Install DS for Custom Cases

Follow these steps to install a DS replica with your own custom configuration:

  1. Before proceeding, install the server files.
    For details, see Unpack Files.

  2. Run the setup command with any required setup profiles.

  3. Finish configuring the server.

    Perform any of the following optional steps before starting the server.

    Use the --offline option with commands instead of the credentials and connection information shown in many examples:

    • Add custom syntaxes and matching rules.

      For examples, see Indexes for JSON.

    • Configure password storage.
      For details, see Configure Password Policies.

      Take care to configure the password policy import plugin as well. For details on the settings, see Password Policy Import Plugin.

    • Add custom LDAP schema.

      For details, see LDAP Schema.

    • Configure one or more backends for your data.

      For details, see Create a Backend.

    • Configure indexes for the backends you configured.

      For details, see Indexes.

    • Make sure the server has the shared master key for encrypted data and backups.

      If you set up the servers with a known deployment key and password, you have nothing to do.

      If you do not know the deployment key and password, see Replace Deployment Keys.

    • Import the data from LDIF, or restore the data from backup.

      For details, see Import LDIF, or Restore.

  4. Start the server:

    $ /path/to/opendj/bin/start-ds

When you start the server, it generates initial state identifiers (generation IDs) for its replicated base DNs. If you perform the above configuration steps on replicas separately after starting them, their generation IDs can be out of sync.

When generation IDs do not match on different replicas for a particular base DN, DS must assume that the replicas do not have the same data. As a result, replication cannot proceed. To fix the mismatch of this replica’s generation IDs with other replicas, stop the server and clear all replication data:

$ /path/to/opendj/bin/stop-ds
$ /path/to/opendj/bin/dsrepl clear-changelog

Clearing the changelog before all the changes have been sent to other replication servers can cause you to lose data.

Use the dsrepl clear-changelog command only when initially setting up the replica, unless specifically instructed to do so by a qualified ForgeRock technical support engineer.

Complete any further configuration necessary while the replica is stopped to align it with other replicas. When you start the replica again with the start-ds command, other replication servers update it with the data needed to resume replication.

For details on replication, see Replication.