A Client Connection Policy is used to classify a client connection based on the client address, protocol, identity, and whether it is using a secure communication mechanism. It may be used to control which types of operations that client may perform and the types of data that it may access.
Note that if the set of client connection policies is customized in order to introduce limits on what some clients may be allowed to access, it may be necessary to create an additional client connection policy for use in processing internal operations. If this is done, that policy should allow unrestricted access to any content which may need to be accessed through internal operations (e.g., as may be needed for things like plugins, identity mappers, and other extensions that need to perform internal reads or updates), and in the Identity Proxy this may include subtree views that allow access to backend servers. That policy does not need to be accessible to any external clients (e.g., it may have a high evaluation order index, and it may have a higher evaluation order index than a policy which matches all connections and has a terminate-connection value of true.
↓Relations From this Component
↓Relations To this Component
↓Properties
↓dsconfig Usage
The following components have a direct aggregation relation from Client Connection Policies:
The following components have a direct aggregation relation to Client Connection Policies:
The properties supported by this managed object are as follows:
| Description | Specifies a name which uniquely identifies this Client Connection Policy in the server. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A description for this Client Connection Policy |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this Client Connection Policy is enabled for use in the server. If a Client Connection Policy is disabled, then no new client connections will be associated with it. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the order in which Client Connection Policy definitions will be evaluated. A Client Connection Policy with a lower index will be evaluated before one with a higher index, and the first Client Connection Policy evaluated which may apply to a client connection will be used for that connection. Each Client Connection Policy must be assigned a unique evaluation order index value. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a set of connection criteria that must match the associated client connection for it to be associated with this Client Connection Policy. Note that if a client connection policy is associated with connection criteria that includes restrictions that may not be satisfied when a connection is initially established, it may be necessary to create an additional client connection policy with fewer restrictions that can be assigned to a newly-established connection and will allow it to undergo the transformation required to match the more restrictive criteria. For example, consider the case of a client connection policy that has criteria that will only match secure connections. If you wish to allow connections secured by StartTLS to be associated with that policy, it will also be necessary to have a client connection policy that allows insecure connections and permits them to issue the StartTLS extended request. |
| Default Value | None |
| Allowed Values | The DN of any Connection Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether any client connection for which this Client Connection Policy is selected should be terminated. This makes it possible to define fine-grained criteria for clients that should not be allowed to connect to this Identity Data Store. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-concurrent-connections
| Description | Specifies the maximum number of client connections which may be associated with this Client Connection Policy at any given time. If the maximum number of client connections for this Client Connection Policy has been reached, then any further attempts to associate a connection with this Client Connection Policy (until an existing connection is closed or associated with a different Client Connection Policy) will result in the termination of that connection. A value of zero indicates that no limit will be imposed on the number of concurrent connections that may be associated with this Client Connection Policy. |
| Default Value | 0 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum length of time that a connection associated with this Client Connection Policy may be established. Any connection which is associated with this Client Connection Policy and has been established for longer than this period of time may be terminated. A value of zero seconds indicates that no maximum duration will be imposed for connections associated with this Client Connection Policy. |
| Default Value | 0 seconds |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-idle-connection-duration
| Description | Specifies the maximum length of time that a connection associated with this Client Connection Policy may remain established after the completion of the last operation processed on that connection. Any new operation requested on the connection will reset this timer. Any connection associated with this Client Connection Policy which has been idle for longer than this length of time may be terminated. A value of zero seconds indicates that no maximum duration will be imposed for connections associated with this Client Connection Policy. |
| Default Value | 0 seconds |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-operation-count-per-connection
| Description | Specifies the maximum number of operations that may be requested by any client connection associated with this Client Connection Policy. If an attempt is made to process more than this number of operations on a client connection, then that connection will be terminated. A value of zero indicates that no limit will be imposed on the number of requests that may be processed on a client connection. |
| Default Value | 0 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-concurrent-operations-per-connection
