DIRECTORY SERVICES


Enabling or disabling LDAP write access to a directory served by the LDAP service
By default, the LDAP service does not allow LDAP clients to modify the directories the LDAP service serves. If you enable directory changes to be made via LDAP, the directory database ACL and, optionally, an extended ACL, control the extent to which authenticated and anonymous LDAP users can modify directory entries. For example, an LDAP user with Editor database ACL access can modify all entries, whereas an LDAP user with only Author database ACL access and the UserModifier role can modify only Person entries and not other entries.

To enable or disable LDAP write access to the primary IBM® Lotus® Domino® Directory of the LDAP service, or to a secondary Domino Directory or Extended Directory Catalog the LDAP service serves:

1. From the Domino Administrator, open the directory for which you want to enable write access.

2. Select the Servers - Configurations view.

3. If you do not see a domain Configuration Settings document in the view, a document named * - [All Servers], skip to step 4. If you see this document, do the following:

4. If you do not see a domain Configuration Settings document in the view, create one by doing the following: Tip If you are enabling write access for the primary Domino Directory in the domain, a shortcut for steps 2-4 is: from the Domino Administrator open the server that stores the directory; click the Configuration tab; in the left pane expand Directory, then LDAP, and then select Settings; click Edit LDAP Settings.

5. Next to "Allow LDAP users write access" choose one:

6. Click Save & Close.

7. For each server in the domain that runs the LDAP service, do the following:


8. If you enabled LDAP write access, set up the database ACL, and optionally extended ACL, to specify the directory contents that LDAP users can modify.
9. Configure how the LDAP service responds when it finds more than one occurrence of a name specified in an LDAP write operation.

Related topics