Simple result criteria
Use simple result criteria to match results based on a broad set of properties.
These properties include the following.
Property | Description |
---|---|
|
An optional reference to a request criteria object that must match the operation for this criteria to match. |
|
Specifies the criteria that the operation’s result code must match for this criteria to match. Allowed values include:
|
|
The set of result codes that an operation might have to match this criteria. This is only used if the |
|
Specifies the criteria that the operation’s processing time must satisfy for this criteria to match. Allowed values include:
|
|
The duration to use in conjunction with the |
|
Specifies the criteria that the operation’s queue time (the time that it spent waiting in the work queue before it was picked up by a worker thread) must satisfy for this criteria to match. Allowed values include:
|
|
The duration to use in conjunction with the |
|
Indicates whether this criteria should match operations that included one or more referral URLs. Allowed values include:
|
|
An optional set of the OIDs of controls that might be included in responses that can match this criteria. If multiple OIDs are specified, then the operation must include all of those response controls. |
|
An optional set of the OIDs of controls that might be included in responses that can match this criteria. If multiple OIDs are specified, then the operation must include at least one of those response controls. |
|
An optional set of the OIDs of controls that should not be included in responses that might match this criteria. If multiple OIDs are specified, then the operation can optionally include one or more of those controls as long as it does not include all of them. |
|
An optional set of the OIDs of controls that should not be included in responses that can match this criteria. If multiple OIDs are specified, then the operation must not include any of those response controls. |
|
Indicates whether this criteria should match operations that used an authorization identity that is different from the authentication identity (for example, as a result of the proxied authorization request control). Allowed values include:
|
|
Indicates whether this criteria should match operations in which the requester used one or more privileges.
|
|
An optional set of the privileges that the requester might have used for this criteria to match the operation. If multiple privileges are specified, then the requester must have used at least one of those privileges. |
|
Indicates whether this criteria should match operations in which the requester was missing one or more required privileges.
|
|
An optional set of the privileges that were required for the associated operation that the requester must have been missing for this criteria to match. If multiple privileges are specified, then the requester must have been missing at least one of those privileges. |
|
Indicates whether this criteria should match bind operations based on whether the client authenticated with a retired password. This property is ignored for all operations other than bind. Allowed values include:
|
|
Specifies the criteria for the number of entries returned in response to a search operation that operations matching this criteria should use. This property is ignored for all operations other than search. Allowed values include:
|
|
An optional set of base DNs below which the operation’s authorization identity might exist for the criteria to match. |
|
An optional set of base DNs below which the operation’s authorization identity must not exist for the criteria to match. |
|
An optional set of the DNs of groups in which the operation’s authorization identity must be a member for this criteria to match. If multiple group DNs are specified, then the user must be a member of all of those groups. |
|
An optional set of the DNs of groups in which the operation’s authorization identity must be a member for this criteria to match. If multiple group DNs are specified, then the user must be a member of at least one of those groups. |
|
An optional set of the DNs of groups in which the operation’s authorization identity should not be a member for this criteria to match. If multiple group DNs are specified, then the user can optionally be a member of one or more of those groups as long as it is not a member of all of them. |
|
An optional set of the DNs of groups in which the operation’s authorization identity should not be a member for this criteria to match. If multiple group DNs are specified, then the user must not be a member of any of them. |
The default settings for the simple result criteria matches any operation. If you set values for multiple properties, then it essentially behaves as a logical AND
, and the criteria only matches operations that match all of those properties.