TROUBLESHOOTING


Database authorization using groups in a secondary directory fails
To search a secondary directory -- IBM® Lotus® Domino™ or LDAP -- for the members of groups listed in database ACLs, make sure you complete these steps:

1. Specify a "Domain Name" that is not the Domino domain of the servers that use directory assistance and that is not used in another Directory Assistance document.

2. Set the "Group Authorization" field to "Yes;" enable this option in only one Directory Assistance document.

3. Set "Trusted for credentials" to yes for at least one naming rule that represents the names within the groups to search.

4. If the directory is a Microsoft Active Directory, choose "Active Directory" in the "Type of search filter to use" field of the Directory Assistance document.

5. If the directory is a remote LDAP directory, when you add the name of a hierarchical group from an LDAP directory to a IBM® Lotus® Notes® database ACL, use the LDAP format for the name, but use forward slashes as delimiters (/) rather than commas (,). If the name of the LDAP directory group is not hierarchical, in a Notes database ACL enter the value for the group name without the associated LDAP attribute.


6. Select "Notes clients/Internet Authentication/Authorization" in the "Make this domain available to" field.

7. If the directory is a remote LDAP directory and you've enabled "Channel encryption," make sure you've configured SSL correctly.

8. If the directory is on a remote LDAP directory server that doesn't allow anonymous connections, make sure you've entered a user name and password in the "Optional Authentication Credential" section of the Directory Assistance document.

9. If the members of groups on a remote LDAP directory server change, stop and restart the Domino server that connects to the LDAP server. This ensures that the Domino server flushes its group cache and retrieves the most up-to-date group information.

See also