The is used to classify incoming connections. ds-cfg-network-group-criteria top Specifies the allowed authorization methods for a client connection to match the . Anonymous connections. Simple bind connections, with bind DN and password. SASL/external connections, with a certificate containing the user authentication. ds-cfg-allowed-auth-method Specifies the allowed LDAP ports for the client connection to match the . Connection over ldap port. Connection over ldaps port. ds-cfg-allowed-ldap-port Specifies a bind DN filter for the client connection to match the . A valid bind DN filter is a string composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). ds-cfg-bind-dn-filter Specifies an IP address filter for the . A valid IP address mask can be one of the followings: 129.34.55.67 129.*.78.55 .sun.com foo.sun.com foo.*.sun.* 128.*.*.* 129.45.23.67/22 128.33.21.21/32 *.*.*.* 129.45.67.34/0 foo.com foo 2001:fecd:ba23:cd1f:dcb1:1010:9234:4088/124 2001:fecd:ba23:cd1f:dcb1:1010:9234:4088 [2001:fecd:ba23:cd1f:dcb1:1010:9234:4088]/45 ::/128 ::1/128 :: ds-cfg-ip-address-filter Specifies whether security is mandatory for the . false ds-cfg-is-security-mandatory Specifies a search filter that the entry of a bound client must match. ds-cfg-user-entry-filter