DS 7.1.7

Install DS for AM CTS

  1. Before proceeding, install the server files.
    For details, see Unpack Files.

  2. Run the appropriate setup command with the --profile am-cts option.

    Installation settings depend on AM token expiration and session capability requirements:

    1. AM reaper manages all token expiration:

      $ /path/to/opendj/setup \
       --deploymentKey $DEPLOYMENT_KEY \
       --deploymentKeyPassword password \
       --rootUserDN uid=admin \
       --rootUserPassword str0ngAdm1nPa55word \
       --monitorUserPassword str0ngMon1torPa55word \
       --hostname ds.example.com \
       --adminConnectorPort 4444 \
       --ldapPort 1389 \
       --enableStartTls \
       --ldapsPort 1636 \
       --httpsPort 8443 \
       --replicationPort 8989 \
       --bootstrapReplicationServer rs1.example.com:8989 \
       --bootstrapReplicationServer rs2.example.com:8989 \
       --profile am-cts \
       --set am-cts/amCtsAdminPassword:5up35tr0ng \
       --acceptLicense
    2. AM reaper manages only SESSION token expiration:

      $ /path/to/opendj/setup \
       --deploymentKey $DEPLOYMENT_KEY \
       --deploymentKeyPassword password \
       --rootUserDN uid=admin \
       --rootUserPassword str0ngAdm1nPa55word \
       --monitorUserPassword str0ngMon1torPa55word \
       --hostname ds.example.com \
       --adminConnectorPort 4444 \
       --ldapPort 1389 \
       --enableStartTls \
       --ldapsPort 1636 \
       --httpsPort 8443 \
       --replicationPort 8989 \
       --bootstrapReplicationServer rs1.example.com:8989 \
       --bootstrapReplicationServer rs2.example.com:8989 \
       --profile am-cts \
       --set am-cts/amCtsAdminPassword:5up35tr0ng \
       --set am-cts/tokenExpirationPolicy:am-sessions-only \
       --acceptLicense
    3. DS manages all token expiration:

      $ /path/to/opendj/setup \
       --deploymentKey $DEPLOYMENT_KEY \
       --deploymentKeyPassword password \
       --rootUserDN uid=admin \
       --rootUserPassword str0ngAdm1nPa55word \
       --monitorUserPassword str0ngMon1torPa55word \
       --hostname ds.example.com \
       --adminConnectorPort 4444 \
       --ldapPort 1389 \
       --enableStartTls \
       --ldapsPort 1636 \
       --httpsPort 8443 \
       --replicationPort 8989 \
       --bootstrapReplicationServer rs1.example.com:8989 \
       --bootstrapReplicationServer rs2.example.com:8989 \
       --profile am-cts \
       --set am-cts/amCtsAdminPassword:5up35tr0ng \
       --set am-cts/tokenExpirationPolicy:ds \
       --acceptLicense

      For details about the mechanism DS uses to expire tokens, see Entry Expiration.

      In each of the preceding example commands:

      • The deployment key for installing the server is stored in the environment variable DEPLOYMENT_KEY. Install all servers in the same deployment with the same deployment key and deployment key password. For details, read Key Management.

      • The service account to use in AM when connecting to DS has:

        • Bind DN: uid=openam_cts,ou=admins,ou=famrecords,ou=openam-session,ou=tokens.

        • Password: The password you set with am-cts/amCtsAdminPassword.

      • The base DN for AM CTS tokens is ou=famrecords,ou=openam-session,ou=tokens.

      • The am-cts profile excludes the base DN from change number indexing.

    For the full list of profiles and parameters, see Default Setup Profiles.

  3. Finish configuring the server before you start it.

    For a list of optional steps at this stage, see Install DS for Custom Cases.

  4. Start the server:

    $ /path/to/opendj/bin/start-ds
Copyright © 2010-2023 ForgeRock, all rights reserved.