DIRECTORY SERVICES


Extended Directory Catalogs and group lookups for database authorization
You can use the groups in one directory configured in a Directory Assistance database, in addition to the primary Domino Directory, to authorize database access for Internet and IBM® Lotus® Notes® clients. When group authorization is enabled for a directory, if a server finds groups in a database ACL, it can look up the members of the groups to verify a user's access to a database. The one directory enabled for group authorization can be an Extended Directory Catalog, which effectively allows servers to use groups from any of the source Domino Directories for database access control.

Select the option "Group authorization" in the Directory Assistance document for the Extended Directory Catalog to enable this feature. If you enable group authorization for an Extended Directory Catalog, you cannot enable it for any other directory, Notes or LDAP, configured in the directory assistance database.

If you enable "Group authorization" for an Extended Directory Catalog, and groups used for database access control in the directory catalog contain groups as members -- nested groups -- a server only looks up names in the nested groups if the nested groups are located in the Extended Directory Catalog.

Note A server cannot use groups aggregated in a condensed Directory Catalog for database authorization.

See also