Ping Identity Directory Proxy Server - Delegated Group Administrator

Directory Proxy Server Documentation Index
Configuration Reference Home

Delegated Group Administrator

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Delegated Group Administrator gives a user, or group of users, authority to manage membership of selected groups through the Delegated Admin API. The admin user(s) is given rights to view, but not to edit, the users within the specified scope of this Delegated Group Administrator.

↓Relations to This Component
↓Properties
↓dsconfig Usage

Relations to This Component

The following components have a direct composition relation to Delegated Group Administrators:

Delegated Admin Resource Type

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ enabled	None
↓ admin-user-dn
↓ admin-group-dn
↓ user-scope
↓ user-subtree
↓ user-group
↓ manage-membership-of-group

Basic Properties

enabled

Description	Indicates whether the Delegated Group Administrator is enabled. If a Delegated Group Administrator is not enabled, then it is not available for authentication and authorization decisions when processing requests.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

admin-user-dn

Description	Specifies the DN of an administrative user who has authority to manage group membership. Either admin-user-dn or admin-group-dn must be specified, but not both.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

admin-group-dn

Description	Specifies the DN of a group of administrative users who have authority to manage group membership. Either admin-user-dn or admin-group-dn must be specified, but not both.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

user-scope

Description	Specifies whether the administrator(s) can view users in specific subtrees within the search base, or members of specific groups, or all users under the search base.
Default Value	users-in-specific-subtrees
Allowed Values	users-in-specific-groups - The administrator(s) can view only user members of specific groups, as specified by user-group. users-in-specific-subtrees - The administrator(s) can view only users in specific subtrees within the search base, as specified by user-subtree. all-users-in-base - The administrator(s) can view all entries under the search base.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

user-subtree

Description	Specifies subtrees within the search base whose users can be viewed by the administrator(s).
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

user-group

Description	Specifies groups whose member users can be viewed by the administrator(s). Only users whose entries are within the search base can be viewed.
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

manage-membership-of-group

Description	Specifies groups whose membership can be managed by the administrator(s).
Default Value	None
Allowed Values	A valid DN.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Delegated Group Administrators:

dsconfig list-delegated-group-administrators
     [--property {propertyName}] ...

To view the configuration for an existing Delegated Group Administrator:

dsconfig get-delegated-group-administrator-prop
     --administrator-name {name}
     --type-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Delegated Group Administrator:

dsconfig set-delegated-group-administrator-prop
     --administrator-name {name}
     --type-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Delegated Group Administrator:

dsconfig create-delegated-group-administrator
     --administrator-name {name}
     --type-name {name}
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Delegated Group Administrator:

dsconfig delete-delegated-group-administrator
     --administrator-name {name}
     --type-name {name}