ADMINISTRATION TOOLS

Processing administration requests across domains
You set up Cross-domain Configuration documents to enable a server in one domain to mail administration requests to a server in another domain. Set up the Cross-domain Configuration document after you specify an administration server for the IBM® Lotus® Domino™ Directory in each domain. The Administration Process for the Domino Directory must be set up on a server in each domain. Cross-domain processing works only when the administration server of the Domino Directory is a Lotus Domino Release 5 or more recent server.

These tasks can be processed across domains:


Note During cross-domain processing, any requests imported from another domain and any subsequent requests created by the imported requests are processed by Lotus Domino Release 5 and more recent servers only.

Setting up cross-domain processing of administration requests

To set up cross-domain processing of administration requests, you need to do the following:


Edit the Directory Profile document for the Domino Directory to include the names of anyone allowed to create a Cross-domain Configuration document. On the Directory Profile document, add the administrators names to the "List of administrators who are allowed to create Cross-domain Configuration documents in the administration requests database" field. If a Cross-domain configuration document is created by someone whose name is not in that field or who is not a manager of the Domino Directory, that configuration will be ignored.

The Administration Requests database contains Cross-domain Configuration documents that specify how domains exchange and process administration requests. When you configure a Cross-domain Configuration document, you designate the trusted entities, which are persons, servers, or certifiers. All requests received from the domain must be signed by one of its trusted entities. Rename requests are the exception; they are signed by certifiers so their validity is determined by the certificates and the cross-certificate in the destination domain's Domino Directory. For Rename requests going to another domain, there must be appropriate cross-certificates between the two domains. Additionally, the Domino Directory of the destination domain must either have all Certifier documents, with the certifier's public key, for the organizational structure represented in the name change request, or it must be able to access those Certifier documents from a trusted Directory specified via Directory Assistance.

Note Check the Connection documents for the servers involved in the cross-domain request processing. The fields on the Connection document that have particular impact on the processing of administration requests across domains are on the Basics tab: Source server, Source domain, Destination server, and Destination domain fields.

Other fields on the Connection should be set up to allow for replication and communication between source and destination servers as usual.

Benefits of cross-domain processing

Cross-domain processing offers these benefits:

1. Processing administration requests across domains can protect the integrity of the data in databases. For example, if a person is deleted from the directory in one domain, corresponding deletions occur in the other domains.

2. Access to information is enhanced because a name change is propagated to other domains. For example, people and servers registered in one domain can also be listed in the directory documents and database ACLs in another domain. Cross-domain processing allows users and servers to have access to databases and servers in both domains.

3. Applications are easily distributed because databases are easily replicated from servers in one domain to servers in other domains. Administrators do not have to install and update applications individually on all servers.

See also