PingDirectory

Configuring sync pipes and sync classes

About this task

Perform the following steps to configure Sync Pipes and Sync Classes:

Steps

  1. On the Sync Pipe Name menu, type a unique name to identify the Sync Pipe, or accept the default.

  2. On the Pre-Configured Sync Class Configuration for Active Directory Sync Source menu, enter yes to synchronize user CREATE operations, and enter the object class for the user entries at the destination server, or accept the default (user). To synchronize user MODIFY and DELETE operations from Active Directory (AD), enter yes.

  3. To synchronize passwords from Active Directory, press Enter to accept the default (yes). If synchronizing passwords from Active Directory, install the Ping Identity Password Sync Agent component on each domain controller.

  4. To create a distinguished name (DN) map for the user entries in the Sync Pipe, enter the base DN for the user entries at the Microsoft Active Directory Sync Source, then enter the base DN for the user entries at the PingDataSync Destination.

    A list of basic attribute mappings from the Microsoft Active Directory Source to the PingDirectory Server destination is displayed. More complex attribute mappings involving constructed or DN attribute mappings must be configured with the dsconfig command. The following is a sample mapping.

    Below is a list of the basic mappings that have been set up for user
entries synchronized from Microsoft Active Directory ->  {pingdir}
Server. You can add to or modify this list with any direct attribute
mappings. To set up more complex mappings (such as constructed or DN
attribute mappings), use the 'dsconfig' tool.
1) cn -> cn
2) sn -> sn
3) givenName -> givenName
4) description -> description
5) sAMAccountName -> uid
6) unicodePwd -> userPassword

  5. Enter the option to add a new attribute mapping. Enter the source attribute, and then enter the destination attribute. The following example maps the telephoneNumber attribute (Active Directory) to the otherTelephone attribute (PingDirectory Server).

    Select an attribute mapping to remove, or choose 'n' to add a new one
[Press ENTER to continue]: n
Enter the name of the source attribute: telephoneNumber
Enter the name of the destination attribute: otherTelephone

  6. If synchronizing group CREATE, MODIFY, and DELETE operations from Active Directory, enter yes.

  7. Review the basic user group mappings.

  8. On the Sync Pipe Sync Class Definitions menu, enter another name for a new Sync Class if required. Repeat steps 2–6 to define this new Sync Class. If no additional Sync Class definitions are required, press Enter to continue.

  9. Review the Sync Pipe Configuration Summary, and accept the default ("write configuration"), which records the commands in a batch file (sync-pipe-cfg.txt). The batch file can be used to set up other topologies. The following summary shows two Sync Pipes and their associated Sync Classes.

    >>>> Configuration Summary
  Sync Pipe: AD to  {pingdir}  Server
    Source: Microsoft Active Directory
      Type: Microsoft Active Directory
      Access Account: cn=Sync
User,cn=Users,DC=adsync,DC=PingIdentity,DC=com
      Base DN: DC=adsync,DC=PingIdentity,DC=com
      Servers: 10.5.1.149:636
    Destination:  {pingdir}  Server
      Type:  {pingdir}  Server
      Access Account: cn=Sync User,cn=Root DNs,cn=config
      Base DN: dc=example,dc=com
      Servers: localhost:389
    Sync Classes:
      Microsoft Active Directory Users Sync Class
      Base DN: DC=adsync,DC=PingIdentity,DC=com
      Filters: (objectClass=user)
      DN Map: **,CN=Users,DC=adsync,DC=PingIdentity,DC=com ->{1},ou=users,
      dc=example,dc=com
      Synchronized Attributes: Custom set of mappings are defined
      Operations: Creates,Deletes,Modifies
  Sync Pipe:  {pingdir}  Server to AD
    Source:  {pingdir}  Server
      Type:  {pingdir}  Server
      Access Account: cn=Sync User,cn=Root DNs,cn=config
      Base DN: dc=example,dc=com
      Servers: localhost:389
    Destination: Microsoft Active Directory
      Type: Microsoft Active Directory
      Access Account: cn=Sync
User,cn=Users,DC=adsync,DC=PingIdentity,DC=com
      Base DN: DC=adsync,DC=PingIdentity,DC=com
      Servers: 10.5.1.149:636
    Sync Classes:
        {pingdir}  Server Users Sync Class
      Base DN: dc=example,dc=com
      Filters: (objectClass=inetOrgPerson)
      DN Map: **,ou=users,dc=example,dc=com ->{1},CN=Users,DC=adsync,
      DC=PingIdentity,DC=com
      Synchronized Attributes: Custom set of mappings are defined
      Operations: Creates,Deletes,Modifies

  10. To apply the configuration to the local PingDataSync server instance, type yes. The configuration is recorded at <server-root>/logs/tools/createsync-pipe-config.log.