DIRECTORY SERVICES


Using Notes distinguished names in a remote LDAP directory
You can set up directory assistance for a remote LDAP directory so that an IBM® Lotus® Domino™ server:
This feature allows organizations that migrate users from a Domino Directory to a remote LDAP directory to continue to use the original Notes distinguished names for users. This feature is also useful as a way to hide complex LDAP distinguished names from users.

To set up this feature, you add an attribute for storing Notes name values to the user entries in the LDAP directory, and then add the Notes distinguished names as values for the attributes. Then you specify the attribute you use for the Notes names in a Directory Assistance document for the LDAP directory.

Once you have set up this feature, clients can authenticate using either their Notes distinguished names or their original LDAP distinguished names. Database ACLs, Server document access control fields, access control groups, and Web server File Protection documents can use only the Notes distinguished names.

To set up the use of Notes distinguished names:

1. To add the Notes distinguished names to the LDAP directory, In the remote LDAP directory, choose an attribute for storing the values of the Notes names in the LDAP directory user entries. The syntax for the attribute must be DN. You can create a new attribute, or use an existing one already defined in the schema.

2. Add Notes names as values for the selected attribute to the remote LDAP directory user entries.

3. Set up directory assistance to use the Notes distinguished names: 4. Add the Notes distinguished names as necessary to database ACLs, Server document access control fields, access control groups, and Web server File Protection documents. Use the Notes format for the name, for example John Doe/Acme or cn=John Doe/o=Acme and not the LDAP format cn=John Doe, o=Acme.

Note If you enable this feature and some user entries in the LDAP directory do not have a value for the Notes distinguished name attribute, then the users must specify their LDAP distinguished names to authenticate, and Domino database ACLs and other access control lists must use the LDAP distinguished names.

Example of using Notes distinguished names in a remote LDAP directory

Acme corporation uses the LDAP distinguished name uid=675894,ou=boston,o=airius.com for a particular user in a remote LDAP directory. For the same user Acme uses the name Jack Johnson/Boston/Acme in Notes database ACLs and in groups used in database ACLs. The Domino server uses directory assistance to look up user credentials for client authentication in the remote LDAP directory.

An Acme administrator does the following to configure the use of the Notes distinguished name for client authentication and for database access control:

1. In the remote LDAP directory, the administrator adds an attribute called notesname to the user entry for uid=675894,ou=boston,o=airius, and gives the attribute the value cn=Jack Johnson,ou=Boston,o=Acme.

2. On the LDAP tab of the Directory Assistance document for the LDAP directory, the administrator adds the attribute notesname to the field "Attribute to be used as Notes distinguished name."

3. On the "Naming contexts (rules)" tab of the Directory Assistance document, the administrator specifies an all-asterisk trusted rule.

The user can then use any of the following names as the client logon name for authentication:


The Notes name Jack Johnson/Boston/Acme is used in database ACLs and groups.

See also