- On the Sync Pipe Name menu, type a unique name to identify the Sync Pipe, or accept the default.
- On the Pre-Configured Sync Class Configuration for Active Directory Sync Source menu, enter yes to synchronize user CREATE operations, and enter the object class for the user entries at the destination server, or accept the default (user). To synchronize user MODIFY and DELETE operations from Active Directory (AD), enter yes.
- To synchronize passwords from Active Directory, press Enter to accept the default (yes). If synchronizing passwords from Active Directory, install the Ping Identity Password Sync Agent component on each domain controller.
-
To create a distinguished name (DN) map for the user entries in the Sync Pipe,
enter the base DN for the user entries at the Microsoft Active Directory Sync Source, then
enter the base DN for the user entries at the PingDataSync Destination.
A list of basic attribute mappings from the Microsoft Active Directory Source to the PingDirectory Server destination is displayed. More complex attribute mappings involving constructed or DN attribute mappings must be configured with the dsconfig command. The following is a sample mapping.
Below is a list of the basic mappings that have been set up for user entries synchronized from Microsoft Active Directory -> PingDirectory Server. You can add to or modify this list with any direct attribute mappings. To set up more complex mappings (such as constructed or DN attribute mappings), use the 'dsconfig' tool. 1) cn -> cn 2) sn -> sn 3) givenName -> givenName 4) description -> description 5) sAMAccountName -> uid 6) unicodePwd -> userPassword
-
Enter the option to add a new attribute mapping. Enter the source attribute, and then
enter the destination attribute. The following example maps the
telephoneNumber
attribute (Active Directory) to theotherTelephone
attribute (PingDirectory Server).Select an attribute mapping to remove, or choose 'n' to add a new one [Press ENTER to continue]: n Enter the name of the source attribute: telephoneNumber Enter the name of the destination attribute: otherTelephone
- If synchronizing group CREATE, MODIFY, and DELETE operations from Active Directory, enter yes.
- Review the basic user group mappings.
- On the Sync Pipe Sync Class Definitions menu, enter another name for a new Sync Class if required. Repeat steps 2–6 to define this new Sync Class. If no additional Sync Class definitions are required, press Enter to continue.
-
Review the Sync Pipe Configuration Summary, and accept the default ("write
configuration"), which records the commands in a batch file
(sync-pipe-cfg.txt). The batch file can be used to set up other
topologies. The following summary shows two Sync Pipes and their associated Sync
Classes.
>>>> Configuration Summary Sync Pipe: AD to PingDirectory Server Source: Microsoft Active Directory Type: Microsoft Active Directory Access Account: cn=Sync User,cn=Users,DC=adsync,DC=PingIdentity,DC=com Base DN: DC=adsync,DC=PingIdentity,DC=com Servers: 10.5.1.149:636 Destination: PingDirectory Server Type: PingDirectory Server Access Account: cn=Sync User,cn=Root DNs,cn=config Base DN: dc=example,dc=com Servers: localhost:389 Sync Classes: Microsoft Active Directory Users Sync Class Base DN: DC=adsync,DC=PingIdentity,DC=com Filters: (objectClass=user) DN Map: **,CN=Users,DC=adsync,DC=PingIdentity,DC=com ->{1},ou=users, dc=example,dc=com Synchronized Attributes: Custom set of mappings are defined Operations: Creates,Deletes,Modifies Sync Pipe: PingDirectory Server to AD Source: PingDirectory Server Type: PingDirectory Server Access Account: cn=Sync User,cn=Root DNs,cn=config Base DN: dc=example,dc=com Servers: localhost:389 Destination: Microsoft Active Directory Type: Microsoft Active Directory Access Account: cn=Sync User,cn=Users,DC=adsync,DC=PingIdentity,DC=com Base DN: DC=adsync,DC=PingIdentity,DC=com Servers: 10.5.1.149:636 Sync Classes: PingDirectory Server Users Sync Class Base DN: dc=example,dc=com Filters: (objectClass=inetOrgPerson) DN Map: **,ou=users,dc=example,dc=com ->{1},CN=Users,DC=adsync, DC=PingIdentity,DC=com Synchronized Attributes: Custom set of mappings are defined Operations: Creates,Deletes,Modifies
- To apply the configuration to the local PingDataSync server instance, type yes. The configuration is recorded at <server-root>/logs/tools/createsync-pipe-config.log.