Defining a generic resource type
You can define generic resources for any structural LDAP object class, and they can function as members of a group.
Steps
-
Define a generic resource type.
The following example enables the management of device entries.
Example:
$ bin/dsconfig create-rest-resource-type \ --type-name device \ --set enabled:true \ --set resource-endpoint:device \ --set "display-name:Device" \ --set structural-ldap-objectclass:device \ --set search-base-dn:dc=example,dc=com \ --set parent-dn:dc=example,dc=com \ --set 'search-filter-pattern:(cn=%%)' \ --set primary-display-attribute-type:cn $ bin/dsconfig create-delegated-admin-attribute \ --type-name device \ --attribute-type cn \ --set "display-name:Device Name" \ --set display-order-index:1 $ bin/dsconfig create-delegated-admin-attribute \ --type-name device \ --attribute-type serialNumber \ --set "display-name:Serial Number" \ --set display-order-index:2
-
Create Delegated Admin resource rights for the generic resource type.
Generic resource administrators must have read access to the user resource. For more information, see Configuring delegated administrator rights on the PingDirectory server.