Use the create-sync-pipe-config
utility to configure a Sync Pipe.
Once the configuration is completed, settings can be adjusted using the
dsconfig tool.
If servers have no base entries or data, the cn=Sync User,cn=Root
DNs,cn=config
account needed to communicate cannot be created. Make sure
that base entries are created on the destination servers.
If synchronizing pre-encoded passwords to a PingDirectory Server destination, allow pre-encoded passwords in the default password policy. You must also configure password encryption on the destination. Make sure that the password encryption algorithm is supported by both source and destination servers with the following command:
$ bin/dsconfig set-password-policy-prop \
--policy-name "Default Password Policy" \
--set allow-pre-encoded-passwords:true
Encrypted and clear-text passwords can be synchronized by configuring the sync
destination password-synchronization-format
, and
require-secure-connection-for-clear-text-passwords
properties.
You can set the require-secure-connection-for-clear-text-passwords
property to false when working in a test environment.
If the password-synchronization-format
property is set to
clear-text
, and
require-secure-connection-for-clear-text-passwords
property is
set to true, the connection must be secure.
If a secure connection is not available, an error is generated and the password is not synchronized.
To configure PingDataSync with the
create-sync-pipe-config
command:
The next step will be to configure the attribute mappings using the dsconfig command.