For security reasons, error messages specifically regarding LDAP systems are suppressed and do not appear in the HTTP responses from the server. Instead, you will see something similar to the following:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "status": "400",
  "detail": "Request failed: correlationID='073eb1a8-8c51-48b3-83a0-380e1d4b4ab9'"
}

To view these messages, the Debug Trace Logger needs to be enabled. You can do this through the Administrative Console or with the following dsconfig command:

dsconfig set-log-publisher-prop --publisher-name "Debug Trace Logger" \
			--set enabled:true --add scim-message-type:error

The correlationID can then be used to determine which LDAP error messages in the Debug Trace Log correspond to the HTTP response.