Note: this is an abstract component that cannot be instantiated.
Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
SCIM Resource Types provide a view of a class of Directory entries over a SCIM2 interface. The SCIM Resource Type determines the attributes that can be accessed by a client application.
↓Direct Subcomponents
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following SCIM Resource Types are available in the server :
These SCIM Resource Types inherit from the properties described below.
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ include-operational-attribute |
| ↓ enabled | |
| ↓ endpoint | |
| ↓ lookthrough-limit | |
| ↓ schema-checking-option | |
| ↓ structural-ldap-objectclass | |
| ↓ auxiliary-ldap-objectclass | |
| ↓ include-base-dn | |
| ↓ include-filter | |
| ↓ create-dn-pattern |
| Description | A description for this SCIM Resource Type |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the SCIM Resource Type is enabled. If a SCIM Resource Type is not enabled, then its contents are not accessible when processing operations. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The HTTP addressable endpoint of this SCIM Resource Type relative to the '/scim/v2' base URL. Do not include a leading '/'. |
| Default Value | None |
| Allowed Values | A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum number of resources that the SCIM Resource Type should "look through" in the course of processing a search request. This setting is provided as a way to bound the upper-limit on searches, so that clients do not exhaust the server resources. Every search operation requires that the full result set be passed through the policy engine to determine which subset of resources will be returned. This is also important in order to provide the client with paging information, such as how many total results they are allowed to access. If the number of raw search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results. |
| Default Value | 500 |
| Allowed Values | An integer value. Lower limit is 1. Upper limit is 100000 . |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Options to alter the way schema checking is performed during create or modify requests. |
| Default Value | None |
| Allowed Values | allow-undefined-attributes - Allow undefined attributes in the SCIM resource. The default SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined attributes. allow-undefined-sub-attributes - Allow undefined sub-attributes in one or more values of a complex attribute. SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined sub-attributes. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the LDAP structural object class that should be exposed by this SCIM Resource Type. |
| Default Value | None |
| Allowed Values | The name or OID of the objectclass to expose. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies an auxiliary LDAP object class that should be exposed by this SCIM Resource Type. |
| Default Value | None |
| Allowed Values | The name or OID of the auxiliary objectclass to expose. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | The Directory Server must be restarted for changes to this setting to take effect. Changes to this property will not take effect until the server is restarted. |
| Description | Specifies the base DN of the branch of the LDAP directory that can be accessed by this SCIM Resource Type. Along with the include-filter property, this property determines whether an entry is included in this SCIM Resource Type. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The set of LDAP filters that define the LDAP entries that should be included in this SCIM Resource Type. Along with the include-base-dn property, this property determines whether an entry is included in this SCIM Resource Type. If the include-base-dn property does not exclude an entry, then it will be included if it matches any of the filters specified here. If no filters are specified, then only the include-base-dn property is used to determine if an entry is included by this SCIM Resource Type. |
| Default Value | All entries are included by this SCIM Resource Type. |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the template to use for the DN when creating new entries. If no value is specified, this SCIM Resource Type will not support create operations. The template may reference any LDAP attribute that is present in the mapped entry by using bracket notation. For example, the pattern "uid={uid},dc=example,dc=com" will substitute the entry's 'uid' value as the RDN. Substitutions are allowed for any DN components, not just the RDN. The Ping Identity Directory Server 'name with entryUUID' request control can be used to name entries by specifying the entryUUID attribute in the RDN in the DN pattern. For example, the DN pattern could be "entryUUID=server-generated,dc=example,dc=com". The RDN value - 'server-generated' in this example - is a placeholder value that is ignored. The actual value is generated by the Ping Identity Directory Server. |
| Default Value | None |
| Allowed Values | The pattern to use to construct the DN value. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
include-operational-attribute (Advanced Property)
| Description | Specifies the set of operational LDAP attributes to be provided by this SCIM Resource Type. By default, operational attributes are not provided by the SCIM Resource Type. However, there may be cases where you wish to create an attribute mapping that depends on an operational attribute from the LDAP server. Specifying it here will cause it to appear in the schema exposed by the SCIM Resource Type and allow the attribute to be mapped to a SCIM Resource Type attribute. |
| Default Value | None |
| Allowed Values | An LDAP attribute name or OID |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured SCIM Resource Types:
dsconfig list-scim-resource-types
[--property {propertyName}] ...
To view the configuration for an existing SCIM Resource Type:
dsconfig get-scim-resource-type-prop
--type-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing SCIM Resource Type:
dsconfig set-scim-resource-type-prop
--type-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing SCIM Resource Type:
dsconfig delete-scim-resource-type
--type-name {name}