HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
Table 48 Sync agreement attributes (continued)
DescriptionObject class or attribute
To use Start TLS, which initiates a secure connection over a standard port, use
the standard port, 389, with the nsds5ReplicaTransportInfo attribute
to TLS.
To use TLS/SSL, set this parameter to SSL.nsds5replicatransportinfo
To use Start TLS, which initiates a secure connection over a standard port, set
this parameter to TLS.
To use simple authentication, set this parameter to LDAP.
The sync manager DN used by the Directory Server instance to bind to the
Windows server.
nsds5ReplicaBindDN
The connection type for replication between the servers. The connection type
defines how the supplier authenticates to the consumer.
nsds5replicabindmethod
Leaving the bind method empty or setting it to SIMPLE means that the server
uses basic password-based authentication. This requires the
nsds5ReplicaBindDN and nsds5ReplicaCredentials attributes to
give the bind information.
The SSLCLIENTAUTH option uses a secure connection. This requires setting
the nsds5ReplicaTransportInfo attribute be set to SSL or TLS.
Only for simple authentication. Stores the hashed password used with the
bind DN given for simple authentication.
nsds5replicabindcredentials
Sets which Directory Server subtree is replicated. Usually, it is recommended
that the replicated subtree be high in the directory tree so that the entire
database is replicated. For example:
dc=example,dc=com
nsds5replicaroot
A text description of the replication agreement. Make this a useful description
so it is easier to manage synchronization agreements.
description
Sets the start and end time for the replication updates and the days on which
replication occurs in the form start_time-end_time days. If the schedule
is omitted, synchronization occurs all the time.
nsds5replicaupdateschedule
Optional. Sets how frequently, in seconds, the Directory Server polls the
Windows server for updates to write over. If this is not set, the default is 300,
which is 300 seconds or five (5) minutes.
winSyncInterval
Optional. Performs an online (immediate) initialization of the sync peer. If this
is set, the attribute is only present while the sync peer is being initialized;
nsds5BeginReplicaRefresh
when the initialization is complete, the attribute is deleted automatically. The
only value when adding this attribute is start.
9.8 Configuring unidirectional synchronization
Synchronization has to be configured both ways. This means it is also possible to configure
synchronization only one way.
Directory Server synchronization is set by adding the appropriate attributes on the individual
directory entries. To configure synchronization from the Directory Server database to the Active
Directory server, set the appropriate ntUser and ntGroup object classes and attributes on the
user and group entries, respectively.
Active Directory synchronization is configured in the synchronization agreement. To configure
synchronization from Active Directory to the Directory Server database, then set the New Windows
Users Sync and New Windows Groups Sync attributes in the synchronization agreement.
424 Synchronizing Directory Server with Microsoft Active Directory