Note: this is an abstract component that cannot be instantiated.

An UnboundID Sync Source defines the source of a Sync Pipe that is a topology of UnboundID Directory Server or Proxy Server instances.

The following UnboundID Sync Sources are available in the server :

These UnboundID Sync Sources inherit from the properties described below.

The UnboundID Sync Source component inherits from the Changelog Sync Source

The following components have a direct aggregation relation from UnboundID Sync Sources:


The properties supported by this managed object are as follows:

Basic Properties


A description for this Sync Source
Default Value
Allowed Values
A string
Admin Action Required
None. Modification requires no further action


Specifies the base DNs of the directory servers referenced by this Sync Source. These base DNs are used as the base of LDAP searches when locating entries. These base DNs must not overlap.
Default Value
Allowed Values
A valid DN.
Admin Action Required
None. Modification requires no further action


Modifications performed by users with the specified DN will not be synchronized. This property is particularly useful when also using UnboundID Synchronization Server to synchronize changes to this source. In this case, a unique user DN should be used by the Sync Pipe that applies changes to this source, and that user DN should be specified here to prevent those changes from being synchronized back to their original source. Note: the DN of the user performing a delete operations is not normally available in the changelog. So delete operations by these users will not be ignored.
Default Value
No changes are ignored.
Allowed Values
A valid DN.
Admin Action Required
None. Modification requires no further action


Specifies the names of the UnboundID Directory Servers that should be used as the source of synchronization. The order of values is important as it is used as a priority order for failover. When a location is defined on the Synchronization Server, it will always prefer to fail over to external servers in that same location or in one of the preferred failover locations for that location. If there are multiple external servers available in the target location, then the Synchronization Server will prefer the earliest one in this list and then work its way down. If there is no location defined on the Synchronization Server or if there are no external servers configured in the target location or any of the preferred failover locations, then the Synchronization Server will work its way down the list of servers in the order they are listed here.
Default Value
Allowed Values
The DN of any UnboundID DS External Server.
Admin Action Required
None. Modification requires no further action


Specifies the names of the UnboundID Proxy Servers that should be used as the source of synchronization. The order of values is important as it is used as a priority order -- if a server earlier in the list is available, then it will be used in preference to a server later in the list.
Default Value
Allowed Values
The DN of any UnboundID Proxy Server External Server.
Admin Action Required
None. Modification requires no further action

use-changelog-batch-request (Read-Only)

Indicates whether this UnboundID Sync Source should use the Get Changelog Batch Extended Request to fetch changes to be synchronized. The extended request is not supported by all UnboundID Directory Server versions.
Default Value
Allowed Values
Admin Action Required
None. Modification requires no further action

Advanced Properties

response-timeout (Advanced Property)

Specifies the maximum length of time that an operation should be allowed to block while waiting for a response from the server. A value of zero indicates that there should be no client-side timeout; the server's default will be used. This property indicates how long the Synchronization Server should wait for a response from a search request to a source server before failing with LDAP result code 85 (client-side timeout). When this happens, the Sync Source will retry the request according to the max-failover-error-code-frequency property before failing over to a different source server and performing the retry there. The total number of retries will not exceed the max-operation-attempts value defined in the Sync Pipe configuration.
Default Value
1 m
Allowed Values
A duration. Lower limit is 0 milliseconds.
Admin Action Required
None. Modification requires no further action

max-failover-error-code-frequency (Advanced Property)

This property controls the frequency of how often a given LDAP error code may be encountered on a connection before the Synchronization Server fails over to a different source server. This allows the retry logic to be tuned, so that retries can be performed once on the same server before giving up and trying another server. The value can be set to zero if there is no acceptable error code frequency and failover should happen immediately. It can also be set to a very small value (such as 10 ms) if a high frequency of error codes is tolerable. As an example, if the value is set to 3 minutes, this says that a TIMEOUT error code from the currently connected server will not trigger a failover unless there was another TIMEOUT from the same server within the last 3 minutes.

This property applies to all LDAP result codes except the following:

  • BUSY
The SUCCESS result code is never treated as an error, and the other four are "forced failover" error codes, meaning they will cause the Synchronization Server to fail over to a different source server immediately.
Default Value
3 m
Allowed Values
A duration. Lower limit is 0 milliseconds.
Admin Action Required
None. Modification requires no further action

plugin (Advanced Property)

Specifies sync source plugins that should be applied to operations that are synchronized by this LDAP Sync Source. If multiple plugins are provided, then they will be invoked in the order they are specified.
Default Value
Allowed Values
The DN of any LDAP Sync Source Plugin.
Admin Action Required
None. Modification requires no further action

sync-backlog-alert-threshold (Advanced Property)

This property specifies when the Synchronization Server should generate an administrative alert because of too many outstanding changes. If the Synchronization Server becomes severely backlogged, it may be desirable for it to generate an alert. The value of this property specifies the size (in number of unprocessed changes) at which an alert will be thrown.
Default Value
Allowed Values
An integer value. Lower limit is 0.
Admin Action Required
None. Modification requires no further action

max-backtrack-replication-latency (Advanced Property)

This property should be set to a conservative upper-bound of the maximum replication delay between two servers in the topology. It is used only when the Synchronization Server fails over to a different server. It limits how far back in the changelog of the new the Synchronization Server will look to ensure that no changes have been missed. A value of zero implies that there is no limit on the replication latency. When failing over to use a different changelog, the Synchronization Server must look through several changes in the new changelog to find the equivalent place to begin synchronizing changes since LDAP allows changes to appear in a different order on the servers. Normally, this can be achieved with only a few queries of the directory, but in some situations, it might have to look further back through the changelog to make sure that it hasn't missed any changes. This backtracking can be capped by using this upper-bound on how long it takes changes to be replicated from one server to another in a topology. That is, the Synchronization Server can stop looking in the changelog once it finds a change that is more than the maximum replication latency (as specified by this property) older than the last change it processed on the server it failed from.

When the Synchronization Server fails over between source servers, it has to backtrack to figure out where synchronization can safely pick up at, accounting for the fact that replicated changes between directory servers can be interleaved in the change log. It will normally go back until either:

  • It determines that there is no previous change log state available for any source servers, so it must start at the beginning of the change log.
  • It finds the last processed replicationCSN from the last time it was connected to that replica (if it ever was). This will also be the case if you use the realtime-sync tool's "set-startpoint" functionality.
  • It finds the last processed replication CSN from every replica that has produced a change so far, AND it determines that each change entry in the next oldest batch of changes has already been processed.
  • It has encountered a change that is separated by more than a certain duration (specified by this property) from the most recently processed change.

Default Value
2 hours
Allowed Values
A duration. Lower limit is 0 milliseconds.
Admin Action Required
None. Modification requires no further action

dsconfig Usage

To list the configured Sync Sources:

dsconfig list-sync-sources
     [--property {propertyName}] ...

To view the configuration for an existing Sync Source:

dsconfig get-sync-source-prop
     --source-name {name}
     [--property {propertyName}] ...

To update the configuration for an existing Sync Source:

dsconfig set-sync-source-prop
     --source-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To delete an existing Sync Source:

dsconfig delete-sync-source
     --source-name {name}