Configure the Sync source for the synchronization network. More than one external server can be configured to act as the Sync source for failover purposes. If the source is a PingDirectory Server, also configure the following items:
- Enable the changelog password encryption plugin on any directory server that will receive password modifications. This plugin intercepts password modifications, encrypts the password, and adds an encrypted attribute to the change log entry.
- Configure the
changelog-deleted-entry-include-attributeproperty on the changelog backend, so that PingDataSync can record which attributes were removed during a DELETE operation.
Perform the following steps to configure the Sync source:
Run dsconfig to configure the external server as the Sync
source. Based on the previous example where the PingDirectory Server was configured as
source-ds, run the following command:
$ bin/dsconfig create-sync-source --source-name source \ --type ping-identity \ --set base-dn:dc=example,dc=com \ --set server:source-ds \ --set use-changelog-batch-request:true
Enable the change log password encryption plugin on any server that receives
password modifications. The encryption key can be copied from the output, if
displayed, or accessed from the
<server-root>/bin/sync-pipe-cfg.txt file, if the
create-sync-pipe-config tool was used to create the sync
$ bin/dsconfig set-plugin-prop \ --plugin-name "Changelog Password Encryption" \ --set enabled:true \ --set changelog-password-encryption-key:<key>
On PingDataSync, set the decryption key used
to decrypt the user password value in the change log entries. The key allows the user
password to be synchronized to other servers that do not use the same password
$ bin/dsconfig set-global-sync-configuration-prop \ --set changelog-password-decryption-key:ej5u9e39pq-68
changelog-deleted-entry-include-attributeproperty on the changelog backend.
$ bin/dsconfig set-backend-prop --backend-name changelog \ --set changelog-deleted-entry-include-attribute:objectClass