| Description | Specifies the maximum number of concurrent operations that can be in progress for any connection. This can help prevent a single client connection from monopolizing server processing resources by sending a large number of concurrent asynchronous requests. A value of zero indicates that no limit will be placed on the number of concurrent requests for a single client. If a nonzero value is provided for this option and a value of "delay" is chosen for the concurrent-operation-limit-exceeded-behavior property, then it is strongly recommended that the request-handler-per-connection property be configured with a value of true to prevent starvation of other client connections that might be associated with the same request handler. |
| Default Value | 0 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-concurrent-operation-wait-time-before-rejecting
| Description | Specifies the maximum length of time that the server should wait for an outstanding operation to complete before rejecting a new request received when the maximum number of outstanding operations are already in progress on that connection. If an existing outstanding operation on the connection completes before this time, then the operation will be processed. Otherwise, the operation will be rejected with a "busy" result. A value of 0 seconds indicates that there should be no delay and any requests received on a connection that already has the maximum number of outstanding operation should be immediately rejected. |
| Default Value | 0 seconds |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-connection-operation-rate
| Description | Specifies the maximum rate at which a client associated with this Client Connection Policy may issue requests to the Identity Data Store. If any client attempts to request operations at a rate higher than this limit, then the server will exhibit the behavior described in the connection-operation-rate-exceeded-behavior property. Multiple operation rate limit values may be provided to define different rates over different intervals. For example, you may wish to define a lower limit over a longer period of time (1M/day), but a higher limit over a short period of time (1000/second) to allow for bursts of activity. Each operation rate limit value should consist of a count and a duration, separated by a slash character (/). The count must include an integer and may include an optional multiplier value of 'k' (to indicate that the integer portion is in thousands), 'm' (to indicate that the integer portion is in millions), or 'g' (to indicate that the integer portion is in billions). The duration should specify at least a time unit of ms (for milliseconds), s (for seconds), m (for minutes), h (for hours), d (for days), or w (for weeks). The unit may optionally be preceded by an integer multiplier. The following are examples of valid rate limit values:
|
| Default Value | None |
| Allowed Values | Unknown |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
connection-operation-rate-exceeded-behavior
| Description | Specifies the behavior that the Identity Data Store should exhibit if a client connection attempts to exceed a rate defined in the maximum-connection-operation-rate property. If the configured behavior is one that will reject requested operations, then that behavior will persist until the end of the corresponding interval. The server will resume allowing that client to perform operations when that interval expires, as long as no other operation rate limits have been exceeded. |
| Default Value | reject-busy |
| Allowed Values | disconnect - Indicates that the Identity Data Store should terminate the connection to any client which attempts to exceed the maximum connection operation rate. reject-admin-limit-exceeded - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "admin limit exceeded". reject-constraint-violation - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "constraint violation". reject-busy - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "busy". reject-unavailable - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "unavailable". reject-unwilling-to-perform - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "unwilling to perform". reject-other - Indicates that any operations requested by the client in excess of the maximum rate will be rejected with a result of "other". |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum rate at which all clients associated with this Client Connection Policy, as a collective set, may issue requests to the Identity Data Store. If this limit is exceeded, then the server will exhibit the behavior described in the policy-operation-rate-exceeded-behavior property. Multiple operation rate limit values may be provided to define different rates over different intervals. For example, you may wish to define a lower limit over a longer period of time (1M/day), but a higher limit over a short period of time (1000/second) to allow for bursts of activity. Each operation rate limit value should consist of a count and a duration, separated by a slash character (/). The count must include an integer and may include an optional multiplier value of 'k' (to indicate that the integer portion is in thousands), 'm' (to indicate that the integer portion is in millions), or 'g' (to indicate that the integer portion is in billions). The duration should specify at least a time unit of ms (for milliseconds), s (for seconds), m (for minutes), h (for hours), d (for days), or w (for weeks). The unit may optionally be preceded by an integer multiplier. The following are examples of valid rate limit values:
|
| Default Value | None |
| Allowed Values | Unknown |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
policy-operation-rate-exceeded-behavior
| Description | Specifies the behavior that the Identity Data Store should exhibit if a client connection attempts to exceed a rate defined in the maximum-policy-operation-rate property. If the configured behavior is one that will reject requested operations, then that behavior will persist until the end of the corresponding interval. The server will resume allowing clients associated with this Client Connection Policy to perform operations when that interval expires, as long as no other operation rate limits have been exceeded. |
