HP-UX Directory Server 8.1 administrator guide
Table 9-6 Sync agreement attributes (continued)
DescriptionObject class or attribute
Gives the LDAP port for the Windows server.
To use TLS/SSL, give the secure port number (636 by default) and set the
nsds5ReplicaTransportInfo attribute to SSL.
To use Start TLS, which initiates a secure connection over a standard port,
use the standard port, 389, with the nsds5ReplicaTransportInfo
attribute to TLS.
nsds5replicaport
To use TLS/SSL, set this parameter to SSL.
To use Start TLS, which initiates a secure connection over a standard port,
set this parameter to TLS.
To use simple authentication, set this parameter to LDAP.
nsds5replicatransportinfo
The sync manager DN used by the Directory Server instance to bind to the
Windows server.
nsds5ReplicaBindDN
The connection type for replication between the servers. The connection type
defines how the supplier authenticates to the consumer.
Leaving the bind method empty or setting it to SIMPLE means that the server
uses basic password-based authentication. This requires the
nsds5ReplicaBindDN and nsds5ReplicaCredentials attributes to
give the bind information.
The SSLCLIENTAUTH option uses a secure connection. This requires setting
the nsds5ReplicaTransportInfo attribute be set to SSL or TLS.
nsds5replicabindmethod
Only for simple authentication. Stores the hashed password used with the bind
DN given for simple authentication.
nsds5replicabindcredentials
Sets which Directory Server subtree is replicated. Usually, it is recommended
that the replicated subtree be high in the directory tree so that the entire
database is replicated. For example:
dc=example,dc=com
nsds5replicaroot
A text description of the replication agreement. Make this a useful description
so it is easier to manage synchronization agreements.
description
Sets the start and end time for the replication updates and the days on which
replication occurs in the form start_time-end_time days. If the schedule
is omitted, synchronization occurs all the time.
nsds5replicaupdateschedule
Optional. Sets how frequently, in seconds, the Directory Server polls the
Windows server for updates to write over. If this is not set, the default is
300, which is 300 seconds or five (5) minutes.
winSyncInterval
Optional. Performs an online (immediate) initialization of the sync peer. If
this is set, the attribute is only present while the sync peer is being initialized;
when the initialization is complete, the attribute is deleted automatically.
The only value when adding this attribute is start.
nsds5BeginReplicaRefresh
9.8 Configuring unidirectional synchronization
Synchronization has to be configured both ways. This means it is also possible to configure
synchronization only one way.
Directory Server synchronization is set by adding the appropriate attributes on the individual
directory entries. To configure synchronization from the Directory Server database to the Active
Directory server, set the appropriate ntUser and ntGroup object classes and attributes on the
user and group entries, respectively.
Active Directory synchronization is configured in the synchronization agreement. To configure
synchronization from Active Directory to the Directory Server database, then set the New
9.8 Configuring unidirectional synchronization 427