PingDataSync Server creates a Sync User account DN on each external server. The account (by default, cn=Sync User) is used exclusively by PingDataSync Server to communicate with external servers. The entry is important in that it contains the credentials (DN and password) used by PingDataSync Server to access the source and target servers. The Sync User account resides in different entries depending on the targeted system:

  • For the Ping Identity PingDirectory Server, Ping Identity PingDirectoryProxy Server, Nokia 8661 Directory Server, Nokia 8661 Directory Proxy Server, the Sync User account resides in the configuration entry (cn=Sync User, cn=RootDNs,cn=config).
  • For Sun Directory Server, Sun DSEE, OpenDJ, Oracle Unified Directory, and generic LDAP directory topologies, the Sync User account resides under the base DN in the userRoot backend (cn=SyncUser,dc=example,dc=com).The Sync User account should not reside in the cn=config branch for Sun Directory Server and DSEE machines.
  • For Microsoft Active Directory servers, the Sync User account resides in the Users container (cn=Sync User,cn=Users,DC=adsync,DC=unboundid,DC=com).
  • For Oracle and Microsoft SQL Servers, the Sync User account is a login account (SyncUser)with the sufficient privileges to access the tables to be synchronized.

In most cases, modifications to this account are rare. Make sure that the entry is not synchronized by setting up an optional Sync Class if the account resides in the userRoot backend (Sun Directory Server or Sun DSEE) or Users container (Microsoft Active Directory). For example, a Sync Class can be configured to have all CREATE, MODIFY, and DELETE operations set to false.