Define at least two client connection policies, one for each of the two clients. Each policy must have different connection criteria for selecting the policy with which a given client connection should be associated.

Because the criteria is based on authentication, you must create a third client connection policy that applies to unauthenticated clients because client connections are always unauthenticated as soon as they are established and before they have sent a bind request. Clients are not required to send a bind request as their first operation.

Define the following three client connection policies:

  • Client 1 Connection Policy, which only allows client 1, with an evaluation order index of 1
  • Client 2 Connection Policy, which only allows client 2, with an evaluation order index of 2
  • Unauthenticated Connection Policy, which allows unauthenticated clients, with an evaluation order index of 3

Define simple connection criteria for the Client 1 Connection Policy and the Client 2 Connection Policy with the following properties:

  • The user-auth-type must not include none so that it only applies to authenticated client connections.
  • The included-user-base-dn should match the bind DN for the target user. This distinguished name (DN) can be full DN for the target user, or it can be the base DN for a branch that contains a number of users that you want treated in the same way.

    To create more generic criteria that match more than one user, you could list the DNs of each of the users explicitly in the included-user-base-dn property. If there is a group that contains all of the pertinent users, then you could instead use the [all|any|not-all|not-any]-included-user-group-dn property to apply to all members of that group. If the entries for all of the users match a particular filter, then you could use the [all|any|not-all|not-any]-included-user-filter property to match them.