A direct attribute mapping from userPassword in PingDirectory Server to password in PingOne is used for syncing passwords from PingDirectory Server to PingOne. PingDataSync Server can synchronize passwords that have been encrypted by PingDirectory Server or a hashed version of the password, which is determined by how an administrator chooses to store the passwords on PingDirectory Server.
dsconfig create-attribute-mapping \
--map-name PingDirectory_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:userPassword
For syncing passwords from a generic RDBMS, a direct attribute mapping still needs to be used, though the from-attribute should be whatever attribute is used to store the password in the RDBMS. In the following example, dbPassword is used for the password on the RDBMS. Passwords in the RDBMS cannot be encrypted and should be hashed with a scheme that PingDirectory Server recognizes.
dsconfig create-attribute-mapping \
--map-name Generic_RDBMS_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:dbPassword

PingDataSync Server cannot synchronize passwords between PingOne systems, as PingDataSync Server cannot retrieve the password from PingOne.