1. Open the Administrative Console. Provide a user name and password, and then click Login.
  2. In the Core Server section, click Client Connection Policies. If you do not see Client Connection Policies on the menu, change the Object Types filter to Standard.
  3. Click Add New to add a new policy.
  4. Enter a Policy ID. If you want to base your new client connection policy on an existing policy, select it from the Template menu.
  5. Configure the properties of the client connection policy. To enable the policy, select Enabled.
  6. Enter the order in which you want the new policy to be evaluated in the Evaluation Order Index box, and then click Continue. A policy with a lower index is evaluated before a policy with a higher index. The Directory Server uses the first evaluated policy that applies to a client connection.
  7. Select the connection criteria that match the client connection for this policy. Click View and edit to change the criteria. Click Select New to add new criteria. Select the operations allowed for clients that are members of this connection group. Use the Add and Remove buttons to make operations available to clients. Specify the extended operations that clients are allowed and denied to use.
  8. Enter the type of authorization allowed and the SASL mechanisms that are allowed and denied in response to client requests.
  9. Check the Include Backend Subtree Views check box if you want to automatically include the subtree views of backends configured in the Directory Server. You can also choose to include and exclude specific base DNs using the appropriate fields.
  10. Once you have finished configuring the properties of your client connection policy, click Confirm then Save to review the dsconfig command equivalent and save your changes. Click Save Now to save your changes without first reviewing the dsconfig output.