Steps i have followed
install jdk 11
yum install java-11-openjdk-devel
./dskeymgr create-deployment-key --deploymentKeyPassword Password
export DEPLOYMENT_KEY=put deployment key that was generated previously
unzip DS-7.0.0
cd to opendj
run below command
./setup \
--deploymentKey $DEPLOYMENT_KEY \
--deploymentKeyPassword Passw0rd1 \
--rootUserDN uid=admin \
--rootUserPassword Passw0rd1 \
--monitorUserPassword Passw0rd1 \
--hostname ds1.avantatech.com \
--adminConnectorPort 4444 \
--ldapPort 1389 \
--enableStartTls \
--ldapsPort 1636 \
--httpsPort 8443 \
--profile am-identity-store \
--set am-identity-store/amIdentityStoreAdminPassword:Passw0rd1 \
--acceptLicense \
--start-ds
if you don't have a certificate disabled the Global Password policy by running ./dsconfig
[iamuser@ip-172-31-42-151 bin]$ ./dsconfig
>>>> Specify OpenDJ LDAP connection parameters
Directory server hostname or IP address
[ip-172-31-42-151.us-east-2.compute.internal]: ds1.avantastech.com
Directory server administration port number [4444]:
Administrator user bind DN [uid=admin]:
Password for user 'uid=admin':
The certificate 'CN=DS, O=ForgeRock.com' is not trusted for the following reason: unable to find valid certification path to requested target
Server Certificate:
User DN : CN=DS, O=ForgeRock.com
Validity : From 'Tue Sep 01 23:25:54 UTC 2020'
To 'Wed Sep 01 23:25:54 UTC 2021'
Issuer : CN=Deployment key, O=ForgeRock.com
User DN : CN=Deployment key, O=ForgeRock.com
Validity : From 'Tue Sep 01 23:12:45 UTC 2020'
To 'Fri Aug 30 23:12:45 UTC 2030'
Issuer : CN=Deployment key, O=ForgeRock.com
Do you trust this server certificate?
1) No
2) Yes, for this session only
3) Yes, also add it to a truststore
4) View certificate details
Enter choice: [1]: 3
The certificate 'CN=DS, O=ForgeRock.com' is not trusted for the following reason: No subject alternative DNS name matching ds1.avantastech.com found.
Server Certificate:
User DN : CN=DS, O=ForgeRock.com
Validity : From 'Tue Sep 01 23:25:54 UTC 2020'
To 'Wed Sep 01 23:25:54 UTC 2021'
Issuer : CN=Deployment key, O=ForgeRock.com
User DN : CN=Deployment key, O=ForgeRock.com
Validity : From 'Tue Sep 01 23:12:45 UTC 2020'
To 'Fri Aug 30 23:12:45 UTC 2030'
Issuer : CN=Deployment key, O=ForgeRock.com
Do you trust this server certificate?
1) No
2) Yes, for this session only
3) Yes, also add it to a truststore
4) View certificate details
Enter choice: [1]: 3
>>>> OpenDJ configuration console main menu
What do you want to configure?
1) Access Control Handler 22) Log Publisher
2) Access Log Filtering Criteria 23) Log Retention Policy
3) Account Status Notification Handler 24) Log Rotation Policy
4) Administration Connector 25) Mail Server
5) Alert Handler 26) Password Generator
6) Backend 27) Password Policy
7) Backend Index 28) Password Storage Scheme
8) Backend VLV Index 29) Password Validator
9) Certificate Mapper 30) Plugin
10) Connection Handler 31) Plugin Root
11) Crypto Manager 32) Replication Domain
12) Debug Target 33) Replication Server
13) Entry Cache 34) Root DSE Backend
14) Extended Operation Handler 35) SASL Mechanism Handler
15) Global Access Control Policy 36) Schema Provider
16) Global Configuration 37) Service Discovery Mechanism
17) Group Implementation 38) Synchronization Provider
18) HTTP Authorization Mechanism 39) Trust Manager Provider
19) HTTP Endpoint 40) Virtual Attribute
20) Identity Mapper 41) Work Queue
21) Key Manager Provider
a) show advanced components and properties
q) quit
Enter choice: 27
>>>> Password Policy management menu
What would you like to do?
1) Create a new Password Policy
2) View and edit an existing Password Policy
3) Delete an existing Password Policy
4) List existing Password Policies
a) show advanced components and properties
q) quit
b) back
Enter choice [b]: 2
>>>> Select the Authentication Policy from the following list:
1) Default Password Policy
2) Root Password Policy
a) show advanced components and properties
q) quit
c) cancel
Enter choice [c]: 2
>>>> Configure the properties of the Password Policy "Root Password Policy"
Property Value(s)
----------------------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme PBKDF2-HMAC-SHA256
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset false
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 0 s
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userPassword
20) password-change-requires-current-password true
21) password-expiration-warning-interval 5 d
22) password-generator -
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator At least 8 characters,
Common passwords
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication true
29) require-secure-password-changes true
a) show advanced components and properties
q) quit
c) cancel
f) finish - apply changes
?) help
Enter choice [f]: 28
>>>> Configuring the "require-secure-authentication" property
Indicates whether users with the associated password policy are required
to authenticate in a secure manner.
This might mean either using a secure communication channel between the
client and the server, or using a SASL mechanism that does not expose the
credentials.
Do you want to modify the "require-secure-authentication" property?
1) Keep the value: true
2) Change it to the default value: false
3) Specify a new value or expression
q) quit
?) help
Enter choice [1]: 2
Press RETURN to continue
>>>> Configure the properties of the Password Policy "Root Password Policy"
Property Value(s)
----------------------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme PBKDF2-HMAC-SHA256
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset false
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 0 s
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userPassword
20) password-change-requires-current-password true
21) password-expiration-warning-interval 5 d
22) password-generator -
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator At least 8 characters,
Common passwords
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication false
29) require-secure-password-changes true
a) show advanced components and properties
q) quit
c) cancel
f) finish - apply changes
?) help
Enter choice [f]:
The Password Policy was modified successfully
The equivalent non-interactive command-line is:
dsconfig set-password-policy-prop \
--policy-name Root\ Password\ Policy \
--set require-secure-authentication:false \
--hostname ds1.avantastech.com \
--port 4444 \
--bindDn uid=admin \
--bindPassword ****** \
--trustAll \
--no-prompt
Press RETURN to continue
>>>> Password Policy management menu
What would you like to do?
1) Create a new Password Policy
2) View and edit an existing Password Policy
3) Delete an existing Password Policy
4) List existing Password Policies
a) show advanced components and properties
q) quit
b) back
Enter choice [b]: q
[iamuser@ip-172-31-42-151 bin]$
Now connect to Directory Server using Apache Directory Studo or any other software.
