--- title: Setting up a DN reference attribute description: A REST resource type can reference or edit other REST resource types based on a distinguished name (DN) without the full DN value. The following task, performed by the system administrator, grants the Delegated Admin administrator this ability. component: pingdirectory version: 11.0 page_id: pingdirectory:delegated_admin_application_guide:pd_da_set_up_dn_reference_attr canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/delegated_admin_application_guide/pd_da_set_up_dn_reference_attr.html revdate: September 20, 2023 page_aliases: ["pd_da_create_config_rest_resource_type.adoc"] section_ids: about-this-task: About this task steps: Steps choose-from: Choose from: example: Example: example-2: Example: cr-con-rest-rt: Creating and configuring a new REST resource type about-this-task-2: About this task steps-2: Steps example-3: Example: example-4: Example: example-5: Example: example-6: Example: example-7: Example: next-steps: Next steps --- # Setting up a DN reference attribute A REST resource type can reference or edit other REST resource types based on a distinguished name (DN) *(tooltip: \
\

A name uniquely identifying an object within the hierarchy of a directory tree.\

\
)* without the full DN value. The following task, performed by the system administrator, grants the Delegated Admin administrator this ability. ## About this task In this task, the Delegated Admin attribute used for reference must be in DN syntax, such as `manager`, `entryDN`, or `seeAlso`. ## Steps 1. To use a resource type for DN reference: ### Choose from: * Use an existing REST resource type. * [Create a new REST resource type](#cr-con-rest-rt). 2. To add a `reference` Delegated Admin attribute, run `dsconfig` with the `create-delegated-admin-attribute` option using the following syntax. ### Example: ``` dsconfig create-delegated-admin-attribute \ --type-name users \ --attribute-type \ --set "display-name:" \ --set display-order-index: \ --set reference-resource-type: ``` ### Example: The following example uses the values from [Creating and configuring a new REST resource type](#cr-con-rest-rt): ``` dsconfig create-delegated-admin-attribute \ --type-name users \ --attribute-type manager \ --set "display-name:Select Manager" \ --set display-order-index:4 \ --set reference-resource-type:Managers ``` ## Creating and configuring a new REST resource type You can create and configure a new REST resource type in order to set up a reference delegated admin attribute. ### About this task To set up a reference delegated admin attribute, you must have a REST resource type defined and configured. This example task creates a new REST resource type called `Managers`. ### Steps 1. To create the new REST resource type, run `dsconfig` with the `create-rest-resource-type` option. #### Example: In the following example, the new resource type of `Managers` is created: ``` dsconfig create-rest-resource-type \ --type-name Managers \ --type user \ --set 'description:Rest type for users who are managers\n\It is used as reference type for the field Manager.' \ --set enabled:true \ --set resource-endpoint:managers \ --set structural-ldap-objectclass:inetOrgPerson \ --set search-base-dn:dc=example,dc=com \ --set "include-filter:(employeeType=manager)" \ --set parent-dn:ou=people,dc=example,dc=com \ --set create-rdn-attribute-type:uid \ --set display-name:Managers \ --set 'search-filter-pattern:(|(cn=*%%*)(mail=%%*)(uid=%%*)(sn=*%%*))' \ --set primary-display-attribute-type:cn ``` 2. To add Delegated Admin attributes for the resource type, run `dsconfig` with the `create-delegated-admin-attribute` option. #### Example: The following example adds Delegated Admin attributes for the `Managers` resource type: ``` dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type cn \ --set "display-name:Full Name" dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type uid \ --set "display-name:Manager ID" dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type mail \ --set display-name:Email dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type employeeType \ --set "display-name:Employee Type (must be manager)" dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type sn \ --set "display-name:Last name" dsconfig create-delegated-admin-attribute \ --type-name Managers \ --attribute-type givenName \ --set "display-name:First Name" ``` 3. To distinguish your resource type from other resources, run `dsconfig` with the `create-delegated-admin-attribute`. #### Example: In the following example, `Managers` are distinguished from other users using the `employeeType` attribute: ``` dsconfig create-delegated-admin-attribute \ --type-name users \ --attribute-type employeeType \ --set "display-name:Employee type (manager, other)" \ --set display-order-index:4 ``` 4. To add Delegated Admin resource rights to your set of existing Delegated Admin rights, run `dsconfig` with the `create-delegated-admin-resource-rights` option. #### Example: In the following example, Delegated Admin are granted `reference` Admin Permission for the `Managers` REST resource type to allow viewing access: ``` dsconfig create-delegated-admin-resource-rights \ --rights-name \ --rest-resource-type Managers \ --set enabled:true \ --set admin-permission:reference \ --set admin-scope:all-resources-in-base ``` #### Example: In the following example, Delegated Admin administrators are granted `read` and `update` Admin Permissions for `Managers` REST resource type to allow edit access: ``` dsconfig create-delegated-admin-resource-rights \ --rights-name DArights \ --rest-resource-type Managers \ --set enabled:true \ --set admin-permission:read \ --set admin-permission:update \ --set admin-scope:all-resources-in-base ``` ### Next steps After you have created and configured a new REST resource type, add a reference Delegated Admin attribute. For more information, see step 2 in [Setting up a DN reference attribute](pd_da_set_up_dn_reference_attr.html).