The prepare-endpoint-server tool sets up any communication variances that may occur between PingDataSync and the external servers. Typically, directory servers can have different security settings, privileges, and passwords configured on the Sync Source that might reject the import of entries in the Sync Destination.

The prepare-endpoint-server tool also creates a Sync User Account and its privileges on all of the external servers (see Sync user account for more detailed information). The prepare-endpoint-server tool verifies that the account has the proper privileges to access the firstChangeNumber and lastChangeNumber attributes in the root DSE entry so that it can access the latest changes. If the Sync User does not have the proper privileges, PingDataSync displays a warning message, which is saved in the logs/prepare- endpoint-server.log file.

Note:

If the synchronization topology was created using the create-sync-pipe-config tool, this command does not need to be run. It is already part of the create-sync-pipe-config process.

Perform the following steps to prepare PingDataSync for external server communication:

  1. Use the prepare-endpoint-server tool to prepare the directory server instances on the remote host for synchronization as a data source for the subtree, dc=example,dc=com. If the user account is not present on the external server, it will be created if a parent entry exists.
    $ bin/prepare-endpoint-server \
      --hostname sun-ds1.example.com \
      --port 21389 \
      --syncServerBindDN "cn=Sync User,dc=example,dc=com" \
      --syncServerBindPassword secret \
      --baseDN "dc=example,dc=com" \
      --isSource
  2. When prompted,enter the bind DN and password to create the user account. This step enables the change log database and sets the changelog-maximum-age property.
  3. Repeat steps 1–2 for any other external source servers.
  4. For the destination servers, repeat steps 2–3 and include the --isDestination option. If destination servers do not have any entries, a "Denied" message will display when creating the cn=Sync User entry.
    $ bin/prepare-endpoint-server \
      --hostname PingIdentity-ds1.example.com \
      --port 33389 \
      --syncServerBindDN "cn=Sync User,cn=Root DNs,cn=config" \
      --syncServerBindPassword sync \
      --baseDN "dc=example,dc=com" \
      --isDestination
  5. Repeat step 4 for any other destination servers.