Define at least two client connection policies, one for each of the two clients. Each policy must have different connection criteria for selecting the policy with which a given client connection should be associated.

Because the criteria is based on authentication, you must create a third client connection policy that applies to unauthenticated clients because client connections are always unauthenticated as soon as they are established and before they have sent a bind request. Clients are not required to send a bind request as their first operation.

Define the following three client connection policies:

  • Client 1 Connection Policy, which only allows client 1, with an evaluation order index of 1
  • Client 2 Connection Policy, which only allows client 2, with an evaluation order index of 2
  • Unauthenticated Connection Policy, which allows unauthenticated clients, with an evaluation order index of 3

Define simple connection criteria for the Client 1 Connection Policy and the Client 2 Connection Policy with the following properties:

  • The user-auth-type must not include none so that it only applies to authenticated client connections.
  • The included-user-base-dn should match the bind DN for the target user. This distinguished name (DN) can be full DN for the target user, or it can be the base DN for a branch that contains a number of users that you want treated in the same way.
    Tip:

    To create more generic criteria that match more than one user, you could list the DNs of each of the users explicitly in the included-user-base-dn property. If there is a group that contains all of the pertinent users, then you could instead use the [all|any|not-all|not-any]-included-user-group-dn property to apply to all members of that group. If the entries for all of the users match a particular filter, then you could use the [all|any|not-all|not-any]-included-user-filter property to match them.