Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
To configure synchronization with Active Directory systems, the following tasks are performed:
- Enable SSL connections
- If synchronizing passwords between systems, synchronization with Microsoft
Active Directory systems requires that SSL be enabled on the Active Directory
domain controller, so that PingDataSync Server can securely propagate the
cn=Sync Useraccount password and other user passwords to the target.
- Run the create-sync-pipe-config tool
- On the Ping Data Sync Server, use the create-sync-pipe-config tool to configure the Sync Pipes to communicate with the Active Directory source or target.
- Configure outbound password synchronization on an PingDirectory Server Sync Source
- After running the create-sync-pipe-config tool, determine if
outbound password synchronization from an PingDirectory Server Sync Source is
required. If so, enable the Password Encryption component on all PingDirectory
Server sources that receive password modifications. The PingDirectory Server
uses the Password Encryption component, analogous to the Password Sync Agent
component, to intercept password modifications and add an encrypted attribute,
ds-changelog-encrypted-password, to the changelog entry. The component enables passwords to be synchronized securely to the Active Directory system, which uses a different password storage scheme. The encrypted attribute appears in the change log and is synchronized to the other servers, but does not appear in the entries.
- Configure outbound password synchronization on an Active Directory Sync Source
- After running the create-sync-pipe-config tool, determine if outbound password synchronization from an Active Directory Sync Source is required. If so, install the Password Sync Agent (PSA) after configuring PingDataSync Server.
- Run the realtime-sync set-startpoint tool
- The realtime-sync set-startpoint command may take several minutes to run, because it must issue repeated searches of the Active Directory domain controller until it has paged through all the changes and receives a cookie that is up-to-date.