For each user resource type for which new user email invites will be sent,
create simple request criteria to match the parent DN and object classes for the
resource type.
Note:
The setup script includes a request criteria for the user resource type that it creates.
$ dsconfig create-request-criteria --criteria-name \
"Delegated Admin User Creation Request Criteria" --type simple \
--set operation-type:add --set \
"included-target-entry-dn:ou=people,dc=example,dc=com" \
--set "any-included-target-entry-filter:(objectClass=inetOrgPerson)" \
--set "included-application-name:PingDirectory Delegated Admin"The included-application-name property ensures that the criteria matches
users whom the Delegated Admin created,
but not users created through another interface, such as the Directory REST
API. This application name value is visible in the LDAP access log for
operations that the Delegated Admin HTTP
servlet invokes.