HP-UX Directory Server 8.1 administrator guide
NOTE:
The synchronization times cannot wrap around midnight, so the setting 2300-0100 is not valid.
To change how frequently the Directory Server checks the Active Directory for changes to Active
Directory entries, reset the winSyncInterval attribute. This attribute is set in seconds, so the
default of 300 means that the Directory Server polls the Active Directory server every 300 seconds,
or five minutes. Setting this to a higher value can be useful if the directory searches are taking
too long and affecting performance.
winSyncInterval: 1000
9.7.2.3 Changing sync connections
Two aspects of the connection for the synchronization agreement can be altered:
• The bind username and password (nsDS5ReplicaBindDN and
nsDS5ReplicaBindCredentials).
• The connection method (nsDS5ReplicaTransportInfo).
It is only possible to change the nsDS5ReplicaTransportInfo from LDAP to TLS and
vice versa. It is not possible to change to or from SSL because it is not possible to change
the port number, and switching between LDAP and LDAPS requires changing the port
number.
CAUTION:
It is not possible to change the port number of the Active Directory sync peer. Therefore, it is
also not possible to switch between standard/Start TLS connections and SSL connections, because
that requires changing between standard and insecure ports.
To change to or from TLS/SSL, delete the synchronization agreement and add it again with the
updated port number and new transport information.
9.7.2.4 Sync agreement attributes
The common sync agreement attributes are listed in Table 9-6 “Sync agreement attributes”. All
the possible sync agreement attributes are described in detail in the HP-UX Directory Server
configuration, command, and file reference and HP-UX Directory Server schema reference.
Table 9-6 Sync agreement attributes
DescriptionObject class or attribute
An operational object class that contains the synchronization agreement
attributes.
nsDSWindowsReplicationAgreement
Gives the name for the synchronization agreement.cn
Specifies the Windows server suffix (root or sub) that is synchronized.nsds7WindowsReplicaSubtree
Specifies the Directory Server suffix (root or sub) that is synchronized.nsds7DirectoryReplicaSubtree
Sets whether new Windows user accounts are automatically created on the
Directory Server.
nsds7NewWinUserSyncEnabled
Specifies whether new Windows group accounts are automatically created
on the Directory Server.
nsds7NewWinGroupSyncEnabled
Identifies the Windows domain being synchronized; analogous to
nsDS5ReplicaHost in a replication agreement.
nsds7WindowsDomain
426 Synchronizing Directory Server with Microsoft Active Directory