This configuration is needed only when the chained suffix exists in the Directory Server instance where Identity Synchronization for Windows Plug-in is installed. If Identity Synchronization for Windows Plug-in is not configured to search on chained suffix, MODIFY and BIND operations performed on the Directory Server where the Identity Synchronization for Windows Plug-in is installed, will fail.
In the Directory Server instance where the chained suffix is created, perform the following operations:
Execute the following LDIF script using ldapmodify utility:
dn: cn=config,cn=chaining database,cn=plugins,cn=config changetype: modify add: nspossiblechainingcomponents nspossiblechainingcomponents: cn=pswsync,cn=plugins,cn=config
You can perform the similar operation by using the following procedure:
Select the Configuration tab.
Click the Data node that displays in the left pane.
Select the Chaining tab in the right pane.
Add Identity Synchronization for Windows Plug-in (cn=pswsync,cn=plugins,cn=config) to the components that are allowed to chain.
Save the changes and exit.