Configuring the downstream
[ Reference ]
The following configuration files are provided as reference examples.
Configure actual settings in accordance with your environment.
Sample description 1. Set the downstream_id attribute in order of ms-DS-ConsistencyGuid -> objectGUID
Set ms-DS-ConsistencyGuid to the downstream_id attribute of IIJ ID User.
If no attribute value is set to ms-DS-ConsistencyGuid, this sample should be used to set objectGUID to the downstream_id attribute.
Corresponding method
Configure iid.scim.attribute.user.ad_bind.downstreamId as shown below.
iid: |
scim: |
attribute: |
user: |
ad_bind: |
downstreamId: |
- mS-DS-ConsistencyGuid |
- objectGUID |
| config.yml sample |
|---|
log: |
loglevel: info |
ad: |
ldap: |
cache_disabled: true |
server: |
addresses: |
- 192.168.0.100 |
- 192.168.0.101 |
user: 'CN=iid_proxyadmin,CN=Users,DC=example,DC=local' |
encryption: none |
base_dn: 'DC=example,DC=local' |
filter: |
user: 'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local' |
group: 'memberOf:1.2.840.113556.1.4.1941:=CN=IID_IDaaS user group,OU=IID_Groups,DC=example,DC=local' |
iid: |
scim: |
http: |
proxy: |
use: false |
address: 192.168.0.10 |
port: 8080 |
attribute: |
user: |
default: |
emails: |
- primary: true |
ad_bind: |
externalId: userPrincipalName |
downstreamId: |
- mS-DS-ConsistencyGuid |
- objectGUID |
userName: sAMAccountName |
name: |
familyName: sn |
givenName: givenName |
active: |
- userAccountControl |
- accountExpires |
emails: |
- value: mail |
group: |
ad_bind: |
externalId: objectGUID |
displayName: name |
email: mail |