To add data to PingDirectory Server, create a file named devices.ldif with the following contents.

dn: ou=Devices,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Devices

dn: cn=device.0,ou=Devices,dc=example,dc=com
objectClass: top
objectClass: device
cn: device.0
description: Description for device.0

dn: cn=device.1,ou=Devices,dc=example,dc=com
objectClass: top
objectClass: device
cn: device.1
description: Description for device.1

Use the ldapmodify tool to load the data file.

PingDirectory/bin/ldapmodify --defaultAdd --filename devices.ldif

Start configuring PingAuthorize Server by adding a store adapter.

dsconfig create-store-adapter \
  --adapter-name DeviceStoreAdapter \
  --type ldap \
  --set enabled:true \
  --set "load-balancing-algorithm:User Store LBA" \
  --set structural-ldap-objectclass:device \
  --set include-base-dn:ou=devices,dc=example,dc=com \
  --set include-operational-attribute:createTimestamp \
  --set include-operational-attribute:modifyTimestamp \
  --set create-dn-pattern:entryUUID=server-generated,ou=devices,dc=example,dc=com

The previous command creates a store adapter that handles LDAP entries found under the base DN ou=devices,dc=example,dc=com with the object class device. This example uses the user store load-balancing algorithm that is created when you use the create-initial-config tool to set up a users SCIM resource type.

The following command creates a SCIM schema for devices with the schema URN urn:pingidentity:schemas:Device:1.0.

dsconfig create-scim-schema \
  --schema-name urn:pingidentity:schemas:Device:1.0 \
  --set display-name:Device

Under this schema, add the string attributes name and description.

dsconfig create-scim-attribute \
  --schema-name urn:pingidentity:schemas:Device:1.0 \
  --attribute-name name \
  --set required:true
dsconfig create-scim-attribute \
  --schema-name urn:pingidentity:schemas:Device:1.0 \
  --attribute-name description

After you create a store adapter and schema, create the SCIM resource type.

dsconfig create-scim-resource-type \
  --type-name Devices \
  --type mapping \
  --set enabled:true \
  --set endpoint:Devices \
  --set primary-store-adapter:DeviceStoreAdapter \
  --set lookthrough-limit:500 \
  --set core-schema:urn:pingidentity:schemas:Device:1.0

Map the two SCIM attributes to the corresponding LDAP attributes. The following commands map the SCIM name attribute to the LDAP cn attribute, and map the SCIM description attribute to the LDAP description attribute.

dsconfig create-store-adapter-mapping \
  --type-name Devices \
  --mapping-name name \
  --set scim-resource-type-attribute:name \
  --set store-adapter-attribute:cn \
  --set searchable:true

dsconfig create-store-adapter-mapping \
  --type-name Devices \
  --mapping-name description \
  --set scim-resource-type-attribute:description \
  --set store-adapter-attribute:description

To confirm that the new resource type has been added, send the following request to the SCIM resource types endpoint.

curl -k https://localhost:8443/scim/v2/ResourceTypes/Devices

The response is:


For a more advanced example of a mapped SCIM resource type, see the example User schema in PingAuthorize/resource/starter-schemas.