Configuring attributes and attribute search on PingDirectory Server - PingDirectory

Configuring attributes and attribute search on PingDirectory Server - PingDirectory - 9.1

PingDirectory

bundle

pingdirectory-91

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 9.1

category

Product

pd-91

pingdirectory

ContentType_ce

Use the Delegated Admin installation file to configure attributes and attribute search.

The file that installs Delegated Admin specifies the following values:

Object class of user entries through structural-ldap-objectclass:inetOrgPerson
Number of user attributes to expose
Note:
Delegated Admin supports the following attribute types:
- Boolean
- Integer
- String
- DateTime
- Distinguished name (DN)
- Custom attributes
- Constructed attributes
- Multivalued attributes

If necessary, change the attribute that is designated as the primary attribute.

$ bin/dsconfig set-rest-resource-type-prop \
  --type-name users \
  --set primary-display-attribute-type:mail

Configure any additional user attributes to appear in Delegated Admin by specifying the LDAP attribute type to expose and by providing a display name for it.
```
$ bin/dsconfig create-delegated-admin-attribute \
  --type-name users \
  --attribute-type customAttr
  --set "display-name:My custom attribute"
```
Configure attributes with distinguished name (DN) syntax on resource types to provide a reference from one resource to another.

Such an attribute is the standard LDAP manager attribute.

The referencing resource doesn't have to be the same type of resource as the referenced resource. Delegated Admin allows the referenced resource to be selected without displaying the actual value of the DN.
In this example, the manager attribute is included in the users resource type, and its value is constrained to reference only resources of type managers. The managers REST Resource Type is assumed to have already been defined.
```
$ bin/dsconfig create-delegated-admin-attribute \
  --type-name users \
  --attribute-type manager \
  --set display-name:Manager \
  --set reference-resource-type:managers
```
Additionally, the Delegated Admin resource rights for the administrator must provide either read or reference permission to managers.
```
$ bin/dsconfig create-delegated-admin-resource-rights \
  --rights-name Admin \
  --rest-resource-type managers \
  --set enabled:true \
  --set admin-permission:reference \
  --set admin-scope:all-resources-in-base
```
For more information about resource rights and permissions, see Configuring delegated administrator rights on PingDirectory Server.
Use the following command to set the search filter, where %% represents the search text entered in the web application.
```
$ bin/dsconfig set-rest-resource-type-prop \
  --type-name users \
  --set 'search-filter-pattern:(|(cn=*%%*)(mail=%%*)(uid=%%*))'
```
When search text is entered in Delegated Admin, the property search-filter-pattern specifies which attributes to search in PingDirectory Server. To satisfy the query, define the appropriate attribute indexes for PingDirectory Server. For more information, see the PingDirectory Server Administration Guide.

To manage users whose profiles feature a large number of attributes, place the attributes in logical groupings, called attribute categories, and give them a specific display order.

The following commands create attribute categories and specify their display order.

$ bin/dsconfig create-delegated-admin-attribute-category \
  --display-name "Basic Information" \
  --set display-order-index:1
  
$ bin/dsconfig create-delegated-admin-attribute-category \
  --display-name "Contact Information" \
  --set display-order-index:2
  
$ bin/dsconfig create-delegated-admin-attribute-category \
  --display-name "Other Attributes" \
  --set display-order-index:3

The following example commands assign attributes to a category and specify the display order of each attribute within its category.

$ bin/dsconfig set-delegated-admin-attribute-prop \
  --type-name users \
  --attribute-type cn \
  --set "attribute-category:Basic Information" \
  --set display-order-index:1
  
$ bin/dsconfig set-delegated-admin-attribute-prop \
  --type-name users \
  --attribute-type sn \
  --set "attribute-category:Basic Information" \
  --set display-order-index:2

Unassigned attributes are displayed in a miscellaneous category.

For multivalued LDAP attributes, indicate whether the application should present them as multivalued.

If not specified, the attributes are presented in the application as single-valued, even if the LDAP schema definition for the attribute allows multiple values.

Note:
This setting does not apply to attributes that are handled by custom UI form fields.
```
$ bin/dsconfig set-delegated-admin-attribute-prop \
 --type-name users \
 --attribute-type mail \
 --set multi-valued:true
```