1. Set the filter-changes-by-user property to filter changes based on access controls for a specific user.
    $ bin/dsconfig set-sync-pipe-prop \
      --pipe-name "Notifications Sync Pipe" \
      --set "filter-changes-by-user:uid=admin,dc=example,dc=com"
  2. On the source directory server, set the report-excluded-changelog-attributes property to include the names of users that have been removed through access control filtering. This will allow PingDataSync Server to warn about attributes that were supposed to be synchronized but were filtered out. This step is recommended but not required.
    $ bin/dsconfig set-backend-prop \
    --backend-name "changelog" \
      --set "report-excluded-changelog-attributes:attribute-names"
    Note:

    PingDataSync Server only uses the attribute-names setting for the PingDirectory Server’s report-excluded-changelog-attributes property. It does not use the attribute-counts setting for the property.