DIRECTORY SERVICES


Converting the default anonymous access settings to database ACL and extended ACL settings
As soon as you select the advanced ACL option "Enable Extended Access" for a directory served by the LDAP service, the "Choose fields that anonymous users can query via LDAP" setting stops controlling anonymous LDAP search access and is no longer visible in the domain Configuration Settings document.

To convert the default anonymous search access settings set in the domain Configuration Settings document to database ACL and extended ACL settings for a IBM® Lotus® Domino™ Directory or Extended Directory Catalog, do the following:

1. Make sure you have read thoroughly the documentation on Extended ACLs.

2. Open the directory and select "Enable Extended Access" in the Advanced tab of the database ACL.

3. On the Basics tab of the ACL, give the Anonymous entry Reader access.

4. Click Extended Access and set the access as follows:

5. Select / (root) as the target.

6. Add Anonymous as a subject at / (root).

7. Leave "This container and all descendants" selected as the scope.

8. For the default privileges, click Allow Browse and click Deny Create, Delete, Read, and Write.

9. Click Form and Field Access.

10. Next to Schema, select Domino.

11. In the Forms box, select Person.

12. With the Person form still selected, select each of the following fields in the Fields box, and for each field click Allow Read:


13. In the Forms box, select Group.

14. With the Group form still selected, select each of the following fields in the Fields box, and for each field click Allow Read:


15. Next to Schema, select LDAP.

16. In the Object Classes box, select dominoPerson.

17. With the dominoPerson object class still selected, in the Attributes box select cn and click Allow Read.

18. Click OK twice, and when you see the prompt "Save changes before exiting?" Click Yes.

Note If you disable "Enable Extended Access" in a directory ACL, the default settings in the "Choose fields that anonymous users can query via LDAP" setting in the domain Configuration Settings document resume control of anonymous LDAP search access for the directory.

See also