Directory Services 7.4.3

Install DS for platform identities

Use this profile when setting up DS as an identity repository and user data store for AM alone or shared with IDM in a ForgeRock Identity Platform deployment. It includes the additional LDAP schema and indexes required to store the identities:

When AM and IDM share multiple DS replicas for identities:

  1. Before proceeding, install the server files.
    For details, refer to Unpack files.

  2. Run the setup command with the --profile am-identity-store option:

    $ /path/to/opendj/setup \
     --deploymentId $DEPLOYMENT_ID \
     --deploymentIdPassword password \
     --rootUserDN uid=admin \
     --rootUserPassword str0ngAdm1nPa55word \
     --monitorUserPassword str0ngMon1torPa55word \
     --hostname ds.example.com \
     --adminConnectorPort 4444 \
     --ldapPort 1389 \
     --enableStartTls \
     --ldapsPort 1636 \
     --httpsPort 8443 \
     --replicationPort 8989 \
     --bootstrapReplicationServer rs1.example.com:8989 \
     --bootstrapReplicationServer rs2.example.com:8989 \
     --profile am-identity-store \
     --set am-identity-store/amIdentityStoreAdminPassword:5up35tr0ng \
     --acceptLicense
    • The deployment ID for installing the server is stored in the environment variable DEPLOYMENT_ID. Install all servers in the same deployment with the same deployment ID and deployment ID password. For details, read Deployment IDs.

    • The service account to use in AM when connecting to DS has:

      • Bind DN: uid=am-identity-bind-account,ou=admins,ou=identities.

      • Password: The password you set with am-identity-store/amIdentityStoreAdminPassword.

    • The base DN for AM identities is ou=identities.

    For the full list of profiles and parameters, refer to Default setup profiles.

  3. Finish configuring the server before you start it.

    For a list of optional steps at this stage, refer to Install DS for custom cases.

  4. Start the server:

    $ /path/to/opendj/bin/start-ds