PingDirectory

Configuring soft deletes by connection criteria

Use this section for instructions on enabling and disabling soft deletes with connection criteria.

The PingDirectory server supports soft deletes where any delete operation is treated as a soft-delete request as long as the LDAP client meets the connection criteria.

To configure soft deletes:

  • Define the connection criteria used in a client connection policy.

  • Configure the soft delete connection criteria in the soft-delete policy.

Enabling soft deletes by connection criteria

Before you begin

Configure a soft-delete policy and global configuration, as shown in Configuring Soft Deletes as a Global Configuration.

Steps

  1. Create a connection criteria using dsconfig and name it Internal Applications.

    Example:

    In the following example the soft delete connection criteria is configured for a member of a line of business (LOB) applications group connecting from the 10.8.1.0 network.

    $ bin/dsconfig create-connection-criteria \
      --criteria-name "Internal Applications" \
      --type simple \
      --set included-client-address:10.8.1.0/8 \
      --set "all-included-user-group-dn:cn=LOB Applications,ou=Groups,dc=example,dc=com"
  2. Set the auto-soft-delete-connection-criteria property to the soft-delete connection criteria you created in step 1.

    Example:

    $ bin/dsconfig set-soft-delete-policy-prop \
      --policy-name default-soft-delete-policy \
      --set "auto-soft-delete-connection-criteria:Internal Applications"

Disabling soft deletes by connection criteria

About this task

Disable soft deletes by connection criteria.

Steps

  • Reset the auto-soft-delete-connection-criteria property on the soft-delete policy.

    Example:

    $ bin/dsconfig set-soft-delete-policy-prop \
      --policy-name default-soft-delete-policy \
      --reset auto-soft-delete-connection-criteria