DIRECTORY SERVICES
Each directory assistance naming rule includes six parts, with each part containing one of the following:
For example, assume Directory A and Directory B are both configured in a directory assistance database. Names in Directory A fall under o=acme, c=us so you specify the rule, */ */ */ */ acme/us for it, and the names in Directory B fall under o=acme,c=fr so you specify the rule */ */ */ */ acme/fr for it. To find the name cn=jack brown,o=acme,c=fr, a server searches only Directory B, and not Directory A, and to find the name cn=joan brown,o=acme,c=us, a server searches only Directory A and not Directory B.
This type of targeted directory search can occur when:
To find a flat name, a name without distinguishing parts, or to process an LDAP search request that doesn't specify a search base, a server ignores naming rules and searches directories according to search orders specified for the directories in the Directory Assistance documents.
Note Some LDAP directories do not use the country ©, organization (o), and organizational unit (ou) naming model. If you set up directory assistance for an LDAP directory such as this, use an all-asterisk naming rule for the directory.
Trusted naming rules
When an Internet client passes a logon name to a server to initiate authentication, the server looks for the name in a directory configured in the directory assistance database only if the directory has at least one configured naming rule that is "Trusted for Credentials" -- known as a trusted rule. If the client logon name is hierarchical, the server looks for the name only in directories with a trusted rule that matches the client logon name, in addition to the primary Domino Directory. If the client logon name is flat, for example John Smith, then the server looks for the name in all directories with a trusted rule.
When a server finds the client logon name in a user entry in a directory, the server compares the distinguished name assigned to the user entry to the trusted rule(s) defined for the directory. The server only authenticates the client if the distinguished name matches a trusted rule. If you use a remote LDAP directory for client authentication and add Notes distinguished names to the directory, the Notes distinguished names, not the original LDAP distinguished names, must match a trusted rule for the directory.
Examples of naming rules
The following table provides examples of naming rules, illustrating how each rule includes or excludes names such as:
Randi Bowker/Marketing/East/Acme/US
Cheryl Lordan/IS/West/Acme/US
Derek Malone/Accounting/West/Acme/US
Deborah Jones/West/Acme/US
Karen Lessing/West/Acme/DE
Alan Jones/Sales/East/Acme/US