HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
NOTE:
If any Active Directory user accounts exist when Password Sync is first installed, then the passwords
for those user accounts cannot be synchronized until they are changed because Password Sync
cannot decrypt a password after it has been hashed in Active Directory.
9.2.6 Step 6: Configure the Directory Server database for synchronization
Just as with replication, there must be a changelog available to track and send directory changes
and the Directory Server database being synchronized must be configured as a replica.
NOTE:
If the Directory Server database is already configured for replication, this step is not necessary.
Setting up a database for replication is described in “Configuring the read-write replicas on the
supplier servers” (page 336).
9.2.6.1 Setting up the Directory Server from the console
First, enable the changelog:
1. In the Directory Server Console, select the Configuration tab.
2. In the left-hand navigation tree, click the Replication folder.
3. In the main window, click the Supplier Settings tab.
4. Check the Enable Changelog database.
5. Set the changelog database directory. Click the Use default button to use the default or
Browse... to select a custom directory.
6. Save the changelog settings.
After setting up the changelog, then configure the database that will be synchronized as a replica.
The replica role should be either a single-master or multi-master.
1. In the Directory Server Console, select the Configuration tab.
2. In the left-hand navigation tree, click the Replication folder, then click the name of the database
to synchronize.
By default, there are two databases, NetscapeRoot for directory configuration and
userRoot for directory entries. Other databases may be listed if they have been added to
Directory Server.
3. Check the Enable Replica checkbox, and select the radio button by the type of replica which
the database is.
4. In the Update Settings section, either select or add a supplier DN. This is the user account as
which synchronization process will be run. As mentioned in “Step 3: Select or create the Sync
identity” (page 396), this user must be on the Active Directory server.
5. Save the replication settings for the database.
NOTE:
For more information on replication settings, see “Managing Replication” (page 317).
9.2.6.2 Setting up the Directory Server for Sync from the command line
First, enable the changelog:
ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com
dn: cn=changelog5,cn=config
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/opt/dirsrv/slapd-instance_name/changelogdb
400 Synchronizing Directory Server with Microsoft Active Directory