By default, PingDataSync Server authenticates to the PingDirectory Server using LDAP simple authentication (with a bind DN and a password). However, PingDataSync Server can be configured to use SASL EXTERNAL to authenticate to the PingDirectory Server with a client certificate.
This procedure assumes that PingDataSync Server instances are installed and configured to communicate with the backend PingDirectory Server instances using either SSL or StartTLS.
After the servers are configured, perform the following steps to configure SASL EXTERNAL authentication:
After these changes, PingDataSync Server should re-establish connections to the
LDAP external server and authenticate with SASL EXTERNAL. Verify that PingDataSync Server is still able to communicate with all backend servers by running
the bin/status
command. All of the servers listed in the "--- LDAP
External Servers ---" section should have a status of Available
.
Review the PingDirectory Server access log can to make sure that the BIND RESULT log
messages used to authenticate the connections from PingDataSync Server include
authType="SASL", saslMechanism="EXTERNAL", resultCode=0
, and
authDN="cn=Sync User,cn=RootDNs,cn=config"
.