Ping Identity Directory Server - Group REST Resource Type

Directory Server Documentation Index
Configuration Reference Home

Group REST Resource Type

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Group REST Resource Type defines a type of group resource exposed by the Delegated Admin HTTP servlet extension, and accessible through the Delegated Admin application.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Group REST Resource Type component inherits from the REST Resource Type

Properties

The properties supported by this managed object are as follows:

General Configuration Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ resource-endpoint
↓ structural-ldap-objectclass
↓ auxiliary-ldap-objectclass
↓ search-base-dn
↓ include-filter
Resource Creation Basic Properties:	Advanced Properties:
↓ parent-dn	None
↓ parent-resource-type
↓ relative-dn-from-parent-resource
↓ create-rdn-attribute-type
↓ post-create-constructed-attribute
↓ update-constructed-attribute
Delegated Admin Basic Properties:	Advanced Properties:
↓ display-name	None
↓ search-filter-pattern
↓ primary-display-attribute-type
↓ delegated-admin-search-size-limit
↓ delegated-admin-report-size-limit

Basic Properties

description

Property Group	General Configuration
Description	A description for this REST Resource Type
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Property Group	General Configuration
Description	Indicates whether the REST Resource Type is enabled. If a REST Resource Type is not enabled, then its contents are not accessible when processing operations.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

resource-endpoint (Read-Only)

Property Group	General Configuration
Description	The HTTP addressable endpoint of this REST Resource Type relative to a REST API base URL. Do not include a leading '/'.
Default Value	None
Allowed Values	A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

structural-ldap-objectclass

Property Group	General Configuration
Description	Specifies the LDAP structural object class that should be exposed by this REST Resource Type.
Default Value	None
Allowed Values	The name or OID of the objectclass to expose.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

auxiliary-ldap-objectclass

Property Group	General Configuration
Description	Specifies an auxiliary LDAP object class that should be exposed by this REST Resource Type.
Default Value	None
Allowed Values	The name or OID of the auxiliary objectclass to expose.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

search-base-dn

Property Group	General Configuration
Description	Specifies the base DN of the branch of the LDAP directory where resources of this type are located. Along with the structural-ldap-objectclass property, this property determines whether an entry is included in this REST Resource Type.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

include-filter

Property Group	General Configuration
Description	The set of LDAP filters that define the LDAP entries that should be included in this REST Resource Type. Along with the search-base-dn, structural-ldap-objectclass and auxiliary-ldap-objectclass properties, this property determines whether an entry is included in this REST Resource Type. If those other properties do not exclude an entry, then the entry will be included if it matches any of the filters specified here. If no filters are specified, then only the search-base-dn, structural-ldap-objectclass and auxiliary-ldap-objectclass properties are used to determine if an entry is included by this REST Resource Type.
Default Value	All entries are included by this REST Resource Type.
Allowed Values	A valid LDAP search filter
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

parent-dn

Property Group	Resource Creation
Description	Specifies the DN of the parent entry for new resources of this type, when a parent resource is not provided by the app. The parent DN must be at or below the search base of this resource type.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

parent-resource-type

Property Group	Resource Creation
Description	Specifies the name of another resource type which may be a parent of new resources of this type. The search base DN of the parent resource type must be at or above the search base DN of this resource type.
Default Value	None
Allowed Values	The DN of any REST Resource Type.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

relative-dn-from-parent-resource

Property Group	Resource Creation
Description	Specifies a template for a relative DN from the parent resource which identifies the parent entry for a new resource of this type. If this property is not specified then new resources are created immediately below the parent resource or parent DN. The template may be a fixed relative DN, or may reference any LDAP attribute in the entry to be created by using bracket notation. For example if the relative DN is ou=People,o={o} and the parent resource is ou=Companies,dc=example,dc=com and the entry contains attribute 'o' with value 'ACME' then the parent entry of the new resource is ou=People,o=ACME,ou=Companies,dc=example,dc=com. Creation fails if the entry does not contain a value needed by the template or if the parent entry does not exist.
Default Value	The new resource is created immediately below the parent resource.
Allowed Values	The pattern to use to construct the relative DN value.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

create-rdn-attribute-type

Property Group	Resource Creation
Description	Specifies the name or OID of the LDAP attribute type to be used as the RDN of new resources.
Default Value	New resource entries are named using a server-generated UUID.
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

post-create-constructed-attribute

Property Group	Resource Creation
Description	Specifies an attribute whose values are to be constructed when a new resource is created. The values are only set at creation time. Subsequent modifications to attributes in the constructed attribute value-pattern are not propagated here. If the constructed attribute is defined as single-valued in the schema then a constructed value is only added if the entry does not currently have a value for the attribute, and there is only one constructed value (otherwise the constructed values for that attribute are ignored).
Default Value	None
Allowed Values	The DN of any Constructed Attribute.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

update-constructed-attribute

Property Group	Resource Creation
Description	Specifies an attribute whose values are to be constructed when a resource is updated. The constructed values replace any existing values of the attribute.
Default Value	None
Allowed Values	The DN of any Constructed Attribute.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

display-name

Property Group	Delegated Admin
Description	A human readable display name for this REST Resource Type.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

search-filter-pattern

Property Group	Delegated Admin
Description	Specifies the LDAP filter that should be used when searching for resources matching provided search text. All attribute types in the filter pattern referencing the search text must have a Delegated Admin Attribute definition. The filter pattern may refer to the provided search text using the token "%%". For example, the match filter "(\|(mail=%%)(cn=%%))" will substitute "%%" with the search text in both places. Substitution is not performed within any extensible match filter component (such as jsonObjectFilterExtensibleMatch).
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

primary-display-attribute-type

Property Group	Delegated Admin
Description	Specifies the name or OID of the LDAP attribute type which is the primary display attribute. This attribute type must be in the search filter pattern and must have a Delegated Admin Attribute definition.
Default Value	None
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

delegated-admin-search-size-limit

Property Group	Delegated Admin
Description	The maximum number of resources that may be returned from a search request. If the number of search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results.
Default Value	100
Allowed Values	An integer value. Lower limit is 1. Upper limit is 100000 .
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

delegated-admin-report-size-limit

Property Group	Delegated Admin
Description	The maximum number of resources that may be included in a report. If the number of resources to be included in a report exceeds this value, an error will be returned to the client indicating that the report has exceeded the maximum size.
Default Value	100000
Allowed Values	An integer value. Lower limit is 1.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured REST Resource Types:

dsconfig list-rest-resource-types
     [--property {propertyName}] ...

To view the configuration for an existing REST Resource Type:

dsconfig get-rest-resource-type-prop
     --type-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing REST Resource Type:

dsconfig set-rest-resource-type-prop
     --type-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Group REST Resource Type:

dsconfig create-rest-resource-type
     --type-name {name}
     --set enabled:{propertyValue}
     --set resource-endpoint:{propertyValue}
     --set structural-ldap-objectclass:{propertyValue}
     --set search-base-dn:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing REST Resource Type:

dsconfig delete-rest-resource-type
     --type-name {name}