DIRECTORY SERVICES


Anonymous LDAP search access and upgrades from previous releases
If you upgrade a server to IBM® Lotus® Domino® 6 or later, the LDAP service uses the LDAP anonymous access configuration from the previous release. If you create or edit the domain Configuration Settings document after updating the directory with the Lotus Domino 6 PUBNAMES.NTF design, the list of attributes allowed for anonymous access include the following attributes not listed in previous releases:
AttributeAttributeAttributeAttribute
altServerditContentRulesnamingContextssubschemasubentry
attributeTypesextendedAttributeInfoosupportedControl
cextendedClassInfoobjectClasssupportedExtension
cnlobjectClassessupportedLDAPVersion
createTimestampldapSyntaxesousupportedSASLMechanisms
creatorsNamemodifiersNamestvendorname
dcmodifyTimestampstreetvendorversion
These attributes were not listed in previous releases because you could not prevent anonymous LDAP access to them -- in previous releases anonymous LDAP users always had search access to these attributes. Starting with Lotus Domino 6, you can deny anonymous LDAP search access to the attributes above, although they are allowed for anonymous search access by default to be consistent with the anonymous search behavior of previous releases.

Related topics