JSON-formatted complex System for Cross-domain Identity Management (SCIM) 2.0 attribute mappings can be used to create complex SCIM attributes from LDAP attributes whose values are the string representations of JSON objects.
Unless the data is already stored in that format in the sync source, then it could be more complicated to produce this format (possibly requiring sync attribute mappings or even a sync destination plugin), but it does provide the ability to generate multivalued complex attributes.
Additional configuration properties that are available for JSON-formatted complex SCIM 2.0 attribute mappings include:
ldap-attribute-name
- The name of the LDAP attribute (in the mapped representation of the source entry generated by the sync class) whose values will be used as the values of the SCIM 2.0 attribute. This is required, and the LDAP attribute must have values that can be parsed as JSON objects.
single-valued
- Indicates whether the SCIM 2.0 attribute is single-valued or multivalued. If
this is
true
, then the SCIM 2.0 representation of the attribute value will be as a JSON string. If this isfalse
, then the SCIM 2.0 representation of the attribute value will be as a JSON array of strings.
You can use the following example configuration change to create a JSON-formatted complex SCIM 2.0 attribute mapping:
dsconfig create-scim2-attribute-mapping \
--mapping-name "Email Addresses" \
--type json-formatted-complex \
--set scim-attribute-name:emails \
--set ldap-attribute-name:ubidEmailJSON \
--set attribute-usage:fetch \
--set attribute-usage:create-during-realtime-sync \
--set attribute-usage:create-during-resync \
--set attribute-usage:update-during-realtime-sync \
--set attribute-usage:update-during-resync \
--set single-valued:false