The connection criteria are used in many areas within the server. They are used by the client connection policies, and are used when the server needs to perform matching based on connection-level properties, such as filtered logging. For assistance using connection criteria, contact a Ping Identity support representative.

For example, if you are interested in collecting statistics on data that is accessed by clients authenticating as the directory manager, you should create connection criteria on the server that identifies any user authenticating as the directory manager. The connection criteria name corresponds to the application-name dimension value that clients specify when accessing the data through the API. When you define the connection criteria, change the included-user-base-dn property to include the directory manager’s full LDIF entry.

The following dsconfig command line creates connection criteria for the directory manager.

$ bin/dsconfig create-connection-criteria \
  --criteria-name “Directory Manager” \
  --type simple \
  --set “included-user-base-dn:cn=Directory Manager,cn=Root DNs,cn=config”