An LDAPSearch element has the following XML attributes:

  • baseDN: a required element specifying the LDAP search base distinguished name (DN) to be used when querying for the System for Cross-domain Identity Management (SCIM) resource.
  • filter: a required element specifying an LDAP filter that matches entries representing the SCIM resource. This filter is typically an equality filter on the LDAP object class.
  • resourceIDMapping: an optional element specifying a mapping from the SCIM resource ID to an LDAP attribute. When the element is omitted, the resource ID maps to the LDAP entry DN.

The LDAPSearch element can be added as a top-level element outside of any <Resource> elements, and then referenced within them with an ID attribute.