By default, PingDataSync authenticates to the PingDirectory server using LDAP simple authentication (with a bind DN and a password). However, PingDataSync can be configured to use SASL EXTERNAL to authenticate to the PingDirectory server with a client certificate.
This procedure assumes that PingDataSync instances are installed and configured to communicate with the backend PingDirectory server instances using either SSL or StartTLS.
After the servers are configured, perform the following steps to configure SASL EXTERNAL authentication:
After these changes, PingDataSync should
re-establish connections to the LDAP external server and authenticate with SASL
EXTERNAL. Verify that PingDataSync is still able to
communicate with all backend servers by running the bin/status
command.
All of the servers listed in the "--- LDAP External Servers ---" section should have a
status of Available
. Review the PingDirectory server access log to make sure that the BIND
RESULT log messages used to authenticate the connections from PingDataSync include authType="SASL",
saslMechanism="EXTERNAL", resultCode=0
, and authDN="cn=Sync
User,cn=RootDNs,cn=config"
.