PingDataSync creates a Sync User account DN on each
external server. The account (by default, cn=Sync User
) is used
exclusively by PingDataSync to communicate with
external servers. The entry is important in that it contains the credentials (DN and
password) used by PingDataSync to access the source
and target servers. The Sync User account resides in different entries depending on the
targeted system:
- For the Ping Identity PingDirectory Server, Ping
Identity PingDirectoryProxy Server, Nokia 8661 Directory
Server, Nokia 8661 Directory Proxy Server, the Sync User account resides in the
configuration entry (
cn=Sync User,cn=Root DNs,cn=config
). - For Sun Directory Server, Sun DSEE, OpenDJ, Oracle Unified Directory, and generic
LDAP directory topologies, the Sync User account resides under the base DN in the
userRoot
backend (cn=Sync User,dc=example,dc=com
).The Sync User account should not reside in thecn=config
branch for Sun Directory Server and DSEE machines. - For Microsoft Active Directory servers, the Sync User account resides in the Users
container (
cn=Sync User,cn=Users,DC=adsync,DC=unboundid,DC=com
). - For Oracle and Microsoft SQL Servers, the Sync User account is a login account
(
SyncUser
)with the sufficient privileges to access the tables to be synchronized.
In most cases, modifications to this account are rare. Make sure that the entry is not
synchronized by setting up an optional Sync Class if the account resides in the
userRoot
backend (Sun Directory Server or Sun DSEE) or Users
container (Microsoft Active Directory). For example, a Sync Class can be configured to
have all CREATE, MODIFY, and DELETE operations set to false.