Successful Bind Result Criteria define sets of criteria that may be used to make determinations based on the result of a successful bind operation. It will never match operations other than binds, and it will never match bind operations with a result code of anything other than success (0).
The Successful Bind Result Criteria component inherits from the Result Criteria
The following components have a direct aggregation relation from Successful Bind Result Criteria:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | request-criteria |
| include-anonymous-binds | |
| included-user-base-dn | |
| excluded-user-base-dn | |
| included-user-filter | |
| excluded-user-filter | |
| included-user-group-dn | |
| excluded-user-group-dn |
| Description | A description for this Result Criteria |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this criteria will be permitted to match bind operations that resulted in anonymous authentication. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of base DNs for authenticated users that will be permitted to match this criteria. If one or more included-user-base-dn values are specified, then this criteria will only be permitted to match bind operations in which the DN of the authenticated user matches or is subordinate to one of those base DNs and is not within any excluded-user-base-dn subtrees. If neither included-user-base-dn nor excluded-user-base-dn values are specified, then the location of the authenticated user will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of base DNs for authenticated users that will not be permitted to match this criteria. If one or more excluded-user-base-dn values are specified, then this criteria will not be permitted to match bind operations in which the DN of the authenticated user matches or is subordinate to one of those base DNs, even if the authenticated user is also at or below an included-user-base-dn value. If neither included-user-base-dn nor excluded-user-base-dn values are specified, then the location of the authenticated user will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of filters that may be used to identify entries for authenticated users that will be permitted to match this criteria. If one or more included-user-filter values are specified, then this criteria will only be permitted to match bind operations in which the authenticated user entry matches at least one of the included-user-filter values and does not match any excluded-user-filter values. If neither included-user-filter nor excluded-user-filter values are specified, then the content of the authenticated user entry will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A set of filters that may be used to identify entries for authenticated users that will not be permitted to match this criteria. If one or more excluded-user-filter values are specified, then this criteria will not be permitted to match any bind operation in which the authenticated user entry matches at least one of the excluded-user-filter values, even if it does match any included-user-filter values. If neither included-user-filter nor excluded-user-filter values are specified, then the content of the authenticated user entry will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid LDAP search filter |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The DNs of the groups whose members will be permitted to match this criteria. If one or more included-user-group-dn values are specified, then this criteria will only be permitted to match bind operations in which the authenticated user is a member of at least one of those groups and is not a member of any groups specified by the excluded-user-group-dn property. If neither included-user-group-dn nor excluded-user-group-dn values are specified, then the group membership of the authenticated user will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The DNs of the groups whose members will not be permitted to match this criteria. If one or more excluded-user-group-dn values are specified, then this criteria will not be permitted to match bind operations in which the authenticated user is a member of at least one of those groups, even if they are a member of any groups referenced by the included-user-group-dn property. If neither included-user-group-dn nor excluded-user-group-dn values are specified, then the group membership of the authenticated user will not be taken into account when determining whether a successful bind operation matches this criteria. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
request-criteria (Advanced Property)
| Description | Specifies a request criteria object that must match the associated request for operations included in this Successful Bind Result Criteria. |
| Default Value | None |
| Allowed Values | The DN of any Request Criteria. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Result Criteria:
dsconfig list-result-criteria
[--property {propertyName}] ...
To view the configuration for an existing Result Criteria:
dsconfig get-result-criteria-prop
--criteria-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Result Criteria:
dsconfig set-result-criteria-prop
--criteria-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Successful Bind Result Criteria:
dsconfig create-result-criteria
--criteria-name {name}
--type successful-bind
[--set {propertyName}:{propertyValue}] ...
To delete an existing Result Criteria:
dsconfig delete-result-criteria
--criteria-name {name}