Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Boolean SCIM2 Attribute Mapping may be used for SCIMv2 attributes whose values are either true or false.
The SCIMv2 representation of the value will be a single JSON boolean value. Boolean attributes will always be considered single-valued.
The Boolean SCIM2 Attribute Mapping component inherits from the SCIM2 Attribute Mapping
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| scim-attribute-name | |
| attribute-usage | |
| failed-mapping-behavior | |
| always-patch-with-replace | |
| ldap-attribute-name | |
| invert-value | |
| default-value |
| Description | A description for this SCIM2 Attribute Mapping |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the attribute as it appears in the SCIMv2 representation of an entry. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The way in which this attribute is expected to be used when synchronizing with a SCIMv2 server. |
| Default Value | None |
| Allowed Values | fetch - The attribute should be used to create the LDAP representation of an entry from the SCIMv2 representation of the entry. create-during-realtime-sync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. create-during-resync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. update-during-realtime-sync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during realtime synchronization. update-during-resync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during a resync. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior the server should exhibit when an error is encountered while trying to map between the LDAP and SCIMv2 representations of an attribute (for example, if a value cannot be parsed in accordance with the expected syntax). |
| Default Value | reject |
| Allowed Values | reject - The associated synchronization operation will fail. ignore-entire-attribute - Processing for the associated synchronization operation will proceed as if the entire attribute had not been present in the entry. For multivalued attributes, this behavior indicates that the entire attribute will be ignored if any value cannot be mapped, even if other values in the attribute can be successfully mapped. ignore-individual-values - Processing for the associated synchronization operation will proceed as if any unmappable values do not exist in the entry. For single-valued attributes, and for multivalued attributes in which none of the values can be successfully mapped, then the behavior will be the same as for ignore-entire-attribute. For multivalued attributes in which some values can be successfully mapped but others cannot, processing will proceed as if only the mappable values were present and unmappable values will be ignored. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to always use the "replace" operation type when updating this attribute in an existing SCIM entry with an HTTP PATCH operation. This property only applies to attribute mappings that allow a given SCIM attribute to have multiple values. The replace operation type will always be used for attribute mappings for single-valued attributes. By default, PATCH operations that alter an existing attribute in a SCIM entry will try to add or remove individual values when possible rather than replacing the entire set of values. However, in some cases, it may be desirable to always use the replace operation type. For example, some SCIMv2 servers may have special support for passwords such that they will allow clients to set passwords but will not allow retrieving them (whether in the clear or in an encoded form). In such cases, this property must be set to true because otherwise when updating a user's password, the server may try to add a new value rather than replacing the existing value. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the LDAP attribute (as used in the internal mapped representation of an entry) that will be used to create the SCIMv2 attribute. The LDAP attribute must have a value of either "true" or "false". |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to invert the Boolean value when mapping from the source LDAP attribute to the destination SCIMv2 attribute. By default, if the source LDAP attribute has a value of true, then the destination SCIMv2 attribute will also have a value of true, and if the source LDAP attribute has a value of false, then the destination SCIMv2 attribute will also have a value of false. However, if this property is set to true, then the value will be inverted when converting between the source and the destination so that a source LDAP attribute with a value of true will result in a destination SCIMv2 attribute with a value of false, and a source LDAP attribute with a value of false will result in a SCIMv2 destination attribute with a value of false. This property may be useful in cases where the source attribute is used for a meaning that is the opposite of the corresponding SCIMv2 attribute. For example, a source server may have a boolean attribute indicating whether a user's account is disabled, while a SCIMv2 server may have a Boolean attribute indicating whether the account is enabled. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The default value to assign to the SCIMv2 attribute if it is not present in the source entry. |
| Default Value | No default value will be used. |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured SCIM2 Attribute Mappings:
dsconfig list-scim2-attribute-mappings
[--property {propertyName}] ...
To view the configuration for an existing SCIM2 Attribute Mapping:
dsconfig get-scim2-attribute-mapping-prop
--mapping-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SCIM2 Attribute Mapping:
dsconfig set-scim2-attribute-mapping-prop
--mapping-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Boolean SCIM2 Attribute Mapping:
dsconfig create-scim2-attribute-mapping
--mapping-name {name}
--type boolean
--set scim-attribute-name:{propertyValue}
--set attribute-usage:{propertyValue}
--set ldap-attribute-name:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing SCIM2 Attribute Mapping:
dsconfig delete-scim2-attribute-mapping
--mapping-name {name}