On the Unique user ID tab, you can create an LDAP filter to resolve user accounts for System for Cross-domain Identity Management (SCIM) operations.
PingFederate uses LDAP filter in conjunction with the Base DN value, defined on the Location tab, to add new account records.
This tab only appears if you are configuring an LDAP user store for provisioning.
The filter is in the form:
attribute=${value}
where attribute
is an attribute in your
user-datastore and value
is the attribute value
or values passed in from the SCIM request. To see a list of available attributes in
your user-datastore,
click
View List of Available LDAP Attributes.
Variables
for these attributes, including the correct syntax, are listed under SCIM
Attributes.
Unlike filters used to retrieve LDAP attributes for adapter mapping, do not enclose the statement in parentheses.
If you are unfamiliar with writing LDAP queries, see the documentation accompanying your LDAP installation.