Page created: 1 Jul 2020
|
Page updated: 22 Jul 2020
A direct attribute mapping from userPassword in PingDirectory Server to password in PingOne
is used for syncing passwords from PingDirectory Server to
PingOne. PingDataSync Server can synchronize passwords that
have been encrypted by PingDirectory Server or a hashed
version of the password, which is determined by how an administrator chooses to store
the passwords on PingDirectory Server.
dsconfig create-attribute-mapping \
--map-name PingDirectory_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:userPassword
For syncing passwords from a generic RDBMS, a direct attribute mapping still needs to be
used, though the from-attribute should be whatever attribute is
used to store the password in the RDBMS. In the following example, dbPassword
is used for the password on the RDBMS. Passwords in the RDBMS cannot be encrypted and
should be hashed with a scheme that PingDirectory Server
recognizes.
dsconfig create-attribute-mapping \
--map-name Generic_RDBMS_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:dbPassword
PingDataSync Server cannot synchronize passwords between PingOne systems, as PingDataSync Server cannot retrieve the password from PingOne.