SECURITY

Using SSL when setting up directory assistance for LDAP directories
Directory assistance allows you to extend directory services from a server's primary IBM® Lotus® Domino™ Directory to other Lotus Notes directories, such as secondary Lotus Domino Directories, and to remote LDAP directories. To set up directory assistance, you create a directory assistance database from the DA50.NTF template, and then create Directory Assistance documents in the database to configure services for specific directories.

When setting up directory assistance for an LDAP directory, you can instruct a Lotus Domino server to use SSL when connecting to the LDAP directory server. This helps secure communications between the Lotus Domino server and the LDAP server. You should use SSL if a Lotus Domino server uses the remote LDAP directory to authenticate Internet clients, or to look up groups for database authorization.

When a Lotus Domino server uses SSL to connect to an LDAP directory server, both servers must have certificates trusted by the other. If this is not the case, you must add a trusted root certificate to the server's key ring file before your server can connect to the LDAP server.

For more information on directory assistance for LDAP, see the topic Configuring SSL in a Directory Assistance document for a remote LDAP directory.

For more information on adding a trusted root certificate, see the topic Merging a CA certificate as a trusted root.

See also