User profile schema LDAP attribute mapping

ISAM provides pre-defined mapping of SCIM attributes to commonly available LDAP attributes. This default mapping can be customized on the User Profile tab of the SCIM Configuration page. See User profile. SCIM attributes that are not mapped to an LDAP attribute are not shown when the user profile schema is queried. The following table shows the default user schema attribute mapping.

SCIM attribute	LDAP attribute
addresses[0].type == home
addresses[0].formatted	homePostalAddress
addresses[1].type == work
addresses[1].formatted	postalAddress
addresses[1].streetAddress	street
addresses[1].postalCode	postalCode
addresses[1].locality	l
addresses[1].region	st
displayName	displayName
emails[0].type == work
emails[0].primary == true
emails[0].value	mail
id	Base64URLEncoded version of uid
name.familyName	sn
name.givenName	givenName
password	userPassword
phoneNumbers[0].type == work
phoneNumbers[0].primary == true
phoneNumbers[0].value	telephoneNumber
phoneNumbers[1].type == home
phoneNumbers[1].value	homePhone
phoneNumbers[2].type == mobile
phoneNumbers[2].value	mobile
phoneNumbers[3].type == pager
phoneNumbers[3].value	pager
preferredLanguage	preferredLanguage
title	title
userName	cn, uid

• The multi-valued SCIM attributes (addresses, emails, and phone numbers) are not order-dependent and are shown here with array indices for illustrative purposes only.
• id is generated by the server based on the userName attribute when an account is created. If we are connecting the SCIM application to a user registry that is already populated with users, the id field is a Base64URLEncoded version of the uid field.

The following table shows the enterprise extension attribute mapping.

SCIM attribute	LDAP attribute
department	departmentNumber
employeeNumber	employeeNumber
manager.value	manager
organization	o

The following attributes are not mapped by default:

User schema

active
entitlements
externalId
groups
ims[]
locale
name.formatted
name.middleName
name.honorificPrefix
name.honorificSuffix
nickName
photos
profileUrl
roles
timezone
userType
x509Certificates

Enterprise user schema

costCenter
division

Handling of multi-valued LDAP attributes

If an attribute in the SCIM schema is mapped to a multi-valued LDAP attribute, only the first of the multiple values that are provided by the LDAP server is returned.

Handling of multi-valued SCIM attributes

Some SCIM attributes, such as addresses, emails, and phone numbers contain multiple complex values. For these attributes, the returned value is an array where each array element is a sub attribute with a different type string. The type strings are mapped to fixed strings and as such the entire sub attribute is always returned, regardless of Whether other attributes such as value or primary are present.

Consider the following LDAP entry and corresponding SCIM JSON representation of an example user.

LDAP representation

dn: cn=bjensen,dc=scim-users
o: Universal Studios
givenName: Barbara
sn: Jensen
street: 100 Universal City Plaza
userPassword:: cGFzc3dvcmQ=
departmentNumber: Tour Operations
displayName: Bab Jensen
mail: bjensen@example.com
uid: bjensen
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
postalAddress:: MTAwIFVuaXZlcnNhbCBDaXR5IFBsYXphDQpIb2xseXdvb2QsIENBIDkxNjA4IF
 VTQQ==
postalCode: 91608
title: Tour Guide
cn: bjensen
employeeNumber: 701984
l: Hollywood
st: CA
homePostalAddress:: NDU2IEhvbGx5d29vZCBCbHZkCkhvbGx5d29vZCwgQ0EgOTE2MDggVVNB
telephoneNumber: 555-555-5555
mobile: 555-555-4444
homePhone: 555-555-3333
pager: 555-555-2222
preferredLanguage: en-US
manager: cn=jsmith

SCIM JSON representation

{
  "addresses": [
    {
      "formatted": "100 Universal City Plaza\r\nHollywood, CA 91608 USA",
      "locality": "Hollywood",
      "postalCode": "91608",
      "region": "CA",
      "streetAddress": "100 Universal City Plaza",
      "type": "work"
    },
    {
 "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
      "type": "home"
    }  ],
  "displayName": "Bab Jensen",
  "emails": [
    {
      "primary": true,
      "type": "work",
      "value": "bjensen@example.com"
    }  ],
  "id": "YmplbnNlbg",
  "meta": {
    "location": "https://isam-demo.ibm.com/scim/Users/YmplbnNlbg",
    "resourceType": "User"
  },
  "name": {
    "familyName": "Jensen",
    "givenName": "Barbara"
  },
  "phoneNumbers": [
    {
      "primary": true,
      "type": "work",
      "value": "555-555-5555"
    },
    {
      "primary": false,
      "type": "home",
      "value": "555-555-3333"
    },
    {
      "primary": false,
      "type": "mobile",
      "value": "555-555-4444"
    },
    {
      "primary": false,
      "type": "pager",
      "value": "555-555-2222"
    }  ],
  "preferredLanguage": "en-US",
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ],
  "title": "Tour Guide",
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "department": "Tour Operations",
    "employeeNumber": "701984",
    "manager": {
      "value": "cn=jsmith"
    },
    "organization": "Universal Studios"
  },
  "userName": "bjensen"
}

Parent topic: User Self-Care with the SCIM API