We need to set a per-client connection policy limit on the number of connections that may be associated with a particular client connection policy. We have to define at least two client connection policies, one for each of the two clients. Each policy must have different connection criteria for selecting the policy with which a given client connection should be associated.
Because the criteria is based on authentication, we must create a third client connection policy that applies to unauthenticated clients, because client connections are always unauthenticated as soon as they are established and before they have sent a bind request. Plus, clients are not required to send a bind request as their first operation.
- Client 1 Connection Policy, which only allows client 1, with an evaluation order index of 1.
- Client 2 Connection Policy, which only allows client 2, with an evaluation order index of 2.
- Unauthenticated Connection Policy, which allows unauthenticated clients, with an evaluation order index of 3.
- The
user-auth-type
must not include none, so that it will only apply to authenticated client connections. - The
included-user-base-dn
should match the bind DN for the target user. This DN may be full DN for the target user, or it may be the base DN for a branch that contains a number of users that you want treated in the same way.
To create more generic criteria that match more than one user, you could list the DNs of each
of the users explicitly in the included-user-base-dn
property. If there is a
group that contains all of the pertinent users, then you could instead use the
[all|any|not-all|not-any]-included-user-group-dn
property to apply to all
members of that group. If the entries for all of the users match a particular filter, then you
could use the [all|any|not-all|not-any]-included-user-filter
property to match
them.