Creating and configuring a new REST resource type
You can create and configure a new REST resource type in order to set up a reference delegated admin attribute.
About this task
To set up a reference delegated admin attribute, you must have a REST resource type defined and configured.
This example task creates a new REST resource type called Managers
.
Steps
-
To create the new REST resource type, run
dsconfig
with thecreate-rest-resource-type
option.Example:
In the following example, the new resource type of
Managers
is created:dsconfig create-rest-resource-type \ --type-name Managers \ --type user \ --set 'description:Rest type for users who are managers\n\It is used as reference type for the field Manager.' \ --set enabled:true \ --set resource-endpoint:managers \ --set structural-ldap-objectclass:inetOrgPerson \ --set search-base-dn:dc=example,dc=com \ --set "include-filter:(employeeType=manager)" \ --set parent-dn:ou=people,dc=example,dc=com \ --set create-rdn-attribute-type:uid \ --set display-name:Managers \ --set 'search-filter-pattern:(|(cn=%%)(mail=%%)(uid=%%)(sn=%%))' \ --set primary-display-attribute-type:cn
-
To add Delegated Admin attributes for the resource type, run
dsconfig
with thecreate-delegated-admin-attribute
option.Example:
The following example adds Delegated Admin attributes for the
Managers
resource type:dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type cn --set "display-name:Full Name" dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type uid --set "display-name:Manager ID" dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type mail --set display-name:Email dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type employeeType --set "display-name:Employee Type (must be manager)" dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type sn --set "display-name:Last name" dsconfig create-delegated-admin-attribute --type-name Managers --attribute-type givenName --set "display-name:First Name"
-
To distinguish your resource type from other resources, run
dsconfig
with thecreate-delegated-admin-attribute
.Example:
In the following example,
Managers
are distinguished from other users using theemployeeType
attribute:dsconfig create-delegated-admin-attribute --type-name users --attribute-type employeeType --set "display-name:Employee type (manager, other)" --set display-order-index:4
-
To add Delegated Admin resource rights to your set of existing Delegated Admin rights, run
dsconfig
with thecreate-delegated-admin-resource-rights
option.Example:
In the following example, Delegated Admin are granted
reference
Admin Permission for theManagers
REST resource type to allow viewing access:dsconfig create-delegated-admin-resource-rights --rights-name <existing-rights-name> --rest-resource-type Managers --set enabled:true --set admin-permission:reference --set admin-scope:all-resources-in-base
Example:
In the following example, Delegated Admin administrators are granted
read
andupdate
Admin Permissions forManagers
REST resource type to allow edit access:dsconfig create-delegated-admin-resource-rights --rights-name DArights --rest-resource-type Managers --set enabled:true --set admin-permission:read --set admin-permission:update --set admin-scope:all-resources-in-base
Next steps
After you have created and configured a new REST resource type, add a reference Delegated Admin attribute. For more information, see step 2 in [dn_reference].