<?xml version="1.0" encoding="UTF-8"?>
<!--
! CCPL HEADER START
!
! This work is licensed under the Creative Commons
! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
! To view a copy of this license, visit
! http://creativecommons.org/licenses/by-nc-nd/3.0/
! or send a letter to Creative Commons, 444 Castro Street,
! Suite 900, Mountain View, California, 94041, USA.
!
! You can also obtain a copy of the license at
! trunk/opendj3/legal-notices/CC-BY-NC-ND.txt.
! See the License for the specific language governing permissions
! and limitations under the License.
!
! If applicable, add the following below this CCPL HEADER, with the fields
! enclosed by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CCPL HEADER END
!
! Copyright 2011-2012 ForgeRock AS
! Portions Copyright 2013 Jens Elkner
!
-->
<refentry xml:id="setup-1" xmlns="http://docbook.org/ns/docbook" version="5.0"
xml:lang="en" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include href="common.xml" xpointer='xpointer(//info[@name="info"])'/>
<refmeta>
<refentrytitle><application>setup</application></refentrytitle>
<xi:include href="common.xml" xpointer='xpointer(//manvolnum[@name="v1m"])'/>
</refmeta>
<refnamediv>
<refname><application>setup</application></refname>
<refpurpose>install OpenDJ directory server</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>setup</command>
<arg>-i</arg>
<arg>-O</arg>
<arg>-b <replaceable class="parameter">baseDN</replaceable></arg>
<arg>-a</arg>
<arg>-d <replaceable class="parameter">num</replaceable></arg>
<arg>-l <replaceable class="parameter">file</replaceable></arg>
<arg>--skipFile <replaceable class="parameter">file</replaceable></arg>
<arg>-R <replaceable class="parameter">file</replaceable></arg>
<sbr/><sbr/>
<arg>-h <replaceable class="parameter">host</replaceable></arg>
<arg>-p <replaceable class="parameter">port</replaceable></arg>
<arg>-q</arg>
<arg>-Z <replaceable class="parameter">port</replaceable></arg>
<arg>--generateSelfSignedCertificate</arg>
<arg>--adminConnectorPort <replaceable class="parameter">port</replaceable></arg>
<arg>-x <replaceable class="parameter">port</replaceable></arg>
<arg>-S</arg>
<arg>-D <replaceable class="parameter">rootDN</replaceable></arg>
<arg>-w <replaceable class="parameter">rootPassWord</replaceable></arg>
<arg>-j <replaceable class="parameter">rootPassFile</replaceable></arg>
<arg>-N <replaceable class="parameter">certNickname</replaceable></arg>
<arg>-W <replaceable class="parameter">keystorePassWord</replaceable> </arg>
<arg>-u <replaceable class="parameter">keystorePassFile</replaceable></arg>
<arg>--useJavaKeystore <replaceable>file</replaceable></arg>
<arg>--useJCEKS <replaceable>ksPath</replaceable></arg>
<arg>--usePkcs11Keystore</arg>
<arg>--usePkcs12keyStore <replaceable>ksPath</replaceable></arg>
<sbr/><sbr/>
<arg>-n</arg>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="s-props"]/*)'/>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="s-misc"]/*[@name="sc-quiet"
or @name="sc-verbose"])'/>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="s-general"]/*)'/>
</cmdsynopsis>
</refsynopsisdiv>
<refsection>
<title>Description</title>
<para>
This utility can be used to setup the directory server.
</para>
<para os="solaris">
As described in <citerefentry><refentrytitle>opendj</refentrytitle><manvolnum
>5</manvolnum></citerefentry> this utility will use the value of the
<varname>INSTANCE_ROOT</varname> environment variable as the data instance
directory to operate on. If this variable is not yet set, it gets initialized
with the value of the service property <constant>config/datadir</constant> from
the SMF service denoted by the environment variable <varname>SMF_FMRI</varname>.
(default: <constant>network/ldap/opendj@VERS@:default</constant>) if this
utility got started either by the user <constant>ldapd</constant> or an user
having the "OpenDJ Admin" RBAC profile assigned. Otherwise it gets initialized
to <varname>$HOME</varname>/opendj .
</para>
<para os="solaris">
So if you want OpenDJ to use a different instance data directory, set the
<varname>SMF_FMRI</varname> environment variable to the FMRI (name) of the
corresponding service, change its <constant>config/datadir</constant> property
to the intended directory (must be owned by user <constant>ldapd</constant>)
and run this utility again. If you do not want to run OpenDJ as a system service,
just setting <constant>INSTANCE_ROOT</constant> and running the utility not
as user <constant>ldapd</constant> and without "OpenDJ Admin" privileges would
be sufficient.
