Page created: 26 Jul 2021
|
Page updated: 14 Jan 2022
| 1 min read
9.0 Product PingDirectory Delegated Administration Directory Capability Product documentation Content Type Administration User task Configuration System Administrator Administrator Audience IT Administrator Software Deployment Method
You can define generic resources for any structural LDAP object class, and they can function as members of a group.
-
Define a generic resource type.
The following example enables the management of device entries.
$ bin/dsconfig create-rest-resource-type \ --type-name device \ --set enabled:true \ --set resource-endpoint:device \ --set "display-name:Device" \ --set structural-ldap-objectclass:device \ --set search-base-dn:dc=example,dc=com \ --set parent-dn:dc=example,dc=com \ --set 'search-filter-pattern:(cn=*%%*)' \ --set primary-display-attribute-type:cn $ bin/dsconfig create-delegated-admin-attribute \ --type-name device \ --attribute-type cn \ --set "display-name:Device Name" \ --set display-order-index:1 $ bin/dsconfig create-delegated-admin-attribute \ --type-name device \ --attribute-type serialNumber \ --set "display-name:Serial Number" \ --set display-order-index:2 -
Create Delegated Admin resource rights for the
generic resource type.
Generic resource administrators must have read access to the user resource. For more information, see Configuring delegated administrator rights on PingDirectory Server.