Lotus Domino Administrator 8.5 Help - Enabling or disabling LDAP write access to a directory served by the LDAP service

DIRECTORY SERVICES

Enabling or disabling LDAP write access to a directory served by the LDAP service
By default, the LDAP service does not allow LDAP clients to modify the directories the LDAP service serves. If you enable directory changes to be made via LDAP, the directory database ACL and, optionally, an extended ACL, control the extent to which authenticated and anonymous LDAP users can modify directory entries. For example, an LDAP user with Editor database ACL access can modify all entries, whereas an LDAP user with only Author database ACL access and the UserModifier role can modify only Person entries and not other entries.

To enable or disable LDAP write access to the primary IBM® Lotus® Domino® Directory of the LDAP service, or to a secondary Domino Directory or Extended Directory Catalog the LDAP service serves:

1. From the Domino Administrator, open the directory for which you want to enable write access.

2. Select the Servers - Configurations view.

3. If you do not see a domain Configuration Settings document in the view, a document named * - [All Servers], skip to step 4. If you see this document, do the following:

Open the document
Click the LDAP tab.
Click Edit Server Configuration.

4. If you do not see a domain Configuration Settings document in the view, create one by doing the following:

Click Add Configuration.
On the Basics tab select Yes next to "Use these settings as the default settings for all servers."
Click the LDAP tab.

Tip If you are enabling write access for the primary Domino Directory in the domain, a shortcut for steps 2-4 is: from the Domino Administrator open the server that stores the directory; click the Configuration tab; in the left pane expand Directory, then LDAP, and then select Settings; click Edit LDAP Settings.

5. Next to "Allow LDAP users write access" choose one:

Yes to allow directory changes via LDAP.
No (default) to prevent directory changes via LDAP.

6. Click Save & Close.

7. For each server in the domain that runs the LDAP service, do the following:

If you made the changes to a Domino Directory replica on a different server, replicate the changes to the server.
Enter the following command on the server to put the changes into effect:

Restart Server

8. If you enabled LDAP write access, set up the database ACL, and optionally extended ACL, to specify the directory contents that LDAP users can modify.

Note

To allow users to modify documents in the directory, the "Maximum Internet name-and-password access" setting in the Advanced pane of the database Access Control dialog must be set to Editor access or higher.

9. Configure how the LDAP service responds when it finds more than one occurrence of a name specified in an LDAP write operation.

Controlling access to the Domino Directory

Extended ACL

Maximum Internet name-and-password access

Configuring how the LDAP service responds to multiple name matches when processing write and compare operations

Customizing the LDAP service configuration

The LDAP service

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary