PingDirectory

Simple request criteria

Use simple request criteria to match requests based on a broad set of properties.

These properties include the following.

Property Description

operation-type

The set of operation types for requests that might match this criteria. By default, all of the following operation types are included:

  • abandon

  • add

  • bind

  • compare

  • delete

  • extended

  • modify

  • modify-dn

  • search

  • unbind

operation-origin

Specifies the origin for operations that might match this criteria. By default, all of the following operation types are included:

external-request

Indicates that the criteria can match requests from external clients.

internal-operation

Indicates that the criteria can match internal operations, such as those created by Server SDK extensions.

replicated-operation

Indicates that the criteria can match operations received from replication.

connection-criteria

An optional reference to a connection criteria object that must match the connection associated with requests that might match this criteria.

all-included-request-control

An optional set of the OIDs of controls that can be included in requests that might match this criteria. If multiple OIDs are specified, then the request must include all of those controls.

any-included-request-control

An optional set of the OIDs of controls that can be included in requests that might match this criteria. If multiple OIDs are specified, then the request must include at least one of those controls.

not-all-included-request-control

An optional set of the OIDs of controls that should not be included in requests that might match this criteria. If multiple OIDs are specified, then the request can optionally include one or more of those controls as long as it does not have all of them.

none-included-request-control

An optional set of the OIDs of controls that should not be included in requests that might match this criteria. If multiple OIDs are specified, then the request must not include any of them.

included-target-entry-dn

An optional set of base distinguished names (DNs) for entries targeted by requests that match this criteria.

excluded-target-entry-dn

An optional set of base DNs for entries targeted by requests that will not match this criteria.

all-included-target-entry-filter

An optional set of filters that should match the target entry for requests that match this criteria. If multiple filters are specified, then the target entry must match all of them.

any-included-target-entry-filter

An optional set of filters that should match the target entry for requests that match this criteria. If multiple filters are specified, then the target entry must match at least one of them.

not-all-included-target-entry-filter

An optional set of filters that should not match the target entry for requests that match this criteria. If multiple filters are specified, then the target entry can optionally match one or more of them as long as it does not match all of them.

none-included-target-entry-filter

An optional set of filters that should not match the target entry for requests that match this criteria. If multiple filters are specified, then the target entry must not match any of them.

all-included-target-entry-group-dn

An optional set of the DNs of groups in which the target entry should be a member for requests that match this criteria. If multiple group DNs are specified, then the target entry must be a member of all of them.

any-included-target-entry-group-dn

An optional set of the DNs of groups in which the target entry should be a member for requests that match this criteria. If multiple group DNs are specified, then the target entry must be a member of at least one of them.

not-all-included-target-entry-group-dn

An optional set of the DNs of groups in which the target entry should not be a member for requests that match this criteria. If multiple group DNs are specified, then the target entry can optionally be a member of one or more of them as long as it is not a member of all of them.

none-included-target-entry-group-dn

An optional set of the DNs of groups in which the target entry should not be a member for requests that match this criteria. If multiple group DNs are specified, then the target entry must not be a member of any of them.

target-bind-type

The authentication types for bind requests that can match this criteria. This property is ignored for non-bind requests. By default, this includes both of the following values:

simple

Indicates that this criteria can match simple bind requests.

sasl

Indicates that this criteria can match SASL bind requests. The included-target-sasl-mechanism and excluded-target-sasl-mechanism properties can be used to further restrict it to specific mechanisms.

included-target-sasl-mechanism

An optional set of the names of SASL mechanisms for SASL bind requests that might match this criteria. This is ignored for all requests other than SASL bind requests.

excluded-target-sasl-mechanism

An optional set of the names of SASL mechanisms for SASL bind requests that do not match this criteria. This is ignored for all requests other than SASL bind requests.

included-target-attribute

An optional set of the target attributes for requests that might match this criteria. For add requests, the entry to add must include at least one of the target attributes. For compare requests, one of the target attributes must be used in the assertion. For modify requests, at least one modification must include one of the target attributes. For modify DN requests, at least one of the target attributes must be included in the new RDN. For search requests, at least one of the target attributes must be used in the filter. This property is ignored for other types of requests.

excluded-target-attribute

An optional set of the target attributes for requests that do not match this criteria.

included-extended-operation-oid

An optional set of the OIDs for extended requests that might match this criteria. This is ignored for all requests other than extended requests.

excluded-extended-operation-oid

An optional set of the OIDs for extended requests that might not match this criteria. This is ignored for all requests other than extended requests.

included-search-scope

The allowed scope values for search requests that might match this criteria. This is ignored for all requests other than search. By default, this includes all of the following values:

  • base-object

  • single-level

  • whole-subtree

  • subordinate-subtree

using-administrative-session-worker-thread

Indicates whether to match requests based on their use of a worker thread from the administrative thread pool. The value can be one of the following:

true

Indicates that this criteria might only match requests that are processed on an administrative worker thread.

false

Indicates that this criteria might only match requests that are not processed on an administrative worker thread.

any

Indicates that this criteria can match any type of request, regardless of whether they are processed using an administrative worker thread.

included-application-name

An optional set of application names for requests that might match this criteria. The application name for a request can either be specified by either the operation purpose request control or the intermediate client request control. Requests without an application name do not match.

excluded-application-name

An optional set of application names for requests that do not match this criteria. Requests with an application name might match this criteria.

The default settings for the simple request criteria match any request. If you set values for multiple properties, then it essentially behaves as a logical AND, and the criteria only matches requests that match all of those properties.

Properties that are based on the target entry for the request are ignored for abandon and unbind requests, since they do not target a specific entry. They are also ignored for SASL bind and extended requests because the process for determining the target entry, if there is one, depends on decoding that is specific to the type of SASL mechanism or extended request. For search requests, the target entry DN is the search base DN.