In the account service schema, an LDAP/ ActiveDirectory is a type of ExternalAccoutProvider and there is another property named AdditionalAccountProvider which is of a type of collection object.
So now for eg:- If I am having one LDAP configuration which is of the type of ActiveDirectory, should I use the PATCH operation or the POST operation to create the LDAP Config on the "ActiveDirectory" in account service.
I know if it is "AdditionalExternalAccountProviders", it would be POST as we are creating the resource on the collection object.
We knew that for the majority of implementations that the service would only support one instance of LDAP / ActiveDirectory, so we made the decision to have the "first" instance within the AccountService so that you could easily PATCH using a script, etc. that would always find that first instance.
It's only if the service provides the ability for multiple external account providers that the link to the collection of "additional" (those beyond the first instance) would exist.
So yes, for those LDAP/AD objects within the AccountService, you use PATCH to update them.