Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
For each user resource type for which new user email invites will be sent,
create simple request criteria to match the parent DN and object classes for the
The setup script includes a request criteria for the user resource type that it creates.
$ dsconfig create-request-criteria --criteria-name \ "Delegated Admin User Creation Request Criteria" --type simple \ --set operation-type:add --set \ "included-target-entry-dn:ou=people,dc=example,dc=com" \ --set "any-included-target-entry-filter:(objectClass=inetOrgPerson)" \ --set "included-application-name:PingDirectory Delegated Admin"
included-application-nameproperty ensures that the criteria matches users whom the Delegated Admin created, but not users created through another interface, such as the Directory REST API. This application name value is visible in the LDAP access log for operations that the Delegated Admin HTTP servlet invokes.