Setting up non-Notes clients to use the LDAP service

To set up Internet clients to connect to the LDAP service, specify the following on the clients:

• Host name of a IBM® Lotus® Domino™ server running the LDAP service -- for example, ldap.acme.com
• Port to use for the connection, for example 389 for TCP/IP, or 636 for SSL.
• (Optional) Client authentication: SSL or name-and-password security
• Search base -- applies only to any secondary Domino Directories the LDAP service serves using directory assistance

Setting up Notes clients to use the LDAP service

To set up Notes clients to connect to the LDAP service running on a particular Domino server, create LDAP accounts for the LDAP service in the Notes clients' Personal Address Books. Use Desktop policy settings documents to automate setup of the LDAP accounts. If you do not automate setup of the accounts, you or the users must create the accounts manually.

For more information on accounts, see Notes 6 Help.

Note User Setup Profiles used in Lotus Domino Release 5 for automated LDAP account setup continue to work in all post-Release 5 versions of IBM Lotus Domino.

To use a Desktop policy settings document to automate setup of LDAP accounts for the LDAP service on Notes clients:

1. Make sure you understand policies and how to set them up.

2. If you haven't already done so, create a Desktop policy settings document to use to automate setup of the LDAP accounts.

3. Open the Desktop policy settings document you want to use to automate setup of the LDAP account.

4. Click the Accounts tab, then complete the following fields:

Field	Enter
Inherit Default Accounts Settings from Parent	Select to inherit default account settings from parent.
Enforce Default Accounts Settings in Children	Select to enforce default account settings in children.
Account Names	A descriptive name for the LDAP service account; users see this name in the list of directories the client can search. If you specify more than one account -- for example, an account for another Internet service -- separate account names with commas (,).
Server Addresses	The host name of the server running the LDAP service -- for example, ldap.acme.com.
Protocols	LDAP
Use SSL Connection	Yes to use SSL; otherwise, No.

5. Click Save & Close.

LDAP client authentication

To authenticate LDAP clients, the LDAP service can look up the clients' distinguished names and passwords/certificates in any of the following directories:

• Primary Domino Directory
• Extended Directory Catalog
• Condensed Directory Catalog on server (passwords only recommended)
• Secondary Domino Directory
• Remote LDAP directory

See also

Name-and-password authentication for Internet/intranet clients
Directory assistance and client authentication
Anonymous Internet/intranet access
Setting up the LDAP service
Changing the LDAP service port and port security configuration
Customizing the LDAP service configuration
The LDAP Service
SSL and S/MIME for clients

Glossary