SECURITY


Setting up Notes user, Domino server, and Internet user access to a Domino server
You can specify IBM® Lotus® Notes® users and IBM® Lotus® Domino® servers that are allowed to access the server, as well as users who access the server using Internet protocols (HTTP, IMAP, LDAP, POP3). If your system uses multiple Domino Directories, Domino searches only the first Domino Directory specified in the Names setting in the NOTES.INI file for Notes users. If you have enabled the server access settings for Internet protocols, you can also specify users from secondary Domino directories and external LDAP directories in the Allow or Deny access lists.

Note It is not necessary to specify Anonymous for the "Access server" and "Not access server" fields. Anonymous access for Notes users is enabled through the "Allow anonymous Notes connections field" in the Server document, and anonymous access for Internet users is enabled in the Internet Site document for each Internet protocol (or the Server document if you are not using Internet Sites to configure Internet protocols).

Tip To improve log-in performance for a group of frequent users and still allow access to everyone listed in the Domino Directory, create a group named Frequent Users and then enter that group name first in the "Access server" field. If Domino finds a user in the Frequent Users group first, it doesn't check the Domino Directory for the individual name. For example, enter the following in the "Access server" field:


To set up Notes user and Domino server access to a Domino server

1. From the Domino Administrator, click Configuration and open the Server document.

2. Click the Security tab.

3. In the Server Access section, complete one or more of these fields, and then save the document:
FieldEnter
Access serverClick the check box to allow server access to users listed in all trusted directories. This box is disabled by default. If this option is not selected, then only those users specified in the field below the check box can access the server.

In the drop-down field that appears below the check box, add the names of specific Notes users, servers, and groups to whom you want to give access to the server, such as:

  • Names of users, servers, and groups.
  • An asterisk (*) to allow all users in the Domino Directory to have access. This is the same as enabling the "Users listed in all trusted directories" field.
  • An asterisk, followed by a certificate name -- for example, */Sales/East/Acme -- to allow all users certified by a particular certifier to have access.
  • An asterisk followed by the name of the view -- for example, *($Users) -- to allow all names that appear in a specific view in the Domino Directory to have access. Access time is quicker if you specify a group name rather than a view name.
The default value for this field is blank, which means that all users can access the server.

Separate multiple names with a comma or semicolon.

Not access serverAny of these:
  • Names of users, servers, and groups.
  • An asterisk, followed by a certificate name -- for example, */Sales/East/Acme -- to deny access to all users certified by a particular certifier.
  • An asterisk followed by the name of the view -- for example, *($Users) -- to deny access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name.
The default value for this field is blank, which means that all names entered in the "Access server" field can access the server.

Names entered in the "Not access server" field take precedence over names entered in the "Access server" field. For example, if you enter a group name in the "Access server" field and enter the name of an individual member of this group in the "Not access server" field, the user will not be able to access the server.

Note An alternative way to deny Notes user access to a server is to lock out an individual user's ID from the server.

Separate multiple names with a comma or semicolon.

Trusted serversNames of servers that are trusted to assert the identities of users to this server, and thus are trusted by the current server to have authenticated those users. Used for remote agent access and xSP.

To enable Server document access settings for Internet protocols

1. From the Domino Administrator, click Configuration and open the Server document.

2. Click Ports - Internet Ports.

3. Choose the Internet protocol tab for which you want to enable server access settings.

4. In the field "Enforce server access settings," select Yes.

Related topics