Install DS for user data
This profile includes indexes for inetOrgPerson entries.
It is not intended for deployments with AM or IDM identities.
It does not include the additional LDAP schema and indexes required to store AM identities. To set up a user data store for AM or for sharing between AM and IDM, refer to Install DS for platform identities instead.
To import generated sample user data, refer to Install DS for evaluation instead:
-
Generate a deployment ID unless you already have one:
$ /path/to/opendj/bin/dskeymgr create-deployment-id --deploymentIdPassword password your-deployment-idSave the deployment ID and its deployment password. Keep the ID and the password safe, and keep the password secret. Use the same deployment ID and password for all the servers in the same environment.
About deployment IDs
A deployment ID is a random string generated using the
dskeymgrcommand. It is a deployment identifier, not a key, but it is used with a password to generate keys.A deployment ID password is a secret string at least 8 characters long that you choose.
The two are a pair. You must have the deployment ID password to use the deployment ID.
Each deployment requires a single, unique deployment ID and its password. DS uses the pair to:
-
Protect the keys to encrypt and decrypt backup files and directory data.
-
Generate the TLS key pairs to protect secure connections, unless you provide your own.
Store your deployment ID and password in a safe place, and reuse them when configuring other servers in the same deployment.
The DS
setupanddskeymgrcommands use the pair to generate the following:-
(Required) A shared master key for the deployment.
DS replicas share secret keys for data encryption and decryption. DS servers encrypt backend data, backup files, and passwords, and each replica must be able to decrypt data encrypted on another peer replica.
To avoid exposing secret keys, DS servers encrypt secret keys with a shared master key. DS software uses a deployment ID and its password to derive the master key.
-
(Optional) A private PKI for trusted, secure connections.
A PKI serves to secure network connections from clients and other DS servers. The PKI is a trust network, requiring trust in the CA that signs public key certificates.
Building a PKI can be complex. You can use self-signed certificates, but you must distribute each certificate to each server and client application. You can pay an existing CA to sign certificates, but that has a cost, and leaves control of trust with a third party. You can set up a CA or certificate management software, but that can be a significant effort and cost. As a shortcut to setting up a private CA, DS software uses deployment IDs and passwords.
DS software uses the deployment ID and its password to generate key pairs without storing the CA private key.
Learn more in Deployment IDs.
-
-
Set the deployment ID as the value of the environment variable,
DEPLOYMENT_ID:$ export DEPLOYMENT_ID=your-deployment-idExamples in the documentation show this environment variable as a reminder to use your own deployment ID.
-
Run the
setupcommand with the--profile ds-user-dataoption:$ /path/to/opendj/setup \ --deploymentId $DEPLOYMENT_ID \ --deploymentIdPassword password \ --rootUserDN uid=admin \ --rootUserPassword str0ngAdm1nPa55word \ --monitorUserPassword str0ngMon1torPa55word \ --hostname ds.example.com \ --adminConnectorPort 4444 \ --ldapPort 1389 \ --enableStartTls \ --ldapsPort 1636 \ --httpsPort 8443 \ --replicationPort 8989 \ --bootstrapReplicationServer rs1.example.com:8989 \ --bootstrapReplicationServer rs2.example.com:8989 \ --profile ds-user-data \ --set ds-user-data/baseDn:dc=example,dc=com \ --set ds-user-data/ldifFile:/tmp/user-data.ldif \ --acceptLicenseIn this example, the
/tmp/user-data.ldiffile contains the user data entries to import. This is just a placeholder. When you run the command, replace it with your LDIF file containing your own user data.-
The deployment ID for installing the server is stored in the environment variable
DEPLOYMENT_ID. Install all servers in the same deployment with the same deployment ID and deployment ID password. For details, read Deployment IDs. -
The data is stored in the
userDatabackend.
For the full list of profiles and parameters, refer to Default setup profiles.
-
-
Finish configuring the server before you start it.
For a list of optional steps at this stage, refer to Install DS for custom cases.
-
Start the server:
$ /path/to/opendj/bin/start-ds
This setup profile creates the following indexes for user data:
| Index | Approx. | Equality | Ordering | Presence | Substring | Entry Limit |
|---|---|---|---|---|---|---|
|
- |
- |
- |
Yes |
- |
4000 |
|
- |
Yes |
- |
- |
Yes |
4000 |
|
Non-configurable internal index |
|||||
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
- |
Yes |
- |
- |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
Yes |
4000 |
|
Non-configurable internal index |
|||||
|
Non-configurable internal index |
|||||
|
- |
Yes |
- |
- |
Yes |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
Yes |
4000 |
|
- |
Yes |
- |
- |
Yes |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |
|
- |
Yes |
- |
- |
- |
4000 |