Install DS for platform identities
Use this profile when setting up DS as an identity repository and user data store for AM alone or shared with IDM in a ForgeRock Identity Platform deployment. It includes the additional LDAP schema and indexes required to store the identities:
|
When AM and IDM share multiple DS replicas for identities:
|
-
Before proceeding, install the server files.
For details, refer to Unpack files. -
Run the
setupcommand with the--profile am-identity-storeoption:$ /path/to/opendj/setup \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --monitorUserPassword str0ngMon1torPa55word \ --hostname ds.example.com \ --adminConnectorPort 4444 \ --ldapPort 1389 \ --enableStartTls \ --ldapsPort 1636 \ --httpsPort 8443 \ --replicationPort 8989 \ --bootstrapReplicationServer rs1.example.com:8989 \ --bootstrapReplicationServer rs2.example.com:8989 \ --profile am-identity-store \ --set am-identity-store/amIdentityStoreAdminPassword:5up35tr0ng \ --acceptLicense-
The deployment ID for installing the server is stored in the environment variable
DEPLOYMENT_ID. Install all servers in the same deployment with the same deployment ID and deployment ID password. For details, read Deployment IDs. -
The service account to use in AM when connecting to DS has:
-
Bind DN:
uid=am-identity-bind-account,ou=admins,ou=identities. -
Password: The password you set with
am-identity-store/amIdentityStoreAdminPassword.
-
-
The base DN for AM identities is
ou=identities.
For the full list of profiles and parameters, refer to Default setup profiles.
-
-
Finish configuring the server before you start it.
For a list of optional steps at this stage, refer to Install DS for custom cases.
-
Start the server:
$ /path/to/opendj/bin/start-ds