-
For each user resource type for which new user email invites will be sent,
create simple request criteria to match the parent DN and object classes for the
resource type.
Note:
The setup script includes a request criteria for the user resource type that it creates.
$ dsconfig create-request-criteria --criteria-name \ "Delegated Admin User Creation Request Criteria" --type simple \ --set operation-type:add --set \ "included-target-entry-dn:ou=people,dc=example,dc=com" \ --set "any-included-target-entry-filter:(objectClass=inetOrgPerson)" \ --set "included-application-name:PingDirectory Delegated Admin"
The
included-application-name
property ensures that the criteria matches users whom the Delegated Admin created, but not users created through another interface, such as the Directory REST API. This application name value is visible in the LDAP access log for operations that the Delegated Admin HTTP servlet invokes.