| Default Value | reject-busy |
| Allowed Values | disconnect - Indicates that the Identity Data Store should terminate the connection to any client which attempts to exceed the maximum policy operation rate. reject-admin-limit-exceeded - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "admin limit exceeded". reject-constraint-violation - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "constraint violation". reject-busy - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "busy". reject-unavailable - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "unavailable". reject-unwilling-to-perform - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "unwilling to perform". reject-other - Indicates that any operations requested by clients in excess of the maximum rate will be rejected with a result of "other". |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of operations that clients associated with this Client Connection Policy will be allowed to request. |
| Default Value | abandon add bind compare delete extended modify modify-dn search |
| Allowed Values | abandon - Client connections associated with this Client Connection Policy may request abandon operations. add - Client connections associated with this Client Connection Policy may request add operations. bind - Client connections associated with this Client Connection Policy may request bind operations. compare - Client connections associated with this Client Connection Policy may request compare operations. delete - Client connections associated with this Client Connection Policy may request delete operations. extended - Client connections associated with this Client Connection Policy may request extended operations. modify - Client connections associated with this Client Connection Policy may request modify operations. modify-dn - Client connections associated with this Client Connection Policy may request modify DN operations. search - Client connections associated with this Client Connection Policy may request search operations. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OIDs of the controls that clients associated with this Client Connection Policy will be allowed to include in requests. If one or more request control OIDs are specified, then only those types of controls may be included in requests. If no allowed request control OIDs are specified, then any request control whose OID is not included in the set of denied request controls may be requested. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OIDs of the controls that clients associated with this Client Connection Policy will not be allowed to include in requests. If one or more denied request control OIDs are specified, then clients will not be allowed to use request controls with any of those OIDs. If no denied request control OIDs are specified and no allowed request control OIDs are specified, then clients will be allowed to include any request controls. If no denied request control OIDs are specified but one or more allowed request control OIDs are specified, then clients will only be allowed to include those controls in requests. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OIDs of the extended operations that clients associated with this Client Connection Policy will be allowed to request. This setting will only be used if "extended" is included in the set of allowed operation types. If one or more extended operation OIDs are specified, then only those types of extended operations will be allowed for client connections associated with this Client Connection Policy. If no extended operation OIDs are specified, then any extended operation type not included in the set of denied extended operations may be requested. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the OIDs of the extended operations that clients associated with this Client Connection Policy will not be allowed to request. This setting will only be used if "extended" is included in the set of allowed operation types. If one or more denied extended operation OIDs are specified, then clients will not be allowed to request extended operations with those OIDs. If no denied extended operation OIDs are specified and no allowed extended operation OIDs are specified, then clients connections associated with this Client Connection Policy will be allowed to request any type of extended operation. If no denied extended operation OIDs are specified but one or more allowed extended operation OIDs are specified, then only those types of extended operations in the set of allowed OIDs may be requested. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of authentication that clients associated with this Client Connection Policy will be allowed to request. |
| Default Value | simple sasl |
| Allowed Values | simple - Client connections associated with this Client Connection Policy may request bind operations using simple authentication. sasl - Client connections associated with this Client Connection Policy may request bind operations using SASL authentication. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the names of the SASL mechanisms that clients associated with this Client Connection Policy will be allowed to request. This setting will only be used if "bind" is included in the set of allowed operation types and "sasl" is included in the set of allowed authentication types. If one or more allowed SASL mechanism names are provided, then client connections associated with this Client Connection Policy will only be allowed to request SASL binds with one of the specified mechanisms. If no allowed SASL mechanism names are provided, then all SASL mechanisms which are not present in the set of denied sasl mechanisms may be requested. