Configuring the SCIM servlet extension - PingDirectory - PingDirectoryProxy

Configuring the SCIM servlet extension - PingDirectory - PingDirectoryProxy - 9.0

PingDirectory

bundle

pingdirectory-90

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 9.0

category

Product

pd-90

pingdirectory

ContentType_ce

To allow read access to operational attributes used by the SCIM Servlet Extension, add access controls on each of the backend -Directory Servers before you enable the System for Cross-domain Identity Management (SCIM) servlet extension.
Instead of the dsconfig interactive equivalent, the following example uses the non-interactive command to add access control instructions (ACIs) .
```
$ bin/dsconfig set-access-control-handler-prop \
  --add 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || 
    createTimestamp || modifyTimestamp")
    (version 3.0;acl "Authenticated read access to operational attributes \
    used by the SCIM servlet extension"; allow (read,search,compare) 
    userdn="ldap:///all";)'
```
To enable the SCIM servlet extension, run the dsconfig batch file on the Directory Proxy Server server.
```
$ bin/dsconfig --batch-file config/scim-config-proxy.dsconfig
```
Edit the dsconfig batch file to use the correct request processor name and base distingushed names (DNs) for the set-request-processor-prop and set-root-dse-backend-prop commands.

For more information, see Configuring LDAP Control Support on All Request Processors (Proxy Only) and SCIM 1.1 servlet extension authentication.