</para>
<para os="solaris">
Once setup has been run successfully, you should enable the corresponding
service using <citerefentry>
<refentrytitle>svcadm</refentrytitle><manvolnum>1M</manvolnum>
</citerefentry> and let SMF handle starting it up/shutting it down on reboot
automatically (unless you do not intent to run it as a system service).
</para>
<para os="linux;bsd">
As described in <citerefentry><refentrytitle>opendj</refentrytitle><manvolnum
>5</manvolnum></citerefentry> this utility will use the value of the
<varname>INSTANCE_ROOT</varname> environment variable as the data instance
directory to operate on. If this variable is not yet set, it gets initialized
to <constant>/var/share/ldap/opendj</constant> if the utility is running as user
<constant>ldapd</constant>, to <varname>$HOME</varname>/opendj otherwise.
</para>
<para os="linux;bsd">
Once setup has been run successfully, you may create a service run control
script using <citerefentry><refentrytitle
>create-rc-script</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
</refsection>
<refsection>
<title>Options</title>
<para>
The following options are supported.
</para>
<variablelist>
<varlistentry>
<term><option>-i, --cli</option></term>
<listitem>
<para>
Use the command line install. If not specified the graphical interface will be
launched. The rest of the options (excluding help and version) will only be
taken into account if this option is specified.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-O, --doNotStart</option></term>
<listitem>
<para>
Do not start the server when the configuration is completed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-b, --baseDN</option> <replaceable
class="parameter">baseDN</replaceable></term>
<listitem>
<para>
Base DN for user information in the directory server. Multiple base DNs may be
provided by using this option multiple times (Default: dc=example,dc=com).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-a, --addBaseEntry</option></term>
<listitem>
<para>
Indicates whether to create the base entry in the directory server database.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-d, --sampleData</option> <replaceable
class="parameter">numEntries</replaceable></term>
<listitem>
<para>
Specifies that the database should be populated with the specified number of
sample entries (Default: 0).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-l, --ldifFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Path to an LDIF file containing data that should be added to the directory
server database. Multiple LDIF files may be provided by using this option
multiple times.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--skipFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Write skipped entries to the specified file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-R, --rejectFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Write rejected entries to the specified file.
</para>
</listitem>
</varlistentry>
</variablelist>
<refsection>
<title>Connection Options</title>
<variablelist>
<varlistentry>
<term><option>-h, --hostname</option> <replaceable
class="parameter">host</replaceable></term>
<listitem>
<para>
The fully-qualified directory server host name that will be used when generating
self-signed certificates for LDAP SSL/StartTLS, the administration connector,
and replication (Default: `hostname`).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p, --ldapPort</option> <replaceable
class="parameter">port</replaceable></term>
<listitem>
<para>
Port on which the Directory Server should listen for LDAP communication (Default:
389).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-q, --enableStartTLS</option></term>
<listitem>
<para>
Enable StartTLS to allow secure communication with the server using the LDAP port.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-Z, --ldapsPort</option> <replaceable
class="parameter">port</replaceable></term>
<listitem>
<para>
Port on which the Directory Server should listen for LDAPS communication. The
LDAPS port will be configured and SSL will be enabled only if this argument is
explicitly specified (Default: 636).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--generateSelfSignedCertificate</option></term>
<listitem>
<para>
Generate a self-signed certificate that the server should use when accepting
SSL-based connections or performing StartTLS negotiation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--adminConnectorPort</option> <replaceable
class="parameter">port</replaceable></term>
<listitem>
<para>
Port on which the Administration Connector should listen for communication
(Default: 4444).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-x, --jmxPort</option> <replaceable
class="parameter">port</replaceable></term>
<listitem>
<para>
Port on which the Directory Server should listen for JMX communication (Default:
1689).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-S, --skipPortCheck</option></term>
<listitem>
<para>
Skip the check to determine whether the specified ports are usable.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-D, --rootUserDN</option> <replaceable
class="parameter">DN</replaceable></term>
<listitem>
<para>
DN for the initial root user for the directory server (Default:
"cn=Directory Manager").
