Configure the sync source
The sync source describes the service from which entries and changes are read so that they can be synchronized to the sync destination.
The process for configuring a sync source varies based on the type of service that you use, such as an LDAP server or a relational database, so you should consult the appropriate documentation for the specific type of sync source that you want to use.
Currently, the create-sync-pipe-config
tool does not offer support for the System for Cross-domain Identity Management (SCIM) 2.0 sync destination, so you might need to configure the sync source manually with a tool like dsconfig
or the administrative console. However, if you plan to synchronize from the desired source to another type of destination, and if that destination is one that is supported by the create-sync-pipe-config
tool, then you can reuse the sync source created for that pipe.
If the sync source server is a PingDirectory server, then you can use the prepare-endpoint-server
tool to make necessary changes to allow the PingDataSync server to interact with that directory server instance. This includes creating the account that the PingDataSync server uses to authenticate to the PingDirectory server and enabling the changelog to allow the PingDataSync server to retrieve information about changes processed in the PingDirectory server.
Running prepare-endpoint-server --help
shows you the complete usage for the tool, but the following example demonstrates a sample usage:
bin/prepare-endpoint-server \ --hostname ds-source.example.com \ --port 636 \ --useSSL \ --trustStorePath config/truststore \ --syncServerBindDN "cn=Sync User,cn=Root DNs,cn=config" \ --syncServerBindPasswordFile sync-user-password.txt \ --baseDN dc=example,dc=com \ --isSource
In addition, if the source server is a PingDirectory server instance, then you should enable the Changelog Password Encryption plugin in that server to indicate that it should store an encrypted representation of clear-text passwords in the changelog along with their encoded form. See Configuring password encryption.
Doing this allows the PingDataSync server to retrieve those clear-text passwords so that they can be synchronized to the SCIM 2.0 sync destination. You can do this with a change like the following:
dsconfig set-plugin-prop \ --plugin-name "Changelog Password Encryption" \ --set enabled:true \ --set changelog-password-encryption-key:<this-is-the-key-you-want-to-use>