The sync source describes the service from which entries and changes are read so that they can be synchronized to the sync destination.
The process for configuring a sync source varies based on the type of service that you use, such as an LDAP server or a relational database, so you should consult the appropriate documentation for the specific type of sync source that you want to use.
Currently, the create-sync-pipe-config tool does not offer support for the
If the sync source server is a PingDirectory server, then you can use the prepare-endpoint-server tool to make necessary changes to allow the PingDataSync server to interact with that directory server instance. This includes creating the account that the PingDataSync server uses to authenticate to the PingDirectory server and enabling the changelog to allow the PingDataSync server to retrieve information about changes processed in the PingDirectory server.
Running prepare-endpoint-server --help shows you the complete usage for the tool, but the following example demonstrates a sample usage:
bin/prepare-endpoint-server \ --hostname ds-source.example.com \ --port 636 \ --useSSL \ --trustStorePath config/truststore \ --syncServerBindDN "cn=Sync User,cn=Root DNs,cn=config" \ --syncServerBindPasswordFile sync-user-password.txt \ --baseDN dc=example,dc=com \ --isSource
In addition, if the source server is a PingDirectory server instance, then you should enable the Changelog Password Encryption plugin in that server to indicate that it should store an encrypted representation of clear-text passwords in the changelog along with their encoded form. See Configuring password encryption.
Doing this allows the PingDataSync server to retrieve those clear-text passwords so that they can be synchronized to the SCIM 2.0 sync destination. You can do this with a change like the following:
dsconfig set-plugin-prop \ --plugin-name "Changelog Password Encryption" \ --set enabled:true \ --set changelog-password-encryption-key:<this-is-the-key-you-want-to-use>