8.2 Product PingDirectory PingDataSync Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience System Administrator Software Deployment Method Configuration
This procedure is required if synchronizing passwords from
a PingDirectory Server to Active Directory, or if synchronizing clear text passwords.
These steps are not required if synchronizing from Active Directory to a PingData
PingDirectory Server, or if not synchronizing passwords.
On the Ping Directory Server that will receive the password modifications,
enable the Change Log Password Encryption component. The component intercepts
password modifications, encrypts the password and adds an encrypted attribute,
ds-changelog- encrypted-password, to the change log entry.
The encryption key can be copied from the output if displayed, or accessed from
the <serverroot>/bin/sync-pipe-cfg.txt file.
On PingDataSync Server, set the decryption key used to decrypt the user
password value in the change log entries. The key allows the user password to be
synchronized to other servers that do not use the same password storage
scheme.
Test the configuration or populate data in the destination
servers using bulk resync mode. See
Using the resync Tool on the
Identity Sync Server. Then, use realtime-sync to start synchronizing
the data. See Using the
realtime-sync Tool for more information. If synchronizing passwords, install the
Password Sync Agent (PSA) on all of the domain controllers in the topology.