-
To allow read access to operational attributes used by the SCIM Servlet Extension,
add access controls on each of the backend -Directory Servers before you enable the System for
Cross-domain Identity Management (SCIM) servlet extension.
Instead of the dsconfig interactive equivalent, the following example uses the non-interactive command to add access control instructions (ACIs) .
$ bin/dsconfig set-access-control-handler-prop \ --add 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || createTimestamp || modifyTimestamp") (version 3.0;acl "Authenticated read access to operational attributes \ used by the SCIM servlet extension"; allow (read,search,compare) userdn="ldap:///all";)'
-
To enable the SCIM servlet extension, run the dsconfig batch
file on the Directory Proxy Server server.
$ bin/dsconfig --batch-file config/scim-config-proxy.dsconfig
-
Edit the dsconfig batch file to use the correct request
processor name and base distingushed names (DNs) for the
set-request-processor-prop
andset-root-dse-backend-prop
commands.For more information, see Configuring LDAP Control Support on All Request Processors (Proxy Only) and SCIM 1.1 servlet extension authentication.