DIRECTORY SERVICES

Configuring alias dereferencing for search requests
The IBM® Lotus® Domino® LDAP service supports limited alias dereferencing for LDAP search requests. An alias, such as uid=jsmith,dc=acme,dc=com, is an entry that points to another entry, such as cn=John Smith, ou=Sales, o=Acme. Searching for the entry to which an alias points is known as dereferencing an alias. LDAP search requests often include base or filter components that use an LDAP alias. For example, the base may specify "uid=jsmith,dc=acme,dc=com" or the filter may specify "uid=jsmith".

Alias dereferencing only works on aliases for People and Groups.

Alias dereferencing only works for alias entries that do not point to another alias.

Alias dereferencing does not work for 'container' entries, that is, entries in a directory that have entries under them. For example, an example of an alias entry that is a container entry would be o=Acme.

To enable alias dereferencing for the LDAP service:

1. From the Domino Administrator, open the server that runs the LDAP service, or a server in the same domain as the one that runs the LDAP service.

2. Click the Configuration tab.

3. In the left pane, expand Directory, then LDAP, and then select Settings.

4. For the setting "Allow dereferencing of alias entries for search requests?," select Yes.

5. Click Save & Close.

To add alias entries to a Person or Group document:

Add the alias entry after the first entry in the User Name field of the Person document or the Group Name field in the group document. Do not change the first entry, as this is the DN. You must specify the alias in IBM® Lotus® Notes® Distinguished Name (DN) syntax, using forward slash characters as name component separators rather than commas (the LDAP DN syntax).

As with all DNs, the Domino LDAP server converts the forward slashes to commas when returning the alias name in a search result.

Examples:


Note Enabling alias dereferencing can affect search performance. Careful consideration of this performance implication should be given when deciding whether to enable alias dereferencing on the Domino LDAP server.