DIRECTORY SERVICES
Planning directory assistance
Servers use directory assistance to look up information in a secondary directory -- a secondary IBM® Lotus® Domino® Directory, an Extended Directory Catalog, or a remote LDAP directory. Directory assistance provides these services:
Client authentication using credentials in a secondary directory
ACL group lookups for database authorization using one secondary directory
IBM® Lotus® Notes® mail addressing using a secondary directory
LDAP service searches of a secondary Domino Directory or Extended Directory Catalog
LDAP service referrals to a remote LDAP directory
Some of the questions to ask when planning directory assistance include:
Which services do you want to enable for each secondary directory?
If you use a server-based directory catalog, how does it relate to directory assistance? The answer depends on the type of directory catalog you use. An Extended Directory Catalog has its own Directory Assistance document and the source directories that are aggregated in the directory catalog should not also have separate Directory Assistance documents. However it's beneficial to create Directory Assistance documents for the directories aggregated in a condensed Directory Catalog.
Do you plan to use a secondary directory, Domino or LDAP, for client authentication? If so, you must specify in the Directory Assistance document for the directory the user names in the directory that are allowed to be authenticated (trusted for authentication). If clients use name-and-password security, configure in the Server document of the server to which the clients connect the types of name formats that clients can provide for authentication.
Do you plan to use a secondary directory to look up groups listed in database ACLs to verify database access? You can enable one secondary directory only -- Domino or LDAP -- for this purpose.
How many directory assistance databases should you use? You can create more than one and set of groups of servers to use specific ones.
In addition, if you are setting up directory assistance for a remote LDAP directory:
Does the directory server require a search base? If so, enter the search base in the Directory Assistance document.
Do you plan to use the LDAP directory for client authentication or for ACL group authorization? If so, for tighter security, in the Directory Assistance document, enable SSL and require the remote directory server to present X.509 certificate.
Is the remote LDAP directory Active Directory? If so, in the Directory Assistance document for the directory select LDAP search filters that work specifically with Active Directory.
Related topics
Directory assistance
Comparison of directory catalogs and directory assistance
Planning directory services in a multiple-directory environment
Directory services terms
Glossary
Feedback on
Help
or
Product Usability
?
Help on Help
All Help Contents
Glossary