Configure SCIM After Upgrade - PingDirectory

Configure SCIM After Upgrade - PingDirectory - 7.3

PingDirectory

bundle

pingdirectory-73

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 7.3

category

Product

pd-73

pingdirectory

ContentType_ce

Page created: 24 Jul 2019 |

Page updated: 6 Nov 2019

| 1 min read

7.3 Product PingDirectory

Modifications in SCIM PATCH are mapped directly to LDAP modifications to use the matching rules configured in the Directory Server, when matching deleted values. Since the SCIM PATCH is now applied by the Directory Server, the Permissive Modify Request Control (1.2.840.113556.1.4.1413) is now required by the SCIM component. This ensures that adding an existing value or deleting a non-existent value in the PATCH request will not generate an error. This affects upgrades from server versions prior to 5.0.0.

To continue using the SCIM component after an upgrade, access controls and configuration must be updated to allow access to the Permissive Modify Request Control. Run the dsconfig commands to update these components:

$ dsconfig set-access-control-handler-prop \
  --remove 'global-aci:(targetcontrol="1.3.6.1.1.13.2 || 1.2.840.113556.1.4.473 || 1.2.840.113556.1.4.319 || 2.16.840.1.113730.3.4.9 || 1.3.6.1.1.12")(version 3.0;acl "Authenticated access to controls used by the SCIM servlet extension"; allow (all) userdn="ldap:///all";)'

$ dsconfig set-access-control-handler-prop \
  --add 'global-aci:(targetcontrol="1.3.6.1.1.13.2 || 1.2.840.113556.1.4.473 || 1.2.840.113556.1.4.319 || 2.16.840.1.113730.3.4.9 || 1.3.6.1.1.12 || 1.2.840.113556.1.4.1413")(version 3.0;acl "Authenticated access to controls used by the SCIM servlet extension"; allow (all) userdn="ldap:///all";)'