The synchronization subsystem manages synchronization of SkyVault by configuring
the subsystem's properties.
The following properties can be configured for the synchronization subsystem.
- synchronization.synchronizeChangesOnly
- Specifies whether the scheduled synchronization job is run in differential mode. The default is true, which means that the scheduled sync job is run in differential mode (rather than full mode). Regardless of this setting a differential sync can still be triggered when a user who does not yet exist in SkyVault is successfully authenticated.
- synchronization.allowDeletions
- Specifies if deletion of local users and groups is allowed. See Synchronization deletion and Collision resolution for the circumstances under which this may happen. The default is true. If false, then no sync job will be allowed to delete users or groups during the handling of removals or collision resolution.
- synchronization.import.cron
- Specifies a cron expression defining when the scheduled synchronization job should run,
by default at midnight every day.
For more information about the cron expression, see the CronTrigger tutorial.
- synchronization.syncOnStartup
- Specifies whether to trigger a differential sync when the subsystem starts up. The default is true. This ensures that when user registries are first configured, the bulk of the synchronization work is done on server startup, rather than on the first login.
- synchronization.syncWhenMissingPeopleLogIn
- Specifies whether to trigger a differential sync when a user is successfully authenticated who does not yet exist in SkyVault. The default is true.
- synchronization.autoCreatePeopleOnLogin
- Specifies whether to create a user with default properties when a user is successfully authenticated, who does not yet exist in SkyVault, and was not returned by a differential sync (if enabled with the property above). The default is true. Setting this to false allows you to restrict SkyVault to a subset of those users who could be authenticated by LDAP; only those created by synchronization are allowed to log in. You can control the set of users in this more restricted set by overriding the user query properties of the LDAP authentication subsystem.