Configure the PingDirectory server sync source
About this task
Configure the Sync source for the synchronization network. More than one external server can be configured to act as the Sync source for failover purposes. If the source is a PingDirectory server, also configure the following items:
-
Enable the changelog password encryption plugin on any directory server that will receive password modifications. This plugin intercepts password modifications, encrypts the password, and adds an encrypted attribute to the change log entry.
-
Configure the
changelog-deleted-entry-include-attribute
property on the changelog backend, so that PingDataSync can record which attributes were removed during a DELETE operation.
Perform the following steps to configure the Sync source:
Steps
-
Run the
dsconfig
command to configure the external server as the Sync source. Based on the previous example where the PingDirectory server was configured assource-ds
, run the following command:$ bin/dsconfig create-sync-source --source-name source \ --type ping-identity \ --set base-dn:dc=example,dc=com \ --set server:source-ds \ --set use-changelog-batch-request:true
-
Enable the change log password encryption plugin on any server that receives password modifications. The encryption key can be copied from the output, if displayed, or accessed from the
<server-root>/bin/sync-pipe-cfg.txt
file, if thecreate-sync-pipe-config
tool was used to create the sync pipe.$ bin/dsconfig set-plugin-prop \ --plugin-name "Changelog Password Encryption" \ --set enabled:true \ --set changelog-password-encryption-key:<key>
-
On PingDataSync, set the decryption key used to decrypt the user password value in the change log entries. The key allows the user password to be synchronized to other servers that do not use the same password storage scheme.
$ bin/dsconfig set-global-sync-configuration-prop \ --set changelog-password-decryption-key:ej5u9e39pq-68
-
Configure the
changelog-deleted-entry-include-attribute
property on the changelog backend.$ bin/dsconfig set-backend-prop --backend-name changelog \ --set changelog-deleted-entry-include-attribute:objectClass