Configure fractional replication
PingDataSync supports fractional replication to any server type. For example, if a replica only performs user authentications, PingDataSync can be configured to propagate only the uid
and userpassword
password policy attributes, reducing the database size at the replica and the network traffic needed to keep the servers synchronized.
About this task
The following example configures a fractional replication, where the uid
and userPassword
attributes of all entries in the source topology are synchronized to the destination topology. Because the uid
and userPassword
attributes are present, the objectclass
attribute must also be synchronized. The example assumes that PingDataSync and the external servers are configured and a Sync Pipe and Sync Class are defined, but real-time synchronization or bulk resync have not been performed.
Perform the following steps to configure fractional replication from the dsconfig
interactive menu:
Steps
-
On the main menu, type the number corresponding to Sync Classes.
-
On the Sync Class menu, type the number corresponding to viewing and editing an existing Sync Class. Assume that only one Sync Class has been defined.
-
Verify that the Sync Pipe and Sync Class exist.
-
On the Sync Class Properties menu, type the number specifying the source LDAP filter (
include-filter
property) that defines which source entries are to be included in the Sync Class. -
On the Include-Filter Property menu, type the number corresponding to adding a filter value. For this example, type (
objectclass=person
). When prompted, enter another filter. Press Enter to continue. On the menu, enter 1 to use the value when specifying it. -
On the Sync Class Properties menu, type the number corresponding to the
auto-mapped-source-attribute
property. Change the value from "-all-
" to a specific attribute, so that only the specified attribute is automatically mapped from the source topology to the destination topology. -
On the Auto-Mapped-Source-Attribute Property menu, type the number corresponding to adding the source attributes that will be automatically mapped to the destination attributes of the same name. When prompted, enter each attribute, and then press Enter.
Enter another value for the 'auto-mapped-source-attribute' property [continue]: uid Enter another value for the 'auto-mapped-source-attribute' property [continue]: userPassword Enter another value for the 'auto-mapped-source-attribute' property [continue]: objectclass Enter another value for the 'auto-mapped-source-attribute' property [continue]:
-
On the Auto-Mapped-Source-Attribute Property menu, type the number corresponding to removing one or more values. In this example, remove the "
-all-
" value, so that only theobjectclass
,uid
, anduserPassword
attributes are synchronized. -
On the Auto-Mapped-Source-Attribute Property menu, press Enter to accept the values.
-
On the Sync Class Properties menu, type the number corresponding to excluding some attributes from the synchronization process. When using the
objectclass=person
filter, thecn
,givenName
, andsn
attributes must be excluded. Enter the option to add one or more attributes, and then add each attribute to exclude on theexcluded-auto-mapped-source-attributes
Property menu. For this example, exclude thecn
andsn
attributes, which are required attributes of thePerson
objectclass. Also exclude thegivenName
attribute, which is an optional attribute of theinetOrgPerson
objectclass.Enter another value for the 'excluded-auto-mapped-source-attributes' property [continue]: givenName Enter another value for the 'excluded-auto-mapped-source-attributes' property [continue]: sn Enter another value for the 'excluded-auto-mapped-source-attributes' property [continue]:
-
On the Excluded-Auto-Mapped-Source-Attributes Property menu, press Enter to accept the changes.
If using
entryUUID
as a correlation attribute, some attribute uniqueness errors might occur while using theresync
tool. Either set theexcluded-auto-mapped-source-attributes
property value toentryUUID
on the Sync Class configuration menu, or runresync
with the--excludeDestinationAttr
entryUUID argument. -
On the Sync Class Properties menu, review the configuration and accept the changes.
-
On the server instances in the destination topology, turn off schema checking to avoid a schema error that occurs when the required attributes in the
Person
objectclass are not present. Make sure that the global configuration property for theserver-group
is set toall-servers
. Use the following command to turn off schema checking on all of the servers in the group.$ bin/dsconfig --no-prompt set-global-configuration-prop \ --set check-schema:false \ --applyChangeTo server-group \ --port 3389 \ --bindDN "uid=admin,dc=example,dc=com" \ --bindPassword secret
-
Run
bin/resync
to load the filtered data from the source endpoint to the target endpoint.$ bin/resync --pipe-name "test-sync-pipe" \ --numPasses 3
-
Run
bin/realtime-sync
to start synchronization.$ bin/realtime-sync start --pipe-name "test-sync-pipe" \ --port 7389 \ --bindDN "uid=admin,dc=example,dc=com" \ --bindPassword secret \ --no-prompt