Syncing passwords to PingOne - PingDirectory

Syncing passwords to PingOne - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

To sync passwords with PingOne, the PingDirectory server maps the userPassword attribute to the password attribute through a direct attribute mapping. (IBM Security Directory and the IBM Tivoli Directory servers return the userPassword attribute value as userPassword;binary.)

To sync passwords from thePingDirectory server to PingOne:

To create a direct attribute mapping, run the following.
```
dsconfig create-attribute-mapping \
--map-name PingDirectory_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:userPassword
```
The PingDataSync server can synchronize passwords that have been encrypted by PingDirectory server or a hashed version of the password, depending on how an administrator chooses to store passwords on PingDirectory server.
To sync passwords from a generic relational database management system (RDBMS), create a direct attribute mapping with the from-attribute being whichever attribute the RDBMS uses to store the password.

Note:
RDBMS passwords cannot be encrypted and should be hashed with a scheme that PingDirectory server recognizes.

Important:
The PingDataSync server cannot synchronize passwords between PingOne systems, because PingDataSync cannot retrieve passwords from PingOne.
In the following example, the RDBMS uses the dbPassword attribute to store the password.
```
dsconfig create-attribute-mapping \
--map-name Generic_RDBMS_to_PingOne_User_Map \
--mapping-name password \
--type direct \
--set from-attribute:dbPassword
```