Page created: 22 Jul 2020 |
Page updated: 1 Feb 2021
Create a direct attribute mapping to sync passwords from PingDirectory Server to PingOne.
PingDirectory Server maps the userPassword attribute to thepassword attribute to sync passwords with PingOne.
To create a direct attribute mapping, run the following.
dsconfig create-attribute-mapping \ --map-name PingDirectory_to_PingOne_User_Map \ --mapping-name password \ --type direct \ --set from-attribute:userPassword
PingDataSync Server can synchronize passwords that have been encrypted by PingDirectory Server or a hashed version of the password, depending on how an administrator chooses to store passwords on PingDirectory Server.
To sync passwords from a generic relational database management system (RDBMS),
create a direct attribute mapping with the from-attribute
being whichever attribute the RDBMS uses to store the password.
In the following example, the RDBMS uses the dbPassword attribute to store the password.
dsconfig create-attribute-mapping \ --map-name Generic_RDBMS_to_PingOne_User_Map \ --mapping-name password \ --type direct \ --set from-attribute:dbPassword
RDBMS passwords cannot be encrypted and should be hashed with a scheme that PingDirectory Server recognizes.
PingDataSync Server cannot synchronize passwords between PingOne systems because PingDataSync Server cannot retrieve passwords from PingOne.