Install DS for AM CTS
Before proceeding, install the server files as described in Unpack Files.
Run the appropriate setup command with the
--profile am-cts
option.Installation settings depend on AM token expiration and session capability requirements:
AM reaper manages all token expiration:
$
/path/to/opendj/setup \ --deploymentKey $DEPLOYMENT_KEY \ --deploymentKeyPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --monitorUserPassword str0ngMon1torPa55word \ --hostname ds.example.com \ --adminConnectorPort 4444 \ --ldapPort 1389 \ --enableStartTls \ --ldapsPort 1636 \ --httpsPort 8443 \ --replicationPort 8989 \ --bootstrapReplicationServer rs1.example.com:8989 \ --bootstrapReplicationServer rs2.example.com:8989 \ --profile am-cts \ --set am-cts/amCtsAdminPassword:5up35tr0ng \ --acceptLicense
AM reaper manages only SESSION token expiration:
$
/path/to/opendj/setup \ --deploymentKey $DEPLOYMENT_KEY \ --deploymentKeyPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --monitorUserPassword str0ngMon1torPa55word \ --hostname ds.example.com \ --adminConnectorPort 4444 \ --ldapPort 1389 \ --enableStartTls \ --ldapsPort 1636 \ --httpsPort 8443 \ --replicationPort 8989 \ --bootstrapReplicationServer rs1.example.com:8989 \ --bootstrapReplicationServer rs2.example.com:8989 \ --profile am-cts \ --set am-cts/amCtsAdminPassword:5up35tr0ng \ --set am-cts/tokenExpirationPolicy:am-sessions-only \ --acceptLicense
DS manages all token expiration:
$
/path/to/opendj/setup \ --deploymentKey $DEPLOYMENT_KEY \ --deploymentKeyPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --monitorUserPassword str0ngMon1torPa55word \ --hostname ds.example.com \ --adminConnectorPort 4444 \ --ldapPort 1389 \ --enableStartTls \ --ldapsPort 1636 \ --httpsPort 8443 \ --replicationPort 8989 \ --bootstrapReplicationServer rs1.example.com:8989 \ --bootstrapReplicationServer rs2.example.com:8989 \ --profile am-cts \ --set am-cts/amCtsAdminPassword:5up35tr0ng \ --set am-cts/tokenExpirationPolicy:ds \ --acceptLicense
For details about the mechanism DS uses to expire tokens, see "Entry Expiration".
In each of the preceding example commands:
The deployment key for installing the server is stored in the environment variable
DEPLOYMENT_KEY
. Install all servers in the same deployment with the same deployment key and deployment key password. For details, read "Key Management".The service account to use in AM when connecting to DS has:
Bind DN:
uid=openam_cts,ou=admins,ou=famrecords,ou=openam-session,ou=tokens
.Password: The password you set with
am-cts/amCtsAdminPassword
.
The base DN for AM CTS tokens is
ou=famrecords,ou=openam-session,ou=tokens
.The
am-cts
profile excludes the base DN from change number indexing.
For the full list of profiles and parameters, see "Default Setup Profiles".
(Optional) Finish configuring the server before you start it.
For a list of optional steps at this stage, see Install DS for Custom Cases.
Start the server:
$
/path/to/opendj/bin/start-ds