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the names of the SASL mechanisms that clients associated with this Client Connection Policy will not be allowed to request. This setting will only be used if "bind" is included in the set of allowed operation types and "sasl" is included in the set of allowed authentication types. If one or more denied SASL mechanism names are provided, then clients associated with this Client Connection Policy will not be allowed to use any of those types of SASL authentication. If no denied SASL mechanisms are defined and no allowed SASL mechanisms are defined, then clients associated with this Client Connection Policy will be allowed to request any form of SASL authentication. If there are no denied SASL mechanisms but one or more allowed SASL mechanisms are defined, then client connections associated with this Client Connection Policy will only be allowed to request SASL binds with one of the allowed mechanisms. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the types of filter components that may be included in search requests from clients associated with this Client Connection Policy which have a non-baseObject scope. This setting will only be used if "search" is included in the set of allowed operation types. The restriction defined in this property will only be applied to searches with a scope other than baseObject (i.e., searches with a scope of singleLevel, wholeSubtree, or subordinateSubtree). Searches with a baseObject scope will be allowed to use filter components with any type of element. |
| Default Value | and or not equality sub-initial sub-any sub-final greater-or-equal less-or-equal present approximate-match extensible-match |
| Allowed Values | and - Client connections associated with this Client Connection Policy may request search operations with filters containing AND components. or - Client connections associated with this Client Connection Policy may request search operations with filters containing OR components. not - Client connections associated with this Client Connection Policy may request search operations with filters containing NOT components. equality - Client connections associated with this Client Connection Policy may request search operations with filters containing equality components. sub-initial - Client connections associated with this Client Connection Policy may request search operations with filters containing substring components with subInitial elements. sub-any - Client connections associated with this Client Connection Policy may request search operations with filters containing substring components with subAny elements. sub-final - Client connections associated with this Client Connection Policy may request search operations with filters containing substring components with subFinal elements. greater-or-equal - Client connections associated with this Client Connection Policy may request search operations with filters containing greater-or-equal components. less-or-equal - Client connections associated with this Client Connection Policy may request search operations with filters containing less-or-equal components. present - Client connections associated with this Client Connection Policy may request search operations with filters containing present components. approximate-match - Client connections associated with this Client Connection Policy may request search operations with filters containing approximate match components. extensible-match - Client connections associated with this Client Connection Policy may request search operations with filters containing extensible match components. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
required-operation-request-criteria
| Description | Specifies a request criteria object that will be required to match all requests submitted by clients associated with this Client Connection Policy. If a client submits a request that does not satisfy this request criteria object, then that request will be rejected. |
| Default Value | None |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
prohibited-operation-request-criteria
| Description | Specifies a request criteria object that must not match any requests submitted by clients associated with this Client Connection Policy. If a client submits a request that satisfies this request criteria object, then that request will be rejected. |
| Default Value | None |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether clients will be allowed to request search operations which cannot be efficiently processed using the set of indexes defined in the corresponding backend. The unindexed-search privilege will also be required for any client to be able to request an unindexed search. This setting will only be used if "search" is included in the set of allowed operation types. If this property has a value of "true", then any client associated with this Client Connection Policy which also has the unindexed-search privilege (or if that privilege has been disabled, then any client associated with this Client Connection Policy) will be allowed to request unindexed searches. If this property has a value of "false", then no client associated with this Client Connection Policy will be allowed to request an unindexed search, even if that client has the unindexed-search privilege (or if that privilege has been disabled. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the minimum number of consecutive bytes that must be present in any subInitial, subAny, or subFinal element of a substring filter component (i.e., the minimum number of consecutive bytes between wildcard characters in a substring filter). Any attempt to use a substring search with an element containing fewer than this number of bytes will be rejected. This setting will only be used if "search" is included in the set of allowed operation types and at least one of "sub-initial", "sub-any", or "sub-final" is included in the set of allowed filter types. |
