DS 7.4.2

Install DS for platform identities

Use this profile when setting up DS as an identity repository and user data store for AM alone or shared with IDM in a ForgeRock Identity Platform deployment. It includes the additional LDAP schema and indexes required to store the identities:

When AM and IDM share multiple DS replicas for identities:

  1. Before proceeding, install the server files.
    For details, refer to Unpack files.

  2. Run the setup command with the --profile am-identity-store option:

    $ /path/to/opendj/setup \
     --deploymentId $DEPLOYMENT_ID \
     --deploymentIdPassword password \
     --rootUserDN uid=admin \
     --rootUserPassword str0ngAdm1nPa55word \
     --monitorUserPassword str0ngMon1torPa55word \
     --hostname ds.example.com \
     --adminConnectorPort 4444 \
     --ldapPort 1389 \
     --enableStartTls \
     --ldapsPort 1636 \
     --httpsPort 8443 \
     --replicationPort 8989 \
     --bootstrapReplicationServer rs1.example.com:8989 \
     --bootstrapReplicationServer rs2.example.com:8989 \
     --profile am-identity-store \
     --set am-identity-store/amIdentityStoreAdminPassword:5up35tr0ng \
    • The deployment ID for installing the server is stored in the environment variable DEPLOYMENT_ID. Install all servers in the same deployment with the same deployment ID and deployment ID password. For details, read Deployment IDs.

    • The service account to use in AM when connecting to DS has:

      • Bind DN: uid=am-identity-bind-account,ou=admins,ou=identities.

      • Password: The password you set with am-identity-store/amIdentityStoreAdminPassword.

    • The base DN for AM identities is ou=identities.

    For the full list of profiles and parameters, refer to Default setup profiles.

  3. Finish configuring the server before you start it.

    For a list of optional steps at this stage, refer to Install DS for custom cases.

  4. Start the server:

    $ /path/to/opendj/bin/start-ds
Copyright © 2010-2024 ForgeRock, all rights reserved.