cancel
Showing results for 
Search instead for 
Did you mean: 

Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Sktechie
New Member
0 Kudos

Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Hi all,
Ping data sync server supports CA dir???
Am unable to find the CA dir in ping data sync admin console..
I tried by adding CA dir as generic ldap server .But real time data sync is not working . The cn =sync user is not created in CA dir.


Thnks ,
12 REPLIES
UnboundID ArnoL
UnboundID
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

First, I'd like to point out that your question applies to real-time synchronization only, resync -the term we use for wholesale resynchronization from source to destination- should work fine with a generic LDAP source.

 

Real time sync requires a mechanism for real-time change detection in order to trigger the sync engine to initiate the reconciliation process.

 

Many LDAP servers expose a changelog back-end that advertise changes made to the data over protocol. CA Directory does not expose such a back-end and thus presents a challenge when it comes to detect changes in near real-time.

Using a changelog is demonstrably the most robust approach because it preserves high-availability. With that approach, Sync engines can:

  • fail-over between instances of the source system
  • tolerate disconnections or source outages

and resume synchronization without missing changes.

Other mechanism that rely on a push are less fault-tolerant, or complex fault-tolerance needs to be implemented in the source system pushing changes.

 

There are two options for you if you would like real-time synchronization to work from CA Directory:

  • use our sync-source-ldap-persistent-search extension which allows to detect changes generically on a source LDAP server by opening a single connection and issuing a persistent search request
  • write a custom extension that parses the content of a CA update log

Both of these have pros and cons, obviously:

  • persistent search
    • pros:
      • available today
      • nothing special required on source instance(s)
    • cons: 
      • you may miss changes
      • no fail-over (as of now at least)
  • update log
    • pros:
      • more fault tolerant since the logs are processed on site
    • cons:
      • sync engine would have to be co-located with DSA
      • tied to a single DSA 

Installing the ldap persistent search extension on your sync instance:

# cd {/path/to}/PingDataSync
# curl -k https://extensions.ping.directory/installer | bash -s - -e sync-source-ldap-persistent-search

To configure the source, here is an example:

dsconfig create-sync-source \
--source-name PpersistentSearch \
--type third-party \
--set extension-argument:hostname=directory \
--set extension-argument:port=1389 \
--set extension-argument:bindDN=cn=administrator \
--set extension-argument:bindPassword=2FederateM0re \
--set extension-argument:baseDN=o=data \
--set extension-class:com.pingidentity.PersistentSearch 

 Other options are described here.

 

I should add that this extension comes with no warranty implicit or explicit but it is used on at least two projects that I know of. It will be supported on a best effort basis only.

 

I hope this helps.

UnboundID KennethS
UnboundID
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

I would add that the cn=Sync User is normally created by the
prepare-endpoint-server or create-sync-pipe-config tools. CA directory is
not supported by them so you will need to setup the Sync account user in CA
directory manually.

-Kenneth
Sktechie
New Member
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Hi ArnoL,

Thank you for your quick response.
I will try to implement sync-source-ldap-persistent-search and get back to you. For custom extension can I have a reference please. Thank you
Sktechie
New Member
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Thank you kennethS, I will give a try
Sktechie
New Member
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Hi ArnoL,

Can I have any link or doc for reference to implement below, as suggested.

use our sync-source-ldap-persistent-search extension which allows to detect changes generically on a source LDAP server by opening a single connection and issuing a persistent search request
UnboundID ArnoL
UnboundID
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Instructions to install are in my previous post.

That should get you going.

 

There is a link to the documentation as well but I guess it was not well advertised, so here goes:

https://extensions.ping.directory/sync-source-ldap-persistent-search/latest/docs/

Sktechie
New Member
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

I tried adding the connection details from console.
When I enable it ,am getting below error .


[13/Mar/2018:08:33:22.622 +0000] instanceName="devextidm.staples.com:1389" threadID=11 category=EXTENSIONS severity=SEVERE_ERROR msgID=1880359005 msg="Administrative alert type=sync-pipe-initialization-error id=a5fed87e-d983-4145-8bd5-ebbc6bd6bac8 class=com.unboundid.directory.sync.core.SyncPipeManager msg='The Sync Pipe 'PpersistentSearch_DJ' failed to initialize: Could not initialize com.pingidentity.PersistentSearch: NullPointerException (PersistentSearch.java:650 PersistentSearch.java:57 ThirdPartySyncSource.java:155 SyncPipe.java:297 SyncPipeManager.java:294 SyncPipeManager.java:276 SyncPipeManager.java:46 ServerManagedObjectChangeListenerAdaptor.java:75 ConfigChangeListenerAdaptor.java:430 ConfigFileHandler.java:3442 BackendModifyOperation.java:938 BackendRequestProcessor.java:370 SubtreeView.java:262 ModifyOperationBasis.java:686 UnboundIDWorkerThread.java:340 DirectoryThread.java:306 (6.0.1.0 rev 25036))'"
[13/Mar/2018:08:33:22.636 +0000] instanceName="devextidm.staples.com:1389" threadID=11 category=CONFIG severity=SEVERE_ERROR msgID=3408518 msg="com.unboundid.directory.server.admin.server.ConfigChangeListenerAdaptor.applyConfigurationChange failed for entry cn=PpersistentSearch_DJ,cn=Sync Pipes,cn=config: result code=Other, admin action required=false, messages='Could not initialize com.pingidentity.PersistentSearch: NullPointerException (PersistentSearch.java:650 PersistentSearch.java:57 ThirdPartySyncSource.java:155 SyncPipe.java:297 SyncPipeManager.java:294 SyncPipeManager.java:276 SyncPipeManager.java:46 ServerManagedObjectChangeListenerAdaptor.java:75 ConfigChangeListenerAdaptor.java:430 ConfigFileHandler.java:3442 BackendModifyOperation.java:938 BackendRequestProcessor.java:370 SubtreeView.java:262 ModifyOperationBasis.java:686 UnboundIDWorkerThread.java:340 DirectoryThread.java:306 (6.0.1.0 rev 25036))'"
Sktechie
New Member
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Hi ArnoL,

Can you please help us out..With above logs.

When i try to connect as generic ldap source after giving host and port its throwing an error.
But ldapsearch is working perfectly .

Thank you
UnboundID ArnoL
UnboundID
0 Kudos

Re: Ping data sync server supports CA dir.am trying to sync the data from CA to opendj..

Sorry for the inconvenience.

I have updated the extension.

The issue was that the scope argument was missing a default value.

 

please update the extension by calling again

# curl -k https://extensions.ping.directory/installer | bash -s - -e sync-source-ldap-persistent-search