PingDirectory

Configure fractional replication

PingDataSync supports fractional replication to any server type. For example, if a replica only performs user authentications, PingDataSync can be configured to propagate only the uid and userpassword password policy attributes, reducing the database size at the replica and the network traffic needed to keep the servers synchronized.

About this task

The following example configures a fractional replication, where the uid and userPassword attributes of all entries in the source topology are synchronized to the destination topology. Because the uid and userPassword attributes are present, the objectclass attribute must also be synchronized. The example assumes that PingDataSync and the external servers are configured and a Sync Pipe and Sync Class are defined, but real-time synchronization or bulk resync have not been performed.

Perform the following steps to configure fractional replication from the dsconfig interactive menu:

Steps

  1. On the main menu, type the number corresponding to Sync Classes.

  2. On the Sync Class menu, type the number corresponding to viewing and editing an existing Sync Class. Assume that only one Sync Class has been defined.

  3. Verify that the Sync Pipe and Sync Class exist.

  4. On the Sync Class Properties menu, type the number specifying the source LDAP filter (include-filter property) that defines which source entries are to be included in the Sync Class.

  5. On the Include-Filter Property menu, type the number corresponding to adding a filter value. For this example, type (objectclass=person). When prompted, enter another filter. Press Enter to continue. On the menu, enter 1 to use the value when specifying it.

  6. On the Sync Class Properties menu, type the number corresponding to the auto-mapped-source-attribute property. Change the value from "-all-" to a specific attribute, so that only the specified attribute is automatically mapped from the source topology to the destination topology.

  7. On the Auto-Mapped-Source-Attribute Property menu, type the number corresponding to adding the source attributes that will be automatically mapped to the destination attributes of the same name. When prompted, enter each attribute, and then press Enter.

    Enter another value for the 'auto-mapped-source-attribute' property
    [continue]: uid
    Enter another value for the 'auto-mapped-source-attribute' property
    [continue]: userPassword
    Enter another value for the 'auto-mapped-source-attribute' property
    [continue]: objectclass
    Enter another value for the 'auto-mapped-source-attribute' property
    [continue]:
  8. On the Auto-Mapped-Source-Attribute Property menu, type the number corresponding to removing one or more values. In this example, remove the "-all-" value, so that only the objectclass, uid, and userPassword attributes are synchronized.

  9. On the Auto-Mapped-Source-Attribute Property menu, press Enter to accept the values.

  10. On the Sync Class Properties menu, type the number corresponding to excluding some attributes from the synchronization process. When using the objectclass=person filter, the cn, givenName, and sn attributes must be excluded. Enter the option to add one or more attributes, and then add each attribute to exclude on the excluded-auto-mapped-source-attributes Property menu. For this example, exclude the cn and sn attributes, which are required attributes of the Person objectclass. Also exclude the givenName attribute, which is an optional attribute of the inetOrgPerson objectclass.

    Enter another value for the 'excluded-auto-mapped-source-attributes'
    property
    [continue]: givenName
    Enter another value for the 'excluded-auto-mapped-source-attributes'
    property
    [continue]: sn
    Enter another value for the 'excluded-auto-mapped-source-attributes'
    property
    [continue]:
  11. On the Excluded-Auto-Mapped-Source-Attributes Property menu, press Enter to accept the changes.

    If using entryUUID as a correlation attribute, some attribute uniqueness errors might occur while using the resync tool. Either set the excluded-auto-mapped-source-attributes property value to entryUUID on the Sync Class configuration menu, or run resync with the --excludeDestinationAttr entryUUID argument.

  12. On the Sync Class Properties menu, review the configuration and accept the changes.

  13. On the server instances in the destination topology, turn off schema checking to avoid a schema error that occurs when the required attributes in the Person objectclass are not present. Make sure that the global configuration property for the server-group is set to all-servers. Use the following command to turn off schema checking on all of the servers in the group.

    $ bin/dsconfig --no-prompt set-global-configuration-prop \
      --set check-schema:false \
      --applyChangeTo server-group \
      --port 3389 \
      --bindDN "uid=admin,dc=example,dc=com" \
      --bindPassword secret
  14. Run bin/resync to load the filtered data from the source endpoint to the target endpoint.

    $ bin/resync --pipe-name "test-sync-pipe" \
      --numPasses 3
  15. Run bin/realtime-sync to start synchronization.

    $ bin/realtime-sync start --pipe-name "test-sync-pipe" \
      --port 7389 \
      --bindDN "uid=admin,dc=example,dc=com" \
      --bindPassword secret \
      --no-prompt