7.3.4. Attribute mapping#
Important
The Nubus SCIM Server is in an early state with limited configuration capability. For detailed limitations, see Limitations.
Note
Due to the early state of the Nubus SCIM Server there are some limitations to attribute mapping and data validation.
The SCIM service maps between UDM attributes and SCIM attributes.
7.3.4.1. Schemas#
All resources in SCIM comprise schemas that describe which values are available for that specific resource. Schema extensions can extend a resource. This page lists the schemas that the Nubus SCIM Server uses.
- User schemas
The user schemas always include the following schemas:
- Core user schema#
Name of the schema:
urn:ietf:params:scim:schemas:core:2.0:User
- Enterprise user schema#
Name of the schema:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
- Univention user schema#
Name of the schema:
urn:ietf:params:scim:schemas:extension:Univention:1.0:User
- UniventionUser user schema#
Name of the schema:
urn:ietf:params:scim:schemas:extension:UniventionUser:2.0:User
Important
The
UniventionUser user schema
schema requires extended LDAP attributes that you must configure. Otherwise, the schema’s properties are always empty on read operations. Write operations fail. The schema is deprecated. It will be removed in a future version of Nubus for Kubernetes, as soon as you can configure custom schemas.
- Group schemas
The group schemas always includes the following schemas:
- Core group schema#
Name of the schema:
urn:ietf:params:scim:schemas:core:2.0:Group
- Univention group schema#
Name of the schema:
urn:ietf:params:scim:schemas:extension:Univention:1.0:Group
7.3.4.2. Common attributes#
Common attributes are available for users and groups. All common attributes are in the corresponding user or group core schema, depending on the resource type.
- Id
- UDM attribute:
univentionObjectIdentifier
- SCIM attribute:
id
- Operation:
Read
- Description:
UUID for the object. The
univentionObjectIdentifier
is mandatory. No object mapping, if the attribute is unavailable.- Schema:
- ExternalId
- UDM attribute:
configurable
- SCIM attribute:
id
- Operation:
Read and write
- Description:
If configured, UDM uses the external ID field to store an object ID of external IAM. See External ID mapping.
- Schema:
- Resource type
- UDM attribute:
None
- SCIM attribute:
meta.resourceType
- Operation:
Read
- Description:
User
orGroup
- Schema:
- Version
- UDM attribute:
etag
- SCIM attribute:
meta.version
- Operation:
Read
- Description:
Version identifier of the object
- Schema:
- Location
- UDM attribute:
None
- SCIM attribute:
meta.location
- Operation:
Read
- Description:
SCIM URL to access the object
- Schema:
- Created timestamp
- UDM attribute:
createTimestamp
- SCIM attribute:
meta.created
- Operation:
Read
- Description:
UTC time when the object was created, ISO 8601 format.
- Schema:
- Last modified timestamp
- UDM attribute:
modifyTimestamp
- SCIM attribute:
meta.lastModified
- Operation:
Read
- Description:
UTC time when the object was last modified, ISO 8601 format.
- Schema:
7.3.4.3. User attributes#
A listing of all user attributes that the Nubus SCIM Server maps between UDM and SCIM.
- Username
- UDM attribute:
username
- SCIM attribute:
username
- Operation:
Read and write
- Description:
User login name
- Schema:
- Active
- UDM attribute:
disabled
- SCIM attribute:
active
- Operation:
Read and write
- Description:
Boolean, inverted:
active != disabled
.- Schema:
- First name
- UDM attribute:
firstname
- SCIM attribute:
name.givenName
- Operation:
Read and write
- Description:
First name
- Schema:
- Last name
- UDM attribute:
lastname
- SCIM attribute:
name.familyName
- Operation:
Read and write
- Description:
Last name
- Schema:
- Formatted name
- UDM attribute:
None
- SCIM attribute:
name.formatted
- Operation:
Read
- Description:
firstname` and
lastname
concatenated with space and trimmed.- Schema:
- Display name
- UDM attribute:
displayName
- SCIM attribute:
displayName
- Operation:
Read and write
- Description:
Display name
- Schema:
- Title
- UDM attribute:
title
- SCIM attribute:
title
- Operation:
Read and write
- Description:
Job title
- Schema:
- Employee type
- UDM attribute:
employeeType
- SCIM attribute:
userType
- Operation:
Read and write
- Description:
Employee type
- Schema:
- Preferred language
- UDM attribute:
preferredLanguage
- SCIM attribute:
preferredLanguage
- Operation:
Read and write
- Description:
The user’s preferred language
- Schema:
- Primary mail address
- UDM attribute:
mailPrimaryAddress
- SCIM attribute:
emails[type="mailbox"].value
- Operation:
Read and write
- Description:
Email with special type mailbox
- Schema:
- Alternative mail address
- UDM attribute:
mailAlternativeAddress[]
- SCIM attribute:
emails[type="alias"].value
- Operation:
Read and write
- Description:
List of emails with special type alias
- Schema:
- Other mail address
- UDM attribute:
e-mail[]
- SCIM attribute:
emails[type="alias"].value
- Operation:
Read and write
- Description:
List of emails without special type
- Schema:
- Phone work numbers
- UDM attribute:
phone[]
- SCIM attribute:
phoneNumbers[type="work"].value
- Operation:
Read and write
- Description:
List of work phone numbers
- Schema:
- Mobile phone work numbers
- UDM attribute:
mobileTelephoneNumber[]
- SCIM attribute:
phoneNumbers[type="mobile"].value
- Operation:
Read and write
- Description:
List of emails without special type
- Schema:
