On the Unique user ID tab, you can create an LDAP filter to resolve user accounts for System for Cross-domain Identity Management (SCIM) operations.
PingFederate uses LDAP filter in conjunction with the Base DN value, defined on the Location tab, to add new account records.
Note:
This tab only appears if you are configuring an LDAP user store for provisioning.
Enter the statement in the Filter text field.
The filter is in the form:
attribute=${value}
where attribute
is an attribute in your
user-datastore and value
is the attribute value or
values passed in from the SCIM request. To see a list of available attributes in your
user-datastore, click View List of Available LDAP Attributes.
Variables for these attributes, including the correct syntax, are listed under
SCIM Attributes.Note:
Unlike filters used to retrieve LDAP attributes for adapter mapping, do not enclose the statement in parentheses.
Tip:
If you are unfamiliar with writing LDAP queries, see the documentation accompanying your LDAP installation.