To sync passwords with PingOne, the PingDirectory server maps the userPassword
attribute to the password attribute through a direct attribute mapping.
(IBM Security Directory and the IBM Tivoli Directory servers return the
userPassword attribute value as
To sync passwords from thePingDirectory server to PingOne:
To create a direct attribute mapping, run the following.
dsconfig create-attribute-mapping \ --map-name PingDirectory_to_PingOne_User_Map \ --mapping-name password \ --type direct \ --set from-attribute:userPassword
The PingDataSync server can synchronize passwords that have been encrypted by PingDirectory server or a hashed version of the password, depending on how an administrator chooses to store passwords on PingDirectory server.
To sync passwords from a generic relational database management system (RDBMS),
create a direct attribute mapping with the from-attribute
being whichever attribute the RDBMS uses to store the password.
RDBMS passwords cannot be encrypted and should be hashed with a scheme that PingDirectory server recognizes.Important:
The PingDataSync server cannot synchronize passwords between PingOne systems, because PingDataSync cannot retrieve passwords from PingOne.
In the following example, the RDBMS uses the dbPassword attribute to store the password.
dsconfig create-attribute-mapping \ --map-name Generic_RDBMS_to_PingOne_User_Map \ --mapping-name password \ --type direct \ --set from-attribute:dbPassword