Prepare external server communication
About this task
The prepare-endpoint-server
tool sets up any communication variances that can occur between PingDataSync and the external servers. Typically, directory servers can have different security settings, privileges, and passwords configured on the Sync Source that might reject the import of entries in the Sync Destination.
The prepare-endpoint-server
tool also creates a Sync User Account and its privileges on all of the external servers (see Sync user account for more detailed information). The prepare-endpoint-server
tool verifies that the account has the proper privileges to access the firstChangeNumber
and lastChangeNumber
attributes in the root DSE entry so that it can access the latest changes. If the Sync User does not have the proper privileges, PingDataSync displays a warning message, which is saved in the logs/prepare-endpoint-server.log
file.
If the synchronization topology was created using the |
Perform the following steps to prepare PingDataSync for external server communication:
Steps
-
Use the
prepare-endpoint-server
tool to prepare the directory server instances on the remote host for synchronization as a data source for the subtree,dc=example,dc=com
. If the user account is not present on the external server, it will be created if a parent entry exists.$ bin/prepare-endpoint-server \ --hostname sun-ds1.example.com \ --port 21389 \ --syncServerBindDN "cn=Sync User,dc=example,dc=com" \ --syncServerBindPassword secret \ --baseDN "dc=example,dc=com" \ --isSource
-
When prompted,enter the bind DN and password to create the user account. This step enables the change log database and sets the
changelog-maximum-age
property. -
Repeat steps 1–2 for any other external source servers.
-
For the destination servers, repeat steps 2–3 and include the
--isDestination
option. If destination servers do not have any entries, a "Denied" message will display when creating thecn=Sync User
entry.$ bin/prepare-endpoint-server \ --hostname PingIdentity-ds1.example.com \ --port 33389 \ --syncServerBindDN "cn=Sync User,cn=Root DNs,cn=config" \ --syncServerBindPassword sync \ --baseDN "dc=example,dc=com" \ --isDestination
-
Repeat step 4 for any other destination servers.