- Phone home numbers
- UDM attribute:
homeTelephoneNumber[]
- SCIM attribute:
phoneNumbers[type="home"].value
- Operation:
Read and write
- Description:
List of home phone numbers
- Schema:
- Pager numbers
- UDM attribute:
pagerTelephoneNumber[]
- SCIM attribute:
phoneNumbers[type="pager"].value
- Operation:
Read and write
- Description:
List of pager numbers
- Schema:
- Street work
- UDM attribute:
street
- SCIM attribute:
addresses[type="work"].streetAddress
- Operation:
Read and write
- Description:
Work street address
- Schema:
- City work
- UDM attribute:
city
- SCIM attribute:
addresses[type="work"].locality
- Operation:
Read and write
- Description:
Work city
- Schema:
- Postcode work
- UDM attribute:
postcode
- SCIM attribute:
addresses[type="work"].postalCode
- Operation:
Read and write
- Description:
Work postal code
- Schema:
- State work
- UDM attribute:
state
- SCIM attribute:
addresses[type="work"].region
- Operation:
Read and write
- Description:
Work state/region
- Schema:
- Country work
- UDM attribute:
country
- SCIM attribute:
addresses[type="work"].country
- Operation:
Read and write
- Description:
Work country
- Schema:
- Formatted work address
- UDM attribute:
None
- SCIM attribute:
addresses[type="work"].formatted
- Operation:
Read
- Description:
Formatted work address string from individual components
- Schema:
- Street home
- UDM attribute:
homePostalAddress[].street
- SCIM attribute:
addresses[type="home"].streetAddress
- Operation:
Read and write
- Description:
List of home street addresses
- Schema:
- City home
- UDM attribute:
homePostalAddress[].city
- SCIM attribute:
addresses[type="home"].locality
- Operation:
Read and write
- Description:
List of home cities
- Schema:
- Postcode home
- UDM attribute:
homePostalAddress[].zipcode
- SCIM attribute:
addresses[type="home"].postalCode
- Operation:
Read and write
- Description:
List of home postal codes
- Schema:
- Formatted home address
- UDM attribute:
None
- SCIM attribute:
addresses[type="home"].formatted
- Operation:
Read
- Description:
List of formatted home address strings from individual components
- Schema:
- User certificate
- UDM attribute:
userCertificate
- SCIM attribute:
x509Certificates[].value
- Operation:
Read and write with limitations
- Description:
User certificate, only written if input list has exactly zero or one element.
- Schema:
- User certificate common name
- UDM attribute:
certificateSubjectCommonName
- SCIM attribute:
x509Certificates[].display
- Operation:
Read and write with limitations
- Description:
Display name of the user certificate, only written if input list has exactly zero or one element.
- Schema:
- Guardian direct roles
- UDM attribute:
guardianRoles[]
- SCIM attribute:
roles[type="guardian-direct"].value
- Operation:
Read and write
- Description:
List of roles with special type guardian-direct.
- Schema:
- Guardian indirect roles
- UDM attribute:
guardianInheritedRoles[]
- SCIM attribute:
roles[type="guardian-indirect"].value
- Operation:
Read and write
- Description:
List of roles with special type guardian-indirect.
- Schema:
- Roles
- UDM attribute:
configurable
- SCIM attribute:
roles[type!="guardian-indirect" and type!="guardian-direct"].value
- Operation:
Read and write
- Description:
If configured the roles are stored in UMD as serialized JSON, see Roles mapping.
- Schema:
- Password recovery email
- UDM attribute:
PasswordRecoveryEmail
- SCIM attribute:
passwordRecoveryEmail
- Operation:
Read and write
- Description:
Password recovery mail
- Schema:
- Description
- UDM attribute:
description
- SCIM attribute:
description
- Operation:
Read and write
- Description:
Description
- Schema:
- Employee number
- UDM attribute:
employeeNumber
- SCIM attribute:
employeeNumber
- Operation:
Read and write
- Description:
Employee number
- Schema:
7.3.4.4. Group attributes#
A listing of all group attributes that the Nubus SCIM Server maps between UDM and SCIM.
- Name
- UDM attribute:
name
- SCIM attribute:
displayName
- Operation:
Read and write
- Description:
Group name
- Schema:
- Members user id
- UDM attribute:
users[]
- SCIM attribute:
members[type="User"].value
- Operation:
Read and write
- Description:
The user members of the group
- Schema:
- Members user name
- UDM attribute:
user.displayName
- SCIM attribute:
members[type="User"].display
- Operation:
Read
- Description:
The name of the user as in the user object
- Schema:
- Members user ref
- UDM attribute:
None
- SCIM attribute:
members[type="User"].$ref
- Operation:
Read
- Description:
The URL reference to query the user object
- Schema:
- Members group id
- UDM attribute:
nestedGroup[]
- SCIM attribute:
members[type="Group"].value
- Operation:
Read and write
- Description:
The group members of the group, nested groups
- Schema:
- Members group name
- UDM attribute:
group.displayName
- SCIM attribute:
members[type="Group"].display
- Operation:
Read
- Description:
The name of the group as in the group object
- Schema:
- Members group ref
- UDM attribute:
None
- SCIM attribute:
members[type="Group"].$ref
- Operation:
Read
- Description:
The URL reference to query the group object
- Schema:
- Guardian member roles
- UDM attribute:
guardianMemberRoles
- SCIM attribute:
memberRoles[type="guardian"].value
- Operation:
Read and write
- Description:
Guardian member roles
- Schema:
- Description
- UDM attribute:
description
- SCIM attribute:
description
- Operation:
Read and write
- Description:
Description
- Schema: