PingDirectory

Configure a directory-to-database sync pipe

The following topics contain procedures that let you configure a one-way Sync Pipe with a PingDirectory Server as the Sync Source and an RDBMS (Oracle) system as the Sync Destination with the create-sync-pipe-config tool. You can configure Sync Pipes later using the dsconfig command.

Creating the sync pipe

The following procedures configure the Sync Pipe, external servers, and Sync Classes. The examples are based on the Complex JDBC sample in the config/jdbc/samples/oracle-db directory. The create-sync-pipe-config tool can be run with the server offline and the configuration can later be imported.

  1. Run the create-sync-pipe-config tool.

    $ bin/create-sync-pipe-config

  2. At the Initial Synchronization Configuration Tool prompt, press Enter to continue.

  3. On the Synchronization Mode menu, select Standard Mode or Notification Mode.

  4. On the Synchronization Directory menu, choose one-way or bidirectional synchronization.

Configure the sync source

  1. On the Source Endpoint Type menu, enter the number for the sync source corresponding to the type of source external server.

  2. Enter a name for the Source Endpoint.

  3. Enter the base distinguished name (DN) for the directory server, which is used as the base for Lightweight Directory Access Protocol (LDAP) searches. For example, enter dc=example,dc=com, and then press Enter again to return to the menu. If entering more than one base DN, make sure the DNs do not overlap.

  4. On the Server Security menu, select the type of communication that PingDataSync will use with the endpoint servers.

  5. Enter the host and port of the source endpoint server. The Sync Source can specify a single server or multiple servers in a replicated topology. The server tests that a connection can be established.

  6. Enter the DN of the Sync User account and create a password for this account. The Sync User account enables PingDataSync to access the source endpoint server. By default, the Sync User account is stored as cn=SyncUser,cn=RootDNs,cn=config.

Configure the destination endpoint server

  1. On the Destination Endpoint Type menu, select the type of datastore on the endpoint server. This example is configuring an Oracle Database.

  2. Enter a name for the Destination Endpoint.

  3. On the JDBC Endpoint Connection Parameters menu, enter the fully-qualified host name or IP address for the Oracle database server.

  4. Enter the listener port for the database server, or press Enter to accept the default (1521).

  5. Enter a database name such as dbsync-test.

  6. The server attempts to locate the JDBC driver in the lib directory. If the file is found, a success message is shown.

    Successfully found and loaded JDBC driver for:
    jdbc:oracle:thin:@//dbsync-w2k8-vm-2:1521/dbsync-test

    If the server cannot find the JDBC driver, add it later, or quit the create-sync-pipe-config tool and add the file to the lib directory.

  7. Add any additional Java database connectivity (JDBC) connection properties for the database server, or press Enter to accept the default (no). Consult the JDBC driver’s vendor documentation for supported properties.

  8. Enter a name for the database user account with which PingDataSync will communicate, or press Enter to accept the default (SyncUser). Enter the password for the account.

  9. On the Standard Setup menu, enter the number for the language (Java or Groovy) that was used to write the server extension.

  10. Enter the fully qualified name of the Server SDK extension class that implements the JDBCSyncDestination API.

    Enter the fully qualified name of the Java class that will implement
    com.unboundid.directory.sdk.sync.api.JDBCSyncDestination:
    com.unboundid.examples.oracle.ComplexJDBCSyncDestination
  11. Configure any user-defined arguments needed by the server extension. These are defined in the extension itself and the values are specified in the server configuration. If there are user-defined arguments, enter yes.

  12. To prepare the Source Endpoint server, which tests the connection to the server with the Sync User account, press Enter to accept the default (yes). For the Sync User account, it will return "Denied" as the account has not been written yet to the PingDirectory server at this time.

    Testing connection to server1.example.com:1389	Done
    Testing 'cn=Sync User,cn=Root DNs,cn=config' access	Denied
  13. To configure the Sync User account on the directory server, press Enter to accept the default (yes). Enter the bind DN (cn=DirectoryManager) and the bind DN password of the directory server so that you can configure the cn=Sync User account. PingDataSync creates the Sync User account, tests the base DN, and enables the change log.

    Created 'cn=Sync User,cn=Root DNs,cn=config'
    Verifying base DN 'dc=example,dc=com'	Done
    Enabling cn=changelog .....
  14. Enter the maximum age of the change log entries, or press Enter to accept the default.

Configuring the sync pipe and sync classes

The following procedures define a Sync Pipe and two Sync Classes. The first Sync Class is used to match the accounts objects. The second Sync Class matches the group objects.

  1. Continuing from the previous session, enter a name for the Sync Pipe.

  2. When prompted to define one or more Sync Classes, enter yes.

Configure the accounts Sync Class

  1. Enter a name for the Sync Class. For example, type accounts_sync_class.

  2. If restricting entries to specific subtrees, enter one or more base DNs. If not, press Enter to accept the default (no).

  3. To set an LDAP search filter, type yes and enter the filter "(accountid=*)". Press Enter again to continue. This property sets the LDAP filters and returns all entries that match the search criteria to be included in the Sync Class. In this example, specify that any entry with an accountID attribute be included in the Sync Class. If the entry does not contain any of these values, it will not be synchronized to the target server.

  4. Choose to synchronize all attributes, specific attributes, or exclude specific attributes from synchronization, or press Enter to accept the default (all).

  5. Specify the operations that will be synchronized for the Sync Class, or press Enter to accept the default.

Configure the groups Sync Class

For this example, configure another Sync Class to handle the groups object class. The procedures are similar to that of the configuration steps for the account_sync_class Sync Class.

  1. On the Sync Class menu, enter a name for a new sync class, such as groups_sync_class.

  2. To restrict entries to specific subtrees, enter one or more base DNs.

  3. Set an LDAP search filter. Type yes to set up a filter and enter the filter "(objectClass=groupOfUniqueNames)". This property sets the LDAP filters and returns all entries that match the groupOfUniqueNames attribute to be included in the Sync Class. If the entry does not contain any of these values, it will not be synchronized to the target server.

  4. Choose to synchronize all attributes, specific attributes, or exclude specific attributes from synchronization, or press Enter to accept the default (all).

  5. Specify the operations that will be synchronized for the Sync Class, or press Enter to accept the default.

  6. At the prompt to enter the name of another Sync Class, press Enter to continue.

  7. On the Default Sync Class Operations menu, press Enter to accept the default. The Default Sync Class determines how all entries that do not match any other Sync Class are handled.

  8. Review the configuration, and press Enter to write the configuration to the server.

Use the dsconfig command to make changes to this configuration. Refer to Configuring PingDataSync for configuration options and details.