Simple connection criteria is used to match client connections based on a broad set of properties.
These properties include the following.
Property | Description |
---|---|
|
An optional set of address masks (in the form used by the
connection handler’s |
|
An optional set of address masks (in the form used by the
connection handler’s |
|
An optional set of connection handlers whose connections are allowed to accept connections that can match this criteria. |
|
An optional set of connection handlers whose connections do not match this criteria. |
|
An optional set of the communication protocols for connections that might match this criteria. |
|
An optional set of the communication protocols for connections that do not match this criteria. |
|
The communication security level that can be used by connections that might match this criteria. Possible values include:
|
|
The types of authentication that can be used by connections that might match this criteria. By default, this property includes all of the following allowed values:
|
|
The types of authentication security that can be used by connections that might match this criteria. This property is ignored for unauthenticated connections. Possible values include:
|
|
An optional set of the SASL mechanisms used by clients that can match this criteria. This property is ignored for unauthenticated connections, or connections that did not authenticate with SASL. |
|
An optional set of the SASL mechanisms used by clients that do not match this criteria. This property is ignored for unauthenticated connections, or connections that did not authenticate with SASL. |
|
An optional set of the authenticated user entry base DNs for connections that might match this criteria. This property is ignored for unauthenticated connections. |
|
An optional set of the authenticated user entry base DNs for connections that do not match this criteria. This property is ignored for unauthenticated connections. |
|
An optional set of the group DNs in which the authenticated user must be a member for connections that might match this criteria. If multiple group DNs are specified, then the authenticated user must be a member of all of those groups. This property will be ignored for unauthenticated connections. |
|
An optional set of the group DNs in which the authenticated user must be a member for connections that might match this criteria. If multiple group DNs are specified, then the authenticated user must be a member of at least one of those groups. This property is ignored for unauthenticated connections. |
|
An optional set of the group DNs in which the authenticated user should not be a member for connections that might match this criteria. If multiple group DNs are specified, then the authenticated user can optionally be a member of one or more of those groups as long as they are not a member of all of them. This property is ignored for unauthenticated connections. |
|
An optional set of the group DNs in which the authenticated user must not be a member for connections that might match this criteria. If multiple group DNs are specified, then the authenticated user must not be a member of any of those groups. This property is ignored for unauthenticated connections. |
|
An optional set of filters that must match the authenticated user entry for connections that might match this criteria. If multiple filters are specified, then the user entry must match all of them. This property is ignored for unauthenticated connections. |
|
An optional set of filters that must match the authenticated user entry for connections that might match this criteria. If multiple filters are specified, then the user entry must match at least one of them. This property is ignored for unauthenticated connections. |
|
An optional set of filters that should not match the authenticated user entry for connections that might match this criteria. If multiple filters are specified, then the user entry can optionally match one or more of them as long as it does not match all of them. This property is ignored for unauthenticated connections. |
|
An optional set of filters that must not match the authenticated user entry for connections that might match this criteria. If multiple filters are specified, then the user entry must not match any of them. This property is ignored for unauthenticated connections. |
|
An optional set of privileges that authenticated users should have for connections that might match this criteria. If multiple privileges are specified, then the user must have all of them. This property is ignored for unauthenticated connections. |
|
An optional set of privileges that authenticated users should have for connections that might match this criteria. If multiple privileges are specified, then the user must have at least one of them. This property is ignored for unauthenticated connections. |
|
An optional set of privileges that authenticated users should not have for connections that might match this criteria. If multiple privileges are specified, then the user can optionally have one or more of them as long as it does not have all of them. This property is ignored for unauthenticated connections. |
|
An optional set of privileges that authenticated users should not have for connections that might match this criteria. If multiple privileges are specified, then the user must not have any of them. This property ise ignored for unauthenticated connections. |
The default settings for the simple connection criteria match any connection. If you set values for multiple properties, then it essentially behaves as a logical AND, and the criteria only match connections that match all of those properties.
A common pitfall encountered with the simple connection criteria is that if the
use-auth-type
property includes none as one of the values, then
any properties that pertain to authenticated users are ignored for unauthenticated
clients.
A client connection is initially unauthenticated when it is first established and previously authenticated connections might become unauthenticated again if they perform an anonymous bind or if a bind attempt fails.