You can use the create-sync-pipe-config
utility to configure a Sync
Pipe. After the configuration is completed, you can adjust settings using the
dsconfig tool.
If servers have no base entries or data, the cn=Sync User,cn=Root
DNs,cn=config
account needed to communicate cannot be created. Make sure
that base entries are created on the destination servers.
If synchronizing pre-encoded passwords to a PingDirectory server destination, you must allow pre-encoded passwords in the default password policy. You must also configure password encryption on the destination. Make sure that the password encryption algorithm is supported by both source and destination servers with the following command:
$ bin/dsconfig set-password-policy-prop \
--policy-name "Default Password Policy" \
--set allow-pre-encoded-passwords:true
Encrypted and clear-text passwords can be synchronized by configuring the sync
destination password-synchronization-format
and
require-secure-connection-for-clear-text-passwords
properties.
You can set the require-secure-connection-for-clear-text-passwords
property to false when working in a test environment.
If the password-synchronization-format
property is set to
clear-text
, and the
require-secure-connection-for-clear-text-passwords
property is
set to true, the connection must be secure.
If a secure connection is not available, an error is generated and the password is not synchronized.
To configure PingDataSync with the
create-sync-pipe-config
command:
Apply the configuration changes to the local PingDataSync instance by using a dsconfig batch file. Any Server SDK extensions should be saved to the <server-root>/lib/extensions directory.
The next step is to configure the attribute mappings using the dsconfig command.