the replication set to which this server will be assigned when configuring a server for entry balancing
Required	No
Multi-Valued	No

--proxyTrustStorePath {trustStorePath}

Description	Path to the Identity Proxy's trust store
Required	No
Multi-Valued	No

--proxyTrustStorePassword {trustStorePassword}

Description	Password to the Identity Proxy's trust store
Required	No
Multi-Valued	No

--proxyTrustStorePasswordFile {path}

Description	Path to file containing the password for the Identity Proxy's trust store
Required	No
Multi-Valued	No