PingDirectory

Change tracking, monitoring, and logging

PingDataSync tracks and manages processes and server health with the following tools:

Change Tracking

Each directory instance stores a separate entry under cn=changelog for every modification made to the directory. PingDataSync provides full control over the synchronization process by determining which entries are synchronized, how they are correlated to the entries at the destination endpoint, and how they are transformed into the destination schema.

  • For the PingDirectory server or Nokia 8661 Directory Server topologies, PingDataSync uses the server’s LDAP Change Log for modification detection.

  • For Oracle/Sun Directory Server, OpenDJ, Oracle Unified Directory, and generic LDAP directory topologies, PingDataSync uses the server’s Retro Change Log, which provides a detailed summary of each change.

  • For Active Directory (AD), PingDataSync uses the DirSync control, which polls for object attribute changes.

  • For RDBMS systems, PingDataSync uses a Ping Identity Server SDK plugin to interface with a customized RDBMS change log table. The database triggers on each table record all INSERT, UPDATE, and DELETE operations to the change log table.

Monitoring, Alerts, and Alarms

PingDataSync supports several industry-standard, administrative protocols for monitoring, alarms, and alerts. System alarms and gauges can be configured to determine healthy performance thresholds and the server actions taken when performance values are outside the threshold. All administrative alarms are exposed over LDAP as entries under base DN cn=alarms. An administrative alert framework sends warnings, errors, or other server events through log messages, email, or JMX notifications. Administrative alerts are also exposed over LDAP as entries below base DN cn=alerts. Typical alert events are startup or shutdown, applied configuration changes, or synchronized resources unavailable.

Logging

PingDataSync provides standard logs (sync, access, error, failed-operations, config-audit.log, debug). The server can also be configured for multiple active sync logs. For example, each detected change, each dropped change, each applied change, or each failed change can be logged.