1. Configure a soft-delete policy and global configuration as shown in “Configuring Soft Deletes as a Global Configuration”.
  2. Create a simple connection criteria using dsconfig and name it "Internal Applications". The soft delete connection criteria is configured for a member of a Line of Business (LOB) Applications group connecting from the 10.8.1.0 network.
    $ bin/dsconfig create-connection-criteria \             
      --criteria-name "Internal Applications" \             
      --type simple \             
      --set included-client-address:10.8.1.0/8 \  
      --set "all-included-user-group-dn:cn=LOB Applications,ou=Groups,dc=example,dc=com"
  3. In the soft delete policy created in step 1, set the auto-soft-delete-connection-criteria property to the simple criteria created in the previous step.
    $ bin/dsconfig set-soft-delete-policy-prop \
      --policy-name default-soft-delete-policy \ 
      --set "auto-soft-delete-connection-criteria:Internal Applications"