Install DS as an IDM repository
When IDM uses multiple DS replicas, configure IDM for failover. |
-
Before proceeding, install the server files.
For details, refer to Unpack files. -
Run the
setup
command with the--profile idm-repo
option:$ /path/to/opendj/setup \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --hostname localhost \ --adminConnectorPort 34444 \ --ldapPort 31389 \ --enableStartTls \ --profile idm-repo \ --set idm-repo/domain:forgerock.com \ --acceptLicense
-
The deployment ID for installing the server is stored in the environment variable
DEPLOYMENT_ID
. Install all servers in the same deployment with the same deployment ID and deployment ID password. For details, read Deployment IDs. -
The administrative account to use in IDM when connecting to DS has:
-
Bind DN: The DN set with the
--rootUserDN
option. -
Password: The password set with the
--rootUserPassword
option.
-
-
The base DN for IDM data is
dc=openidm,dc=forgerock,dc=com
.AM and IDM expect exclusive access to the data in each setup profile. Keep the data separate by using distinct base DNs and domains for each setup profile. Don’t accidentally mix the data by choosing a base DN under another base DN.
-
IDM requires change number indexing with the default settings.
For the full list of profiles and parameters, refer to Default setup profiles.
-
-
Finish configuring the server before you start it.
For a list of optional steps at this stage, refer to Install DS for custom cases.
-
If all access to DS goes through IDM, IDM manages password policy.
In this case, relax the default password policy settings:
$ dsconfig \ set-password-policy-prop \ --policy-name "Default Password Policy" \ --reset password-validator \ --offline \ --no-prompt $ dsconfig \ set-password-policy-prop \ --policy-name "Root Password Policy" \ --reset password-validator \ --offline \ --no-prompt
-
Start the server:
$ /path/to/opendj/bin/start-ds