HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
NOTE:
The synchronization times cannot wrap around midnight, so the setting 2300-0100 is not valid.
To change how frequently the Directory Server checks the Active Directory for changes to Active
Directory entries, reset the winSyncInterval attribute. This attribute is set in seconds, so the
default of 300 means that the Directory Server polls the Active Directory server every 300 seconds,
or five minutes. Setting this to a higher value can be useful if the directory searches are taking too
long and affecting performance.
winSyncInterval: 1000
9.7.2.3 Changing sync connections
Two aspects of the connection for the synchronization agreement can be altered:
• The bind username and password (nsDS5ReplicaBindDN and
nsDS5ReplicaBindCredentials).
• The connection method (nsDS5ReplicaTransportInfo).
It is only possible to change the nsDS5ReplicaTransportInfo from LDAP to TLS and
vice versa. It is not possible to change to or from SSL because it is not possible to change the
port number, and switching between LDAP and LDAPS requires changing the port number.
CAUTION:
It is not possible to change the port number of the Active Directory sync peer. Therefore, it is also
not possible to switch between standard/Start TLS connections and SSL connections, because that
requires changing between standard and insecure ports.
To change to or from TLS/SSL, delete the synchronization agreement and add it again with the
updated port number and new transport information.
9.7.2.4 Sync agreement attributes
The common sync agreement attributes are listed in Table 48 (page 423). All the possible sync
agreement attributes are described in detail in the HP-UX Directory Server configuration, command,
and file reference and HP-UX Directory Server schema reference.
Table 48 Sync agreement attributes
DescriptionObject class or attribute
An operational object class that contains the synchronization agreement
attributes.
nsDSWindowsReplicationAgreement
Gives the name for the synchronization agreement.cn
Specifies the Windows server suffix (root or sub) that is synchronized.nsds7WindowsReplicaSubtree
Specifies the Directory Server suffix (root or sub) that is synchronized.nsds7DirectoryReplicaSubtree
Sets whether new Windows user accounts are automatically created on the
Directory Server.
nsds7NewWinUserSyncEnabled
Specifies whether new Windows group accounts are automatically created
on the Directory Server.
nsds7NewWinGroupSyncEnabled
Identifies the Windows domain being synchronized; analogous to
nsDS5ReplicaHost in a replication agreement.
nsds7WindowsDomain
Gives the LDAP port for the Windows server.nsds5replicaport
To use TLS/SSL, give the secure port number (636 by default) and set the
nsds5ReplicaTransportInfo attribute to SSL.
9.7 Modifying the sync agreement 423