Configuring the downstream_id Attribute
[ Reference ]
The following configuration files are provided as reference examples.
Configure actual settings in accordance with your environment.
Sample description 1. Set the downstream_id attribute in order of ms-DS-ConsistencyGuid -> objectGUID
Set ms-DS-ConsistencyGuid to the downstream_id attribute of IIJ ID User.
If no attribute value is set to ms-DS-ConsistencyGuid, this sample should be used to set objectGUID to the downstream_id attribute.
Corresponding method
Configure iid.scim.attribute.user.ad_bind.downstreamId as shown below.
iid:
scim:
attribute:
user:
ad_bind:
downstreamId:
- mS-DS-ConsistencyGuid
- objectGUID
config.yml sample
log:
loglevel: info
ad:
ldap:
cache_disabled: true
server:
addresses:
- 192.168.0.100
- 192.168.0.101
user: 'CN=iid_proxyadmin,CN=Users,DC=example,DC=local'
encryption: none
base_dn: 'DC=example,DC=local'
filter:
user: 'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local'
group: 'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local'
iid:
scim:
http:
proxy:
use: false
address: 192.168.0.10
port: 8080
attribute:
user:
default:
emails:
- primary: true
ad_bind:
externalId: userPrincipalName
downstreamId:
- mS-DS-ConsistencyGuid
- objectGUID
userName: sAMAccountName
name:
familyName: sn
givenName: givenName
active:
- userAccountControl
- accountExpires
emails:
- value: mail
group:
ad_bind:
externalId: objectGUID
displayName: name
email: mail