Ping Identity Directory Proxy Server - Delegated Admin Resource Type

Directory Proxy Server Documentation Index
Configuration Reference Home

Delegated Admin Resource Type

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Delegated Admin Resource Type provides a JSON API endpoint for a specific type of resource. The Delegated Admin Resource Type determines the attributes that can be accessed by a client application for the purpose of delegated user administration.

↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage

Relations from This Component

The following components have a direct composition relation from Delegated Admin Resource Types:

Delegated Administrator

Delegated Admin Attribute

Relations to This Component

The following components have a direct aggregation relation to Delegated Admin Resource Types:

Delegated Admin HTTP Servlet Extension

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ resource-endpoint
↓ structural-ldap-objectclass
↓ search-base-dn
↓ search-filter-pattern
↓ primary-display-attribute-type
↓ search-size-limit

Basic Properties

description

Description	A description for this Delegated Admin Resource Type
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether the Delegated Admin Resource Type is enabled. If a Delegated Admin Resource Type is not enabled, then its contents are not accessible when processing operations.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

resource-endpoint (Read-Only)

Description	The HTTP addressable endpoint of this Delegated Admin Resource Type relative to the Delegated Admin HTTP Servlet Extension base URL. Do not include a leading '/'.
Default Value	None
Allowed Values	A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

structural-ldap-objectclass

Description	Specifies the LDAP structural object class that should be exposed by this Delegated Admin Resource Type.
Default Value	None
Allowed Values	The name or OID of the objectclass to expose.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

search-base-dn

Description	Specifies the base DN of the branch of the LDAP directory that can be accessed by this Delegated Admin Resource Type. Along with the structural-ldap-objectclass property, this property determines whether an entry is included in this Delegated Admin Resource Type.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

search-filter-pattern

Description	Specifies the LDAP filter that should be used when searching for resources matching provided search text. All attribute types in the filter pattern referencing the search text must have a Delegated Admin Attribute definition. The filter pattern may refer to the provided search text using the token "%%". For example, the match filter "(\|(mail=%%)(cn=%%))" will substitute "%%" with the search text in both places. Substitution is not performed within any extensible match filter component (such as jsonObjectFilterExtensibleMatch).
Default Value	None
Allowed Values	A valid LDAP search filter
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

primary-display-attribute-type

Description	Specifies the name or OID of the LDAP attribute type which is the primary display attribute. This attribute type must be in the search filter pattern and must have a Delegated Admin Attribute definition.
Default Value	None
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

search-size-limit

Description	The maximum number of resources that may be returned from a search request. If the number of search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results.
Default Value	100
Allowed Values	An integer value. Lower limit is 1. Upper limit is 100000 .
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Delegated Admin Resource Types:

dsconfig list-delegated-admin-resource-types
     [--property {propertyName}] ...

To view the configuration for an existing Delegated Admin Resource Type:

dsconfig get-delegated-admin-resource-type-prop
     --type-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Delegated Admin Resource Type:

dsconfig set-delegated-admin-resource-type-prop
     --type-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Delegated Admin Resource Type:

dsconfig create-delegated-admin-resource-type
     --type-name {name}
     --set enabled:{propertyValue}
     --set resource-endpoint:{propertyValue}
     --set structural-ldap-objectclass:{propertyValue}
     --set search-base-dn:{propertyValue}
     --set search-filter-pattern:{propertyValue}
     --set primary-display-attribute-type:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Delegated Admin Resource Type:

dsconfig delete-delegated-admin-resource-type
     --type-name {name}