an update on the topic,
initially I used the call described in the documentation "Partially update to SCIM user" by changing the content of the password attribute, but as I said in the previous post this is not a real password change.
To get an effective password change you need to use this json payload:
{
"Operations": [
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:extension:isam:1.0:User:password",
"value": "NewPassword"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:extension:isam:1.0:PatchOp"
]
}
source: IBM Support
regards
------------------------------
Patrizio Spadavecchia
------------------------------
Original Message:
Sent: Mon May 11, 2020 01:26 PM
From: Patrizio Spadavecchia
Subject: SCIM Support for operational attributes
Is it possible also to write operational attributes like secPwdLastChanged?
Changing the password using the SCIM rest interface does not update the secPwdLastChanged attribute and if Max Password Age policy is set I cannot log in with my brand new password because the account results still locked.
Best Regards,
Patrizio Spadavecchia
------------------------------
Patrizio Spadavecchia
Original Message:
Sent: Wed October 09, 2019 09:43 PM
From: Matthew Britt
Subject: SCIM Support for operational attributes
Hello Juergen,
This is possible, yes. To make these attributes appear in the drop down options in attribute mappings, you first need to add them to the objectclass for the user.
I have, in the past achieved this on SDS, but am not sure of your external LDAP so cannot recommend a method for adding these attributes. I, personally added operational attributes to the 'inetOrgPerson' objectclass - this resulted in them being available to the SCIM attribute mapping.
I hope that's helpful, otherwise feel free to reach out and we can continue to work on this to get it working for you.
Regards,
Matthew Britt
------------------------------
Matthew Britt
Original Message:
Sent: Wed September 25, 2019 04:19 PM
From: Jürgen Hitt
Subject: SCIM Support for operational attributes
Hello,
I use ISAM 9.0.7. Release notes of 9.0.6 state that SCIM will support LDAP operational attributes.
I would like to read password attributes like pwdChangedTime, pwdReset of the LDAP user. We use basic users.
Is this possible at all? If yes, how can I add this to the attribute mappings?
Best regards,
Juergen
------------------------------
Jürgen Hitt
------------------------------