Page created: 22 Jul 2020
|
Page updated: 1 Feb 2021
| 1 min read
8.2 Product PingDirectory PingDirectoryProxy Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience Software Deployment Method Configuration
-
Before you enable the SCIM servlet extension, add access controls on each of
the backend Directory Servers to allow read access to operational attributes used by the SCIM
Servlet Extension. We recommend using the following non-interactive command to add access
control instructions, rather than its dsconfig interactive
equivalent.
$ bin/dsconfig set-access-control-handler-prop \ --add 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || createTimestamp || modifyTimestamp") (version 3.0;acl "Authenticated read access to operational attributes \ used by the SCIM servlet extension"; allow (read,search,compare) userdn="ldap:///all";)'
-
On the Directory Proxy Server, enable the SCIM servlet extension by running the dsconfig batch
file.
$ bin/dsconfig --batch-file config/scim-config-proxy.dsconfig
-
The dsconfig batch file must be edited to use the correct
request processor name and base DN name(s) for the
set-request-processor-prop
andset-root-dse-backend-prop
commands, respectively, as described in the "Configuring LDAP Control Support on All Request Processors" and "SCIM Servlet Extension Authentication" sections later in the chapter.