Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
Note: this is an abstract component that cannot be instantiated.
SCIM2 Attribute Mappings are used to specify how attributes in the mapped LDAP representation of an entry are translated into an entry for synchronization to a SCIMv2 server.
The following SCIM2 Attribute Mappings are available in the server :
These SCIM2 Attribute Mappings inherit from the properties described below.
The following components have a direct aggregation relation to SCIM2 Attribute Mappings:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| scim-attribute-name | |
| attribute-usage | |
| failed-mapping-behavior | |
| always-patch-with-replace |
| Description | A description for this SCIM2 Attribute Mapping |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the attribute as it appears in the SCIMv2 representation of an entry. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The way in which this attribute is expected to be used when synchronizing with a SCIMv2 server. |
| Default Value | None |
| Allowed Values | fetch - The attribute should be used to create the LDAP representation of an entry from the SCIMv2 representation of the entry. create-during-realtime-sync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. create-during-resync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. update-during-realtime-sync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during realtime synchronization. update-during-resync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during a resync. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior the server should exhibit when an error is encountered while trying to map between the LDAP and SCIMv2 representations of an attribute (for example, if a value cannot be parsed in accordance with the expected syntax). |
| Default Value | reject |
| Allowed Values | reject - The associated synchronization operation will fail. ignore-entire-attribute - Processing for the associated synchronization operation will proceed as if the entire attribute had not been present in the entry. For multivalued attributes, this behavior indicates that the entire attribute will be ignored if any value cannot be mapped, even if other values in the attribute can be successfully mapped. ignore-individual-values - Processing for the associated synchronization operation will proceed as if any unmappable values do not exist in the entry. For single-valued attributes, and for multivalued attributes in which none of the values can be successfully mapped, then the behavior will be the same as for ignore-entire-attribute. For multivalued attributes in which some values can be successfully mapped but others cannot, processing will proceed as if only the mappable values were present and unmappable values will be ignored. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to always use the "replace" operation type when updating this attribute in an existing SCIM entry with an HTTP PATCH operation. This property only applies to attribute mappings that allow a given SCIM attribute to have multiple values. The replace operation type will always be used for attribute mappings for single-valued attributes. By default, PATCH operations that alter an existing attribute in a SCIM entry will try to add or remove individual values when possible rather than replacing the entire set of values. However, in some cases, it may be desirable to always use the replace operation type. For example, some SCIMv2 servers may have special support for passwords such that they will allow clients to set passwords but will not allow retrieving them (whether in the clear or in an encoded form). In such cases, this property must be set to true because otherwise when updating a user's password, the server may try to add a new value rather than replacing the existing value. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured SCIM2 Attribute Mappings:
dsconfig list-scim2-attribute-mappings
[--property {propertyName}] ...
To view the configuration for an existing SCIM2 Attribute Mapping:
dsconfig get-scim2-attribute-mapping-prop
--mapping-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SCIM2 Attribute Mapping:
dsconfig set-scim2-attribute-mapping-prop
--mapping-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing SCIM2 Attribute Mapping:
dsconfig delete-scim2-attribute-mapping
--mapping-name {name}