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-w, --rootUserPassword</option> <replaceable
class="parameter">password</replaceable></term>
<listitem>
<para>
Password for the initial root user for the Directory Server.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-j, --rootUserPasswordFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Path to a file containing the password for the initial root user for the
directory server.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-N, --certNickname</option> <replaceable
class="parameter">alias</replaceable></term>
<listitem>
<para>
Nickname of the certificate that the server should use when accepting SSL-based
connections or performing StartTLS negotiation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-W, --keyStorePassword</option> <replaceable
class="parameter">password</replaceable></term>
<listitem>
<para>
Certificate key store PIN. A PIN is required when you specify to use an
existing certificate (JKS, JCEKS, PKCS#12 or PKCS#11) as server certificate.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-u, --keyStorePasswordFile</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Certificate key store PIN file. A PIN is required when you specify to use an
existing certificate (JKS, JCEKS, PKCS#12 or PKCS#11) as server certificate.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--useJavaKeystore</option> <replaceable
class="parameter">file</replaceable></term>
<listitem>
<para>
Path of a Java Key Store (JKS) containing a certificate to be used as the server
certificate.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--useJCEKS</option> <replaceable
class="parameter">keyStorePath</replaceable></term>
<listitem>
<para>
Path of a JCEKS containing a certificate to be used as the server certificate.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--usePkcs11Keystore</option></term>
<listitem>
<para>
Use a certificate in a PKCS#11 token that the server should use when accepting
SSL-based connections or performing StartTLS negotiation.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--usePkcs12keyStore</option> <replaceable
class="parameter">keyStorePath</replaceable></term>
<listitem>
<para>
Path of a PKCS#12 key store containing the certificate that the server should
use when accepting SSL-based connections or performing StartTLS negotiation.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Utility Input/Output Options</title>
<variablelist>
<varlistentry>
<term><option>-n, --no-prompt</option></term>
<listitem>
<para>
Use non-interactive mode. If data in the command is missing, the user is not
prompted and the tool will fail.
</para>
</listitem>
</varlistentry>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="l-props"]/*)'/>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="l-misc"]/*[@name="lc-quiet"
or @name="lc-verbose"])'/>
</variablelist>
</refsection>
<refsection>
<title>General Options</title>
<variablelist>
<xi:include href="common.xml"
xpointer='xpointer(//para[@name="l-general"]/*)'/>
</variablelist>
</refsection>
</refsection>
<refsection>
<title>Examples</title>
<informalexample os="solaris">
<para>
Use this command to assign the "OpenDJ Admin" profile to the user jackson:
</para>
<literallayout><prompt
>$ </prompt><command>usermod -P "OpenDJ Admin" jackson</command></literallayout>
</informalexample>
<informalexample os="solaris">
<para>
To check, which profiles are assigned to user jackson, use:
</para>
<literallayout><prompt
>$ </prompt><command>profiles jackson</command></literallayout>
<screen>
OpenDJ Admin
Basic Solaris User
All
</screen>
</informalexample>
<informalexample>
<para>
The following command installs OpenDJ directory server, enabling StartTLS and
importing 100 example entries without interaction.
</para>
<literallayout><prompt
>$ </prompt><command>$INSTALL_ROOT/setup --cli -b dc=example,dc=com -d 100 \
-w password -D "cn=Directory Manager" -h `hostname` -p 1389 \
--generateSelfSignedCertificate --enableStartTLS -n</command></literallayout>
<screen>
OpenDJ @VERS_FULL@
Please wait while the setup program initializes...
See /var/tmp/opendj-setup-484...561.log for a detailed log of this operation.
Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Importing Automatically-Generated Data (100 Entries) ......... Done.
Starting Directory Server .......... Done.
To see basic server configuration status and configuration you can launch
$INSTALL_ROOT/bin/status
</screen>
</informalexample>
</refsection>
<xi:include href="common.xml" xpointer='xpointer(//refsection[@name="env"])'/>
<xi:include href="common.xml" xpointer='xpointer(//refsection[@name="exit-0-gt0"])'/>
<refsection>
<title>See Also</title>
<para>
<citerefentry>
<refentrytitle>start-ds</refentrytitle>
<xi:include href='common.xml' xpointer='xpointer(//manvolnum[@name="v1m"])'/>
</citerefentry><wordasword>, </wordasword>
<citerefentry>
<refentrytitle>stop-ds</refentrytitle>
<xi:include href='common.xml' xpointer='xpointer(//manvolnum[@name="v1m"])'/>
</citerefentry><wordasword>, </wordasword>
<citerefentry>
<refentrytitle>dsjavaproperties</refentrytitle>
<xi:include href='common.xml' xpointer='xpointer(//manvolnum[@name="v1m"])'/>
</citerefentry><wordasword>, </wordasword>
<citerefentry>
<refentrytitle>opendj</refentrytitle>
<xi:include href='common.xml' xpointer='xpointer(//manvolnum[@name="v5"])'/>
</citerefentry><wordasword>, </wordasword>
<citerefentry os="solaris">
<refentrytitle>svcadm</refentrytitle>
<manvolnum>1M</manvolnum>
</citerefentry>
<citerefentry os="bds;linux">
<refentrytitle>create-rc-script</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsection>
</refentry>