1. In the administrative console, in the Core Server section, click Client Connection Policies.

    If you do not see Client Connection Policies on the menu, change the Object Types filter to Standard.

  2. To add a new policy, click Add New.
  3. Enter a Policy ID.

    If you want to base your new client connection policy on an existing policy, select it from the Template menu.

  4. Configure the properties of the client connection policy, then to enable the policy, select Enabled.
  5. Enter the order in which you want the new policy to be evaluated in the Evaluation Order Index box, and then click Continue.

    A policy with a lower index is evaluated before a policy with a higher index. The PingDirectory server uses the first evaluated policy that applies to a client connection.

  6. Select the connection criteria that match the client connection for this policy.
    1. To change the criteria, click View and Edit.
    2. To add new criteria, click Select New.
    3. Select the operations allowed for clients that are members of this connection group.
    4. To make operations available to clients, use the Add and Remove buttons.
    5. Specify the extended operations that clients are allowed and denied to use.
  7. Enter the type of authorization allowed and the SASL mechanisms that are allowed and denied in response to client requests.
  8. Select the Include Backend Subtree Views check box if you want to automatically include the subtree views of backends configured in the PingDirectory server.

    You can also choose to include and exclude specific base DNs using the appropriate fields.

  9. Save your changes.
    • To review the dsconfig command equivalent and save your changes, click Confirm then Save.
    • To save your changes without first reviewing the dsconfig output, click Save Now.