DIRECTORY SERVICES


Planning a central directory architecture for a domain
The central directory architecture is most useful for an enterprise organization that has a domain with a large IBM® Lotus® Domino™ Directory. Using a central directory architecture requires network speeds that make remote directory lookups feasible. In addition, servers that store primary Domino Directories that function as remote primaries must have the capacity to handle the additional workload generated by the remote lookups.

Only an application that does a NAMELookup or similar directory call can use a Configuration Directory to do a lookup in a remote primary Domino Directory.

Deciding which servers should use primary Domino Directories

The administration server for the Domino Directory must store a primary Domino Directory. For failover, at least one other server in the domain should store a primary Domino Directory. There may be additional servers that require primary Domino Directories as well, depending on network bandwidth and stability, server usage patterns and locations, and so forth. You may want servers that use primary Domino Directories that function as remote primaries to be within a cluster to provide failover and workload balancing.

If there is a network congestion point in the domain, at least one server on each side of the congestion point should have a primary Domino Directory that functions as a remote primary.

Using a combined central and distributed directory architecture

You can use a hybrid directory architecture within one domain. For example, suppose at a company's headquarters there are multiple servers connected via fast network connections. There are also smaller remote offices that have limited network bandwidth but are within the same domain. Servers at corporate headquarters can use the central directory model that includes a combination of primary Domino Directories and Configuration Directories, while the remote satellite offices can continue to use the distributed directory architecture in which each server stores a primary Domino Directory.

Note Do not mix servers with Configuration Directories and servers with primary Domino Directories in the same cluster. This can cause users to encounter server authentication and database authorization problems. All servers in a cluster should be configured to use the same type of directory.

Using a combined primary Domino Directory and Extended Directory Catalog

Although not a typical configuration, you can integrate an Extended Directory Catalog with a primary Domino Directory to collect users and groups from the primary domain and secondary domains into one directory database. A server that stores a Configuration Directory can use this combination directory on a remote server as a remote primary Domino Directory.

When you use this combination directory, all the users from the aggregated secondary directories are automatically trusted for authentication, and all the groups can be used in database ACLs for database authorization.

See also