HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

401

402

403

404

405

406

407

408

409

410

6. Set the connection type. There are three options:

• Use LDAP

This sets either a standard, unencrypted connection.

• Use TLS/SSL

This uses a secure connection over the server's secure LDAPS port, such as 636. Both the

Directory Server and the Windows server must be properly configured to run in TLS/SSL

for this connection and must have installed each other's CA certificates in order to trust

their server certificates.

• Use Start TLS

This uses Start TLS to establish a secure connection over the server's standard port. Like

regular SSL, these peer servers must be able to trust each other's certificates.

Using either TLS/SSL or Start TLS is recommended for security reasons. TLS/SSL or Start TLS

is required for synchronizing passwords because Active Directory refuses to modify passwords

unless the connection is SSL-protected.

7. Fill in the authentication information in the Bind as... and Password fields with the sync ID

information. This user must exist in the Active Directory domain.

8. Save the sync agreement.

NOTE:

By default, Windows Sync polls the Active Directory peer every five (5) minutes to check for

changes. In the sync agreement summary, this is displayed as the Update Interval. The update

interval can be changed by editing the winSyncInterval attribute manually. See “Modifying

the sync agreement” (page 419).

When the agreement is complete, the new sync agreement is listed under the suffix.

9.2.7.2 Creating the Sync agreement from the command line

It is also possible to add the synchronize agreement through the command line.

ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com

dn: cn=ExampleSyncAgreement,cn=sync rep\

lica,cn="dc=example,dc=com",cn=mapping tree,cn=config

changetype: add

objectclass: top

objectclass: nsDSWindowsReplicationAgreement

cn: ExampleSyncAgreement

nsds7WindowsReplicaSubtree: cn=Users,dc=ad1

nsds7DirectoryReplicaSubtree: ou=People, dc=example,dc=com

nsds7NewWinUserSyncEnabled: on

nsds7NewWinGroupSyncEnabled: on

nsds7WindowsDomain: ad1

nsDS5ReplicaRoot: dc=example,dc=com

nsDS5ReplicaHost: ad1.windows-server.example.com

nsDS5ReplicaPort: 389

nsDS5ReplicaBindDN: cn=sync manager

nsDS5ReplicaBindCredentials: secret

nsDS5ReplicaTransportInfo: TLS

winSyncInterval: 1200

All the different parameters used in the synchronize agreement are listed in Table 48 (page 423).

These different parameters are described in more detail in the HP-UX Directory Server configuration,

command, and file reference.

9.2.8 Step 8: Begin synchronization

After the synchronization agreement is created, begin the synchronization process.

9.2 Configuring Windows Sync 403