Ping Identity Data Sync Server - Global Sync Configuration

Data Sync Server Documentation Index
Configuration Reference Home

Global Sync Configuration

Global Sync Configuration contains the properties that affect the overall operation of Sync with Data Sync Server.

↓Relations from This Component
↓Properties
↓dsconfig Usage

Relations from This Component

The following components have a direct aggregation relation from Global Sync Configurations:

Passphrase Provider

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ started	None
↓ changelog-password-decryption-key
↓ changelog-password-decryption-key-passphrase-provider
↓ sync-failover-polling-interval
↓ sync-failover-connection-timeout
↓ sync-failover-response-timeout
↓ log-redaction-regex

Basic Properties

started

Description	Indicates whether the Sync is running. When set to false, all synchronization is stopped globally. When set to true, all synchronization is started for all Sync Pipes that are enabled.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

changelog-password-decryption-key

Description	The passphrase used to generate the key used to encrypt passwords stored in the changelog. This enables the Data Sync Server to synchronize passwords to other types of endpoints which do not use the same password storage scheme as the Ping Identity Directory Server. Passwords are initially encrypted using the encryption password specified on the Changelog Backend of the server receiving the change. There can be multiple values for this property, because you may opt to use different encryption keys on different Directory Server environments. The Data Sync Server can match encrypted passwords with the keys that were used to encrypt them, so it is safe to specify several different values here.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

changelog-password-decryption-key-passphrase-provider

Description	A passphrase provider that may be used to obtain the passphrase used to generate the key used to encrypt passwords stored in the changelog. This enables the Data Sync Server to synchronize passwords to other types of endpoints which do not use the same password storage scheme as the Ping Identity Directory Server. Passwords are initially encrypted using the encryption password specified on the Changelog Backend of the server receiving the change. There can be multiple values for this property, because you may opt to use different encryption keys on different Directory Server environments. The Data Sync Server can match encrypted passwords with the keys that were used to encrypt them, so it is safe to specify several different values here.
Default Value	None
Allowed Values	The DN of any Passphrase Provider.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

sync-failover-polling-interval

Description	The amount of time (in milliseconds) this server will wait between polls of the other servers in the Data Sync Server topology. A lower value will make for a quicker failover in the event of a failure, but it will also cause more frequent traffic among the Data Sync Servers.
Default Value	5000
Allowed Values	An integer value. Lower limit is 1.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

sync-failover-connection-timeout

Description	The duration of time this server will wait to establish a connection to other servers in the Data Sync Server topology for failover detection. A lower value will make for a quicker failover in the event of a failure.
Default Value	10 s
Allowed Values	A duration. Lower limit is 1 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

sync-failover-response-timeout

Description	The duration of time this server will wait for a response over an established connection from other servers in the Data Sync Server topology for failover detection. A lower value will make for a quicker failover in the event of a failure.
Default Value	30 s
Allowed Values	A duration. Lower limit is 1 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

log-redaction-regex

Description	A pattern that when matched produces replacement text for sensitive log messages. This can be used to redact passwords, credit card numbers and other sensitive data. Log messages are redacted by replacing text that matches a specified regular expression with specified replacement text. The regular expression may contain groups that then may be referenced by back references in the replacement. The way the regular expression is interpreted may be altered by specifying flags. The java.util.regex.Pattern and java.util.regex.Matcher classes are used to perform the substitution. The regular expression with replacement value uses syntax '/regex/replacement/flags' where: 'regex' is a regular expression using the syntax described in the java.util.regex.Pattern javadoc. 'replacement' is replacement text for text matched by 'regex'. The replacement text may contain back references ($1, $2,etc.) to groups in 'regex'. 'flags' is a list of letters each of which activates one of the flags in the java.util.regex.Pattern class. The flags have the following meanings: 'd' : the regex pattern is compiled with Pattern.UNIX_LINES. 'i' : the regex pattern is compiled with Pattern.CASE_INSENSITIVE. 'x' : the regex pattern is compiled with Pattern.COMMENTS. 'm' : the regex pattern is compiled with Pattern.MULTILINE. 's' : the regex pattern is compiled with Pattern.DOTALL. 'u' : the regex pattern is compiled with Pattern.UNICODE_CASE. 'U' : the regex pattern is compiled with Pattern.UNICODE_CHARACTER_CLASS The substitution value is constructed using Java code equivalent to: Pattern pattern = Pattern.compile(regex, flags); Matcher matcher = pattern.matcher(originalMessage); String redactedMessage = matcher.replaceAll(replacement); Here is an example to summarize these points. Suppose, attribute 'ssn' has values that need to be redacted. It's multi-valued to allow for people that have more than one SSN. The modify LDIF might contain: ssn: 111-22-3333 SSN: 444-55-6666 ssn:777-88-9999 Note that the second attribute name is made up of capital letters and that the last row does not contain a space after the colon, so both variations needs to be accommodated by the regex. The goal is to replace the first five digits with '0' in order to hide the full value, but then to preserve the last four digits. Here's the above example after redaction: ssn: 000-00-3333 SSN: 000-00-6666 ssn:000-00-9999 The above could be accomplished with the following pattern: /\b(ssn:\s*)\d{3}-\d{2}-(\d{4})/$1000-00-$2/i The '\b' matches a word boundary, so an attribute name that ends with 'ssn' will not match. The '\d' matches the number of digits specified in the '{}'. The '$1000' is actually '$1' followed by a literal '000'. Flag 'i' is used so that the upper case 'SSN' is matched as well. All three rows are matched even if they occur in a single log message.
Default Value	None
Allowed Values	The pattern used to redact log messages.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To view the Global Sync Configuration configuration:

dsconfig get-global-sync-configuration-prop
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the Global Sync Configuration configuration:

dsconfig set-global-sync-configuration-prop
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...