| Default Value | 1 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum number of entries that may be returned for a search performed by a client associated with this Client Connection Policy. This setting will only be used if "search" is included in the set of allowed operation types. Note that this is only an upper limit. It may be used to reduce the size limit for any clients which may have a higher limit through other means, but it will never increase the limit that would otherwise be imposed for a client. A value of zero indicates that no additional maximum size limit will be imposed by this Client Connection Policy. Note that search requests will not be rejected if they include a size limit which exceeds the effective size limit for the user. Instead, the server will merely interpret the request as if it had a size limit of the maximum allowed value for that client. If a search request includes a size limit which is smaller than the maximum allowed for the client, then the size limit included in that search request will be used. |
| Default Value | 0 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum length of time that the server should spend processing search operations requested by clients associated with this Client Connection Policy. This setting will only be used if "search" is included in the set of allowed operation types. Note that this is only an upper limit. It may be used to reduce the time limit for any clients which may have a higher limit through other means, but it will never increase the limit that would otherwise be imposed for a client. A value of zero seconds indicates that no maximum time limit will be imposed for this Client Connection Policy. Note that search requests will not be rejected if they include a time limit which exceeds the effective time limit for the user. Instead, the server will merely interpret the request as if it had a time limit of the maximum allowed value for that client. If a search request includes a time limit which is smaller than the maximum allowed for the client, then the time limit included in that search request will be used. |
| Default Value | 0 seconds |
| Allowed Values | A duration. Lower limit is 0 seconds. Upper limit is 2147483647 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
maximum-search-lookthrough-limit
| Description | Specifies the maximum number of entries that may be examined by a backend in the course of processing a search requested by clients associated with this Client Connection Policy. This setting will only be used if "search" is included in the set of allowed operation types. Note that this is only an upper limit. It may be used to reduce the lookthrough limit for any clients which may have a higher limit through other means, but it will never increase the limit that would otherwise be imposed for a client. A value of zero indicates that no maximum lookthrough limit will be imposed for this Client Connection Policy. |
| Default Value | 0 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of backend base DNs for which subtree views should be included in this Client Connection Policy. If the include-backend-subtree-views property is set to false, then this setting will be ignored. If no values are configured, then client connections associated with this Client Connection Policy will be allowed to access all backends configured in the Identity Data Store except those in configured in the excluded-backend-base-dn property (subject to access control restrictions). If one or more base DN values are specified, then client connections associated with this Client Connection Policy will only be allowed to access content in the specified set of backends. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the set of backend base DNs for which subtree views should be excluded from this Client Connection Policy. If the include-backend-subtree-views property is set to false, then this setting will be ignored. If no values are configured for this property, and no included-backend-base-dn values are configured, then client connections associated with this Client Connection Policy will be allowed to access all backends configured in the (subject to access control restrictions). If one or more base DN values are specified, then client connections associated with this Client Connection Policy will not be allowed to access content in the specified set of backends. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
sensitive-attribute (Advanced Property)
| Description | Provides the ability to indicate that some attributes should be considered sensitive and additional protection should be in place when interacting with those attributes. Note that sensitive attributes may also be configured on a server-wide basis using the sensitive-attribute property in the global configuration. Any sensitive attribute definitions configured there will automatically apply to clients with any client connection policy unless that policy overrides that behavior with the exclude-global-sensitive-attribute option. |
| Default Value | None |
| Allowed Values | The DN of any Sensitive Attribute. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
exclude-global-sensitive-attribute (Advanced Property)
| Description | Specifies the set of global sensitive attribute definitions that should not apply to this client connection policy. |
| Default Value | None |
| Allowed Values | The DN of any Sensitive Attribute. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
result-code-map (Advanced Property)
| Description | Specifies the result code map that should be used for clients associated with this Client Connection Policy. If a value is defined for this property, then it will override any result code map referenced in the global configuration. |
| Default Value | None |
| Allowed Values | The DN of any Result Code Map. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Client Connection Policies:
dsconfig list-client-connection-policies
[--property {propertyName}] ...
To view the configuration for an existing Client Connection Policy:
dsconfig get-client-connection-policy-prop
--policy-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Client Connection Policy:
dsconfig set-client-connection-policy-prop
--policy-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Client Connection Policy:
dsconfig create-client-connection-policy
--policy-name {name}
--set enabled:{propertyValue}
--set evaluation-order-index:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Client Connection Policy:
dsconfig delete-client-connection-policy
--policy-name {name}