PingDirectory

Generic resource types

Use generic resource types to manage Lightweight Directory Access Protocol (LDAP) entries that are neither users nor groups.

You can perform the following actions with generic resource types:

  • Create new entries.

  • Read, view, and search existing entries.

  • Edit and update existing entries.

  • Edit referenced items.

For example, a generic resource type can represent a device or used for organizational unit branch entries that are parents of other resources.

Defining a generic resource type

You can define generic resources for any structural LDAP object class and they can function as members of a group.

Steps

  1. Define a generic resource type.

    The following example enables the management of device entries:

    Example:

    $ bin/dsconfig create-rest-resource-type \
      --type-name device \
      --set enabled:true \
      --set resource-endpoint:device \
      --set "display-name:Device" \
      --set structural-ldap-objectclass:device \
      --set search-base-dn:dc=example,dc=com \
      --set parent-dn:dc=example,dc=com \
      --set 'search-filter-pattern:(cn=%%)' \
      --set primary-display-attribute-type:cn
    
    $ bin/dsconfig create-delegated-admin-attribute \
      --type-name device \
      --attribute-type cn \
      --set "display-name:Device Name" \
      --set display-order-index:1
    
    $ bin/dsconfig create-delegated-admin-attribute \
      --type-name device \
      --attribute-type serialNumber \
      --set "display-name:Serial Number" \
      --set display-order-index:2
  2. Create Delegated Admin resource rights for the generic resource type.

    Generic resource administrators must have read access to the user resource. For more information, see Configuring delegated administrator rights on the PingDirectory server.