Resource versioning is enabled by default in new installations. Upgraded servers that had System for Cross-domain Identity Management (SCIM) enabled need additional configuration to enable resource versioning.

  1. Enable the ds-entry-checksum virtual attribute.
    $ bin/dsconfig set-virtual-attribute-prop \
    --name ds-entry-checksum \
    --set enabled:true
  2. Remove any existing access controls required by SCIM for read access to operational attributes.
    $ bin/dsconfig set-access-control-handler-prop \
    --remove 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || createTimestamp || ds-create-time || modifyTimestamp || ds-update-time")
    (version 3.0;acl "Authenticated read access to operational attributes used by the SCIM servlet extension"; allow (read,search,compare) userdn="ldap:///all"'
  3. On the backend directory server, enable new access controls required by SCIM for read access to operational attributes with the following command.
    Note:

    If this access control instruction (ACI) is not present, problems will occur when a SCIM client tries to authenticate with a non-root distinguished name (DN).

    $ bin/dsconfig set-access-control-handler-prop \
    --add  'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || createTimestamp || ds-create-time || modifyTimestamp || ds-update-time || ds-entry-checksum")
    (version 3.0;acl "Authenticated read access to operational attributes used by the SCIM servlet extension"; allow (read,search,compare) userdn="ldap:///all"'