Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
A Delegated Admin Resource Type provides a JSON API endpoint for a specific type of resource. The Delegated Admin Resource Type determines the attributes that can be accessed by a client application for the purpose of delegated user administration.
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation from Delegated Admin Resource Types:
The following components have a direct aggregation relation to Delegated Admin Resource Types:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ resource-endpoint | |
↓ structural-ldap-objectclass | |
↓ search-base-dn | |
↓ search-filter-pattern | |
↓ primary-display-attribute-type | |
↓ search-size-limit | |
↓ group-title-attribute-type | |
↓ group-search-filter-pattern |
Description | A description for this Delegated Admin Resource Type |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Delegated Admin Resource Type is enabled. If a Delegated Admin Resource Type is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The HTTP addressable endpoint of this Delegated Admin Resource Type relative to the Delegated Admin HTTP Servlet Extension base URL. Do not include a leading '/'. |
Default Value | None |
Allowed Values | A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the LDAP structural object class that should be exposed by this Delegated Admin Resource Type. |
Default Value | None |
Allowed Values | The name or OID of the objectclass to expose. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the base DN of the branch of the LDAP directory that can be accessed by this Delegated Admin Resource Type. Along with the structural-ldap-objectclass property, this property determines whether an entry is included in this Delegated Admin Resource Type. |
Default Value | None |
Allowed Values | A valid DN. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the LDAP filter that should be used when searching for resources matching provided search text. All attribute types in the filter pattern referencing the search text must have a Delegated Admin Attribute definition. The filter pattern may refer to the provided search text using the token "%%". For example, the match filter "(|(mail=*%%*)(cn=*%%*))" will substitute "%%" with the search text in both places. Substitution is not performed within any extensible match filter component (such as jsonObjectFilterExtensibleMatch). |
Default Value | None |
Allowed Values | A valid LDAP search filter |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
primary-display-attribute-type
Description | Specifies the name or OID of the LDAP attribute type which is the primary display attribute. This attribute type must be in the search filter pattern and must have a Delegated Admin Attribute definition. |
Default Value | None |
Allowed Values | The name or OID of an attribute type defined in the server schema. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The maximum number of resources that may be returned from a search request. If the number of search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results. |
Default Value | 100 |
Allowed Values | An integer value. Lower limit is 1. Upper limit is 100000 . |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the name or OID of the LDAP attribute type which provides the title of a group. This attribute must have a Delegated Admin Group Attribute definition. |
Default Value | cn |
Allowed Values | The name or OID of an attribute type defined in the server schema. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the LDAP filter that should be used when searching for groups matching provided search text. All attribute types in the group search filter pattern referencing the search text must have a Delegated Admin Group Attribute definition. The filter pattern may refer to the provided search text using the token "%%". For example, the match filter "(cn=*%%*)" will substitute "%%" with the search text. Substitution is not performed within any extensible match filter component (such as jsonObjectFilterExtensibleMatch). |
Default Value | (cn=*%%*) |
Allowed Values | A valid LDAP search filter |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
To list the configured Delegated Admin Resource Types:
dsconfig list-delegated-admin-resource-types [--property {propertyName}] ...
To view the configuration for an existing Delegated Admin Resource Type:
dsconfig get-delegated-admin-resource-type-prop --type-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Delegated Admin Resource Type:
dsconfig set-delegated-admin-resource-type-prop --type-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Delegated Admin Resource Type:
dsconfig create-delegated-admin-resource-type --type-name {name} --set enabled:{propertyValue} --set resource-endpoint:{propertyValue} --set structural-ldap-objectclass:{propertyValue} --set search-base-dn:{propertyValue} --set search-filter-pattern:{propertyValue} --set primary-display-attribute-type:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Delegated Admin Resource Type:
dsconfig delete-delegated-admin-resource-type --type-name {name}