Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Composed Complex SCIM2 Attribute Mapping may be used for SCIMv2 attributes that are complex attributes with one or more sub-attributes. The fields of the complex attribute will be created from attributes in the mapped LDAP representation of the entry, using other SCIMv2 attribute mappings.
Composed complex SCIMv2 attribute mappings may only be single-valued, although they may be represented as an array containing a single element to simulate a multivalued attribute if necessary to satisfy the associated schema. For SCIMv2 complex attributes that actually need to have multiple values, use the JSON-formatted complex SCIMv2 attribute mapping type.
The Composed Complex SCIM2 Attribute Mapping component inherits from the SCIM2 Attribute Mapping
The following components have a direct aggregation relation from Composed Complex SCIM2 Attribute Mappings:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| scim-attribute-name | |
| attribute-usage | |
| failed-mapping-behavior | |
| always-patch-with-replace | |
| sub-attribute-mapping | |
| encapsulate-value-in-array |
| Description | A description for this SCIM2 Attribute Mapping |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the attribute as it appears in the SCIMv2 representation of an entry. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The way in which this attribute is expected to be used when synchronizing with a SCIMv2 server. |
| Default Value | None |
| Allowed Values | fetch - The attribute should be used to create the LDAP representation of an entry from the SCIMv2 representation of the entry. create-during-realtime-sync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. create-during-resync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. update-during-realtime-sync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during realtime synchronization. update-during-resync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during a resync. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior the server should exhibit when an error is encountered while trying to map between the LDAP and SCIMv2 representations of an attribute (for example, if a value cannot be parsed in accordance with the expected syntax). |
| Default Value | reject |
| Allowed Values | reject - The associated synchronization operation will fail. ignore-entire-attribute - Processing for the associated synchronization operation will proceed as if the entire attribute had not been present in the entry. For multivalued attributes, this behavior indicates that the entire attribute will be ignored if any value cannot be mapped, even if other values in the attribute can be successfully mapped. ignore-individual-values - Processing for the associated synchronization operation will proceed as if any unmappable values do not exist in the entry. For single-valued attributes, and for multivalued attributes in which none of the values can be successfully mapped, then the behavior will be the same as for ignore-entire-attribute. For multivalued attributes in which some values can be successfully mapped but others cannot, processing will proceed as if only the mappable values were present and unmappable values will be ignored. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to always use the "replace" operation type when updating this attribute in an existing SCIM entry with an HTTP PATCH operation. This property only applies to attribute mappings that allow a given SCIM attribute to have multiple values. The replace operation type will always be used for attribute mappings for single-valued attributes. By default, PATCH operations that alter an existing attribute in a SCIM entry will try to add or remove individual values when possible rather than replacing the entire set of values. However, in some cases, it may be desirable to always use the replace operation type. For example, some SCIMv2 servers may have special support for passwords such that they will allow clients to set passwords but will not allow retrieving them (whether in the clear or in an encoded form). In such cases, this property must be set to true because otherwise when updating a user's password, the server may try to add a new value rather than replacing the existing value. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | SCIMv2 attribute mappings that may be used to construct the fields to include in the complex attribute. |
| Default Value | None |
| Allowed Values | The DN of any SCIM2 Attribute Mapping. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | SCIMv2 attribute mappings that may be used to construct the fields to include in the complex attribute. Because the order in which the values of multivalued LDAP attributes are presented is not guaranteed, composed complex attributes can only have a single value. By default, the value for the generated SCIMv2 attribute will be a single JSON object, but if this property is set to true, then the value will be encapsulated in a JSON array so that it will appear as a multivlued attribute with only one value. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured SCIM2 Attribute Mappings:
dsconfig list-scim2-attribute-mappings
[--property {propertyName}] ...
To view the configuration for an existing SCIM2 Attribute Mapping:
dsconfig get-scim2-attribute-mapping-prop
--mapping-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SCIM2 Attribute Mapping:
dsconfig set-scim2-attribute-mapping-prop
--mapping-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Composed Complex SCIM2 Attribute Mapping:
dsconfig create-scim2-attribute-mapping
--mapping-name {name}
--type composed-complex
--set scim-attribute-name:{propertyValue}
--set attribute-usage:{propertyValue}
--set sub-attribute-mapping:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing SCIM2 Attribute Mapping:
dsconfig delete-scim2-attribute-mapping
--mapping-name {name}