Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
Configure synchronization with System for Cross-domain Identity Management (SCIM) using the create-sync-pipe-config utility and the dsconfig command. Configuring synchronization between an LDAP server and a SCIM service provider includes the following:
- Configure one external server for every physical endpoint.
- Configure the Sync Source server and designate the external servers that correspond to the source server.
- Configure the Sync Destination server and designate the external servers that correspond to the SCIM sync destination.
- Configure the LDAP to SCIM Sync Pipe.
- Configure the Sync Classes. Each Sync Class represents a type of entry that needs to be synchronized. When specifying a Sync Class for synchronization with a SCIM service provider, avoid including attribute and distinguished name (DN) mappings. Instead use the Sync Class to specify the operations to synchronize and which correlation attributes to use.
- Set the evaluation order for the Sync Classes to define the processing precedence for each class.
- Configure the scim-resources.xml file. If possible, change the
<resourceIDMapping>element(s) to use whatever the SCIM Service Provider uses as the SCIM ID.
- Set Up Communication for each External Server. Run prepare-endpoint-server once for every LDAP external server that is part of the Sync Source.
- Use realtime-sync to start the Sync Pipe.