1. Create a simple connection criteria.

    The following example uses the dsconfig tool in non-interactive mode. It allows only the PingDirectory server’s IP address and loopback to have access.

    $ bin/dsconfig set-connection-criteria-prop \ 
      --criteria-name allowed-ip-addrs \ 
      --add included-client-address:10.6.1.80 \ 
      --add included-client-address:127.0.0.1
  2. Assign the criteria to the client connection policy.
    $ bin/dsconfig set-client-connection-policy-prop \ 
      --policy-name new-policy \ 
      --set connection-criteria:allowed-ip-addrs
    After you have run the command, access is denied to remote IP addresses. The PingDirectory server does not require a restart.
  3. Add a remote IP range to the criteria.
    Note:

    For the following example, add 10.6.1.*.

    $ bin/dsconfig set-connection-criteria-prop \ 
      --criteria-name allowed-ip-addrs \ 
      --add "included-client-address:10.6.1.*"
    Access from any remote servers is allowed. The PingDirectory server does not require a restart.
  4. To restore default behavior, remove the criteria from the connection policy.
    Tip:

    Include the LDAP or LDAPS connection parameters, such as host name, port, bindDN, bindPassword, with the dsconfig command.

    $ bin/dsconfig set-client-connection-policy-prop \ 
      --policy-name new-policy --remove connection-criteria:allowed-ip-addrs
    The PingDirectory server does not require a restart.