Page created: 13 Dec 2019 |
Page updated: 25 Mar 2020
For each user resource type for which new user email invites need to be sent, create simple request criteria to match the parent DN and object classes for the resource type.
Note: The setup script already includes such a request criteria for the user resource type that it creates.
$ dsconfig create-request-criteria --criteria-name \ "Delegated Admin User Creation Request Criteria" --type simple \ --set operation-type:add --set \ "included-target-entry-dn:ou=people,dc=example,dc=com" \ --set "any-included-target-entry-filter:(objectClass=inetOrgPerson)" \ --set "included-application-name:PingDirectory Delegated Admin"
The included-application-name property ensures that the criteria matches users whom the Delegated Admin created, but not users who were created through another interface, such as the Directory REST API. This application name value is visible in the LDAP access log for operations that the Delegated Admin HTTP servlet invokes.