Attribute mapping

7.3.4. Attribute mapping#

Important

The Nubus SCIM Server is in an early state with limited configuration capability. For detailed limitations, see Limitations.

Note

Due to the early state of the Nubus SCIM Server there are some limitations to attribute mapping and data validation.

The SCIM service maps between UDM attributes and SCIM attributes.

7.3.4.1. Schemas#

All resources in SCIM include schemas that describe which values are available for that specific resource. Schema extensions can extend a resource. This page lists the schemas that the Nubus SCIM Server uses.

User schemas

The user schemas always include the following schemas:

Core user schema#: Name of the schema: urn:ietf:params:scim:schemas:core:2.0:User

Enterprise user schema#: Name of the schema: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Univention user schema#: Name of the schema: urn:ietf:params:scim:schemas:extension:Univention:1.0:User

UniventionUser user schema#: Name of the schema: urn:ietf:params:scim:schemas:extension:UniventionUser:2.0:User

Important

The UniventionUser user schema schema requires extended LDAP attributes that you must configure. Otherwise, the schema’s properties are always empty on read operations. Write operations fail. The schema is deprecated. It will be removed in a future version of Nubus for Kubernetes, as soon as you can configure custom schemas.

Group schemas

The group schemas always includes the following schemas:

Core group schema#: Name of the schema: urn:ietf:params:scim:schemas:core:2.0:Group

Univention group schema#: Name of the schema: urn:ietf:params:scim:schemas:extension:Univention:1.0:Group

7.3.4.2. Common attributes#

Common attributes are available for users and groups. All common attributes are in the corresponding user or group core schema, depending on the resource type.

Id

UDM attribute:: univentionObjectIdentifier
SCIM attribute:: id
Operation:: Read
Description:: UUID for the object. The univentionObjectIdentifier is mandatory. No object mapping, if the attribute is unavailable.
Schema:: Core user schema or Core group schema

ExternalId

UDM attribute:: configurable
SCIM attribute:: id
Operation:: Read and write
Description:: If configured, UDM uses the external ID field to store an object ID of external IAM. See External ID mapping.
Schema:: Core user schema or Core group schema

Resource type

UDM attribute:: None
SCIM attribute:: meta.resourceType
Operation:: Read
Description:: User or Group
Schema:: Core user schema or Core group schema

Version

UDM attribute:: etag
SCIM attribute:: meta.version
Operation:: Read
Description:: Version identifier of the object
Schema:: Core user schema or Core group schema

Location

UDM attribute:: None
SCIM attribute:: meta.location
Operation:: Read
Description:: SCIM URL to access the object
Schema:: Core user schema or Core group schema

Created timestamp

UDM attribute:: createTimestamp
SCIM attribute:: meta.created
Operation:: Read
Description:: UTC time when the object was created, ISO 8601 format.
Schema:: Core user schema or Core group schema

Last modified timestamp

UDM attribute:: modifyTimestamp
SCIM attribute:: meta.lastModified
Operation:: Read
Description:: UTC time when the object was last modified, ISO 8601 format.
Schema:: Core user schema or Core group schema

7.3.4.3. User attributes#

A listing of all user attributes that the Nubus SCIM Server maps between UDM and SCIM.

Username

UDM attribute:: username
SCIM attribute:: username
Operation:: Read and write
Description:: User login name
Schema:: Core user schema

Active

UDM attribute:: disabled
SCIM attribute:: active
Operation:: Read and write
Description:: Boolean, inverted: active != disabled.
Schema:: Core user schema

First name

UDM attribute:: firstname
SCIM attribute:: name.givenName
Operation:: Read and write
Description:: First name
Schema:: Core user schema

Last name

UDM attribute:: lastname
SCIM attribute:: name.familyName
Operation:: Read and write
Description:: Last name
Schema:: Core user schema

Formatted name

UDM attribute:: None
SCIM attribute:: name.formatted
Operation:: Read
Description:: firstname` and lastname concatenated with space and trimmed.
Schema:: Core user schema

Display name

UDM attribute:: displayName
SCIM attribute:: displayName
Operation:: Read and write
Description:: Display name
Schema:: Core user schema

Title

UDM attribute:: title
SCIM attribute:: title
Operation:: Read and write
Description:: Job title
Schema:: Core user schema

Employee type

UDM attribute:: employeeType
SCIM attribute:: userType
Operation:: Read and write
Description:: Employee type
Schema:: Core user schema

Preferred language

UDM attribute:: preferredLanguage
SCIM attribute:: preferredLanguage
Operation:: Read and write
Description:: The user’s preferred language
Schema:: Core user schema

Primary mail address

UDM attribute:: mailPrimaryAddress
SCIM attribute:: emails[type="mailbox"].value
Operation:: Read and write
Description:: Name of the mailbox used by the mail stack in the UCS appliance. The address needs to end with a local mail domain.
Schema:: Core user schema

Alternative mail address

UDM attribute:: mailAlternativeAddress[]
SCIM attribute:: emails[type="alias"].value
Operation:: Read and write
Description:: List of aliases used by the mail stack in the UCS appliance. The address needs to end with a local mail domain.
Schema:: Core user schema

Other mail address

UDM attribute:: e-mail[]
SCIM attribute:: emails[type!="mailbox" and type!="alias"].value
Operation:: Read and write
Description:: List of emails without special type
Schema:: Core user schema

Phone work numbers

UDM attribute:: phone[]
SCIM attribute:: phoneNumbers[type="work"].value
Operation:: Read and write
Description:: List of work phone numbers
Schema:: Core user schema

Mobile phone work numbers

UDM attribute:: mobileTelephoneNumber[]
SCIM attribute:: phoneNumbers[type="mobile"].value
Operation:: Read and write
Description:: List of emails without special type
Schema:: Core user schema

