Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The String SCIM2 Attribute Mapping may be used for SCIMv2 attributes that should be treated as plain strings.
If it is declared to be single-valued, then the SCIMv2 representation of the attribute will be a single JSON string. If it is declared to be multi-valued, then the SCIMv2 representation of the attribute will be a JSON array of strings (even if the LDAP representation of the entry only has a single value for the attribute).
The String SCIM2 Attribute Mapping component inherits from the SCIM2 Attribute Mapping
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| scim-attribute-name | |
| attribute-usage | |
| failed-mapping-behavior | |
| always-patch-with-replace | |
| ldap-attribute-name | |
| single-valued | |
| default-value |
| Description | A description for this SCIM2 Attribute Mapping |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the attribute as it appears in the SCIMv2 representation of an entry. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The way in which this attribute is expected to be used when synchronizing with a SCIMv2 server. |
| Default Value | None |
| Allowed Values | fetch - The attribute should be used to create the LDAP representation of an entry from the SCIMv2 representation of the entry. create-during-realtime-sync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. create-during-resync - The attribute should be included when creating an entry in the SCIMv2 server during realtime synchronization. update-during-realtime-sync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during realtime synchronization. update-during-resync - The attribute should be included when applying changes to an existing entry in a SCIMv2 server during a resync. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The behavior the server should exhibit when an error is encountered while trying to map between the LDAP and SCIMv2 representations of an attribute (for example, if a value cannot be parsed in accordance with the expected syntax). |
| Default Value | reject |
| Allowed Values | reject - The associated synchronization operation will fail. ignore-entire-attribute - Processing for the associated synchronization operation will proceed as if the entire attribute had not been present in the entry. For multivalued attributes, this behavior indicates that the entire attribute will be ignored if any value cannot be mapped, even if other values in the attribute can be successfully mapped. ignore-individual-values - Processing for the associated synchronization operation will proceed as if any unmappable values do not exist in the entry. For single-valued attributes, and for multivalued attributes in which none of the values can be successfully mapped, then the behavior will be the same as for ignore-entire-attribute. For multivalued attributes in which some values can be successfully mapped but others cannot, processing will proceed as if only the mappable values were present and unmappable values will be ignored. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether to always use the "replace" operation type when updating this attribute in an existing SCIM entry with an HTTP PATCH operation. This property only applies to attribute mappings that allow a given SCIM attribute to have multiple values. The replace operation type will always be used for attribute mappings for single-valued attributes. By default, PATCH operations that alter an existing attribute in a SCIM entry will try to add or remove individual values when possible rather than replacing the entire set of values. However, in some cases, it may be desirable to always use the replace operation type. For example, some SCIMv2 servers may have special support for passwords such that they will allow clients to set passwords but will not allow retrieving them (whether in the clear or in an encoded form). In such cases, this property must be set to true because otherwise when updating a user's password, the server may try to add a new value rather than replacing the existing value. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the LDAP attribute (as used in the internal mapped representation of an entry) that will be used to create the SCIMv2 attribute. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the SCIMv2 attribute will be considered single-valued or multi-valued. If this is set to true, then only the first value of the associated LDAP attribute will be used, even if the LDAP representation of the entry has multiple values. If this is false, then all values in the LDAP representation of the entry will be used. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The default value to assign to the SCIMv2 attribute if it is not present in the source entry. |
| Default Value | No default value will be used. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured SCIM2 Attribute Mappings:
dsconfig list-scim2-attribute-mappings
[--property {propertyName}] ...
To view the configuration for an existing SCIM2 Attribute Mapping:
dsconfig get-scim2-attribute-mapping-prop
--mapping-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SCIM2 Attribute Mapping:
dsconfig set-scim2-attribute-mapping-prop
--mapping-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new String SCIM2 Attribute Mapping:
dsconfig create-scim2-attribute-mapping
--mapping-name {name}
--type string
--set scim-attribute-name:{propertyValue}
--set attribute-usage:{propertyValue}
--set ldap-attribute-name:{propertyValue}
--set single-valued:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing SCIM2 Attribute Mapping:
dsconfig delete-scim2-attribute-mapping
--mapping-name {name}