Configure the PingDirectory server sync source

Run the dsconfig command to configure the external server as the Sync source. Based on the previous example where the PingDirectory server was configured as source-ds, run the following command:

$ bin/dsconfig create-sync-source --source-name source \
  --type ping-identity \
  --set base-dn:dc=example,dc=com \
  --set server:source-ds \
  --set use-changelog-batch-request:true

Enable the change log password encryption plugin on any server that receives password modifications. The encryption key can be copied from the output, if displayed, or accessed from the <server-root>/bin/sync-pipe-cfg.txt file, if the create-sync-pipe-config tool was used to create the sync pipe.

$ bin/dsconfig set-plugin-prop \
  --plugin-name "Changelog Password Encryption" \
  --set enabled:true \
  --set changelog-password-encryption-key:<key>

On PingDataSync, set the decryption key used to decrypt the user password value in the change log entries. The key allows the user password to be synchronized to other servers that do not use the same password storage scheme.

$ bin/dsconfig set-global-sync-configuration-prop \
  --set changelog-password-decryption-key:ej5u9e39pq-68

Configure the changelog-deleted-entry-include-attribute property on the changelog backend.

$ bin/dsconfig set-backend-prop --backend-name changelog \
  --set changelog-deleted-entry-include-attribute:objectClass