Overview of configuration tasks - PingDirectory - PingDataSync

Page created: 4 Feb 2020 |

Page updated: 22 Jul 2020

| 2 min read

Product PingDirectory 8.1 PingDataSync Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience System Administrator Software Deployment Method Configuration

To configure synchronization with Active Directory systems, the following tasks are performed:

Enable SSL connections: If synchronizing passwords between systems, synchronization with Microsoft Active Directory systems requires that SSL be enabled on the Active Directory domain controller, so that PingDataSync Server can securely propagate the cn=Sync User account password and other user passwords to the target.
Run the create-sync-pipe-config tool: On the Ping Data Sync Server, use the create-sync-pipe-config tool to configure the Sync Pipes to communicate with the Active Directory source or target.
Configure outbound password synchronization on an PingDirectory Server Sync Source: After running the create-sync-pipe-config tool, determine if outbound password synchronization from an PingDirectory Server Sync Source is required. If so, enable the Password Encryption component on all PingDirectory Server sources that receive password modifications. The PingDirectory Server uses the Password Encryption component, analogous to the Password Sync Agent component, to intercept password modifications and add an encrypted attribute, ds-changelog-encrypted-password, to the changelog entry. The component enables passwords to be synchronized securely to the Active Directory system, which uses a different password storage scheme. The encrypted attribute appears in the change log and is synchronized to the other servers, but does not appear in the entries.
Configure outbound password synchronization on an Active Directory Sync Source: After running the create-sync-pipe-config tool, determine if outbound password synchronization from an Active Directory Sync Source is required. If so, install the Password Sync Agent (PSA) after configuring PingDataSync Server.
Run the realtime-sync set-startpoint tool: The realtime-sync set-startpoint command may take several minutes to run, because it must issue repeated searches of the Active Directory domain controller until it has paged through all the changes and receives a cookie that is up-to-date.