When a SCIM Sync Destination needs to synchronize a change to a SCIM resource on the destination SCIM server, it must first fetch the destination resource. If the destination resource ID is known, the resource will be retrieved by its ID. If not, a search is performed using the mapped destination correlation attributes. Configuring this requires coordination between the Sync Class and the scim-resources.xml mapping file.
The scim-resources.xml mapping file treats the value of the
<resourceIDMapping>
element's ldapAttribute
attribute as the SCIM ID of the source entry. If this value is also listed as a value of
the Sync Class's destination-correlation-attributes
property, then the
value of this LDAP attribute is used as the SCIM ID of the destination resource.
If no value of destination-correlation-attributes
matches the
<resourceIDMapping>
element's ldapAttribute
attribute, the SCIM ID of the destination resource is considered unknown. In this case,
the SCIM Sync Destination treats the values of destination-
correlation-attributes
as search terms, using them to construct a filter
for finding the destination resource. Each value of
destination-correlation-attributes
will be mapped to a
corresponding SCIM attribute name, and equality matches will be used in the resulting
filter.
If the ldapAttribute
value is not listed as a destination correlation
attribute, this setting is not used by PingDirectory Server.
The following table illustrates an LDAPSearch
element that contains a
resourceIDMapping
element:
Method for retrieving SCIM resource | Condition | Example condition | Example request |
---|---|---|---|
Retrieve resource directly |
Used if a |
ldapAttribute="mail"
createdBy= "directory"/>
|
GET scim/Users/ person@example.com
|
Retrieve resource using search |
Used if no |
|
|
The unique ID of a destination SCIM resource will most likely be unknown, and the search method will need to be used. However, not all SCIM service providers support the use of filters. Therefore, not all SCIM service providers may be usable as SCIM Sync Destinations.