Phone home numbers

UDM attribute:: homeTelephoneNumber[]
SCIM attribute:: phoneNumbers[type="home"].value
Operation:: Read and write
Description:: List of home phone numbers
Schema:: Core user schema

Pager numbers

UDM attribute:: pagerTelephoneNumber[]
SCIM attribute:: phoneNumbers[type="pager"].value
Operation:: Read and write
Description:: List of pager numbers
Schema:: Core user schema

Street work

UDM attribute:: street
SCIM attribute:: addresses[type="work"].streetAddress
Operation:: Read and write
Description:: Work street address
Schema:: Core user schema

City work

UDM attribute:: city
SCIM attribute:: addresses[type="work"].locality
Operation:: Read and write
Description:: Work city
Schema:: Core user schema

Postcode work

UDM attribute:: postcode
SCIM attribute:: addresses[type="work"].postalCode
Operation:: Read and write
Description:: Work postal code
Schema:: Core user schema

State work

UDM attribute:: state
SCIM attribute:: addresses[type="work"].region
Operation:: Read and write
Description:: Work state/region
Schema:: Core user schema

Country work

UDM attribute:: country
SCIM attribute:: addresses[type="work"].country
Operation:: Read and write
Description:: Work country
Schema:: Core user schema

Formatted work address

UDM attribute:: None
SCIM attribute:: addresses[type="work"].formatted
Operation:: Read
Description:: Formatted work address string from individual components
Schema:: Core user schema

Street home

UDM attribute:: homePostalAddress[].street
SCIM attribute:: addresses[type="home"].streetAddress
Operation:: Read and write
Description:: List of home street addresses
Schema:: Core user schema

City home

UDM attribute:: homePostalAddress[].city
SCIM attribute:: addresses[type="home"].locality
Operation:: Read and write
Description:: List of home cities
Schema:: Core user schema

Postcode home

UDM attribute:: homePostalAddress[].zipcode
SCIM attribute:: addresses[type="home"].postalCode
Operation:: Read and write
Description:: List of home postal codes
Schema:: Core user schema

Formatted home address

UDM attribute:: None
SCIM attribute:: addresses[type="home"].formatted
Operation:: Read
Description:: List of formatted home address strings from individual components
Schema:: Core user schema

User certificate

UDM attribute:: userCertificate
SCIM attribute:: x509Certificates[].value
Operation:: Read and write with limitations
Description:: User certificate, only written if input list has exactly zero or one element.
Schema:: Core user schema

User certificate common name

UDM attribute:: certificateSubjectCommonName
SCIM attribute:: x509Certificates[].display
Operation:: Read and write with limitations
Description:: Display name of the user certificate, only written if input list has exactly zero or one element.
Schema:: Core user schema

Guardian direct roles

UDM attribute:: guardianRoles[]
SCIM attribute:: roles[type="guardian-direct"].value
Operation:: Read and write
Description:: List of roles with special type guardian-direct.
Schema:: Core user schema

Guardian indirect roles

UDM attribute:: guardianInheritedRoles[]
SCIM attribute:: roles[type="guardian-indirect"].value
Operation:: Read and write
Description:: List of roles with special type guardian-indirect.
Schema:: Core user schema

Roles

UDM attribute:: configurable
SCIM attribute:: roles[type!="guardian-indirect" and type!="guardian-direct"].value
Operation:: Read and write
Description:: If configured the roles are stored in UMD as serialized JSON, see Roles mapping.
Schema:: Core user schema

Password recovery email

UDM attribute:: PasswordRecoveryEmail
SCIM attribute:: passwordRecoveryEmail
Operation:: Read and write
Description:: Password recovery mail
Schema:: Univention user schema

Description

UDM attribute:: description
SCIM attribute:: description
Operation:: Read and write
Description:: Description
Schema:: Univention user schema

Employee number

UDM attribute:: employeeNumber
SCIM attribute:: employeeNumber
Operation:: Read and write
Description:: Employee number
Schema:: Enterprise user schema

7.3.4.4. Group attributes#

A listing of all group attributes that the Nubus SCIM Server maps between UDM and SCIM.

Name

UDM attribute:: name
SCIM attribute:: displayName
Operation:: Read and write
Description:: Group name
Schema:: Core group schema

Members user id

UDM attribute:: users[]
SCIM attribute:: members[type="User"].value
Operation:: Read and write
Description:: The user members of the group
Schema:: Core group schema

Members user name

UDM attribute:: user.displayName
SCIM attribute:: members[type="User"].display
Operation:: Read
Description:: The name of the user as in the user object
Schema:: Core group schema

Members user ref

UDM attribute:: None
SCIM attribute:: members[type="User"].$ref
Operation:: Read
Description:: The URL reference to query the user object
Schema:: Core group schema

Members group id

UDM attribute:: nestedGroup[]
SCIM attribute:: members[type="Group"].value
Operation:: Read and write
Description:: The group members of the group, nested groups
Schema:: Core group schema

Members group name

UDM attribute:: group.displayName
SCIM attribute:: members[type="Group"].display
Operation:: Read
Description:: The name of the group as in the group object
Schema:: Core group schema

Members group ref

UDM attribute:: None
SCIM attribute:: members[type="Group"].$ref
Operation:: Read
Description:: The URL reference to query the group object
Schema:: Core group schema

Guardian member roles

UDM attribute:: guardianMemberRoles
SCIM attribute:: memberRoles[type="guardian"].value
Operation:: Read and write
Description:: Guardian member roles
Schema:: Univention group schema

Description

UDM attribute:: description
SCIM attribute:: description
Operation:: Read and write
Description:: Description
Schema:: Univention group schema

Nubus for Kubernetes - Operation Manual 1.x