DIRECTORY SERVICES


Customizing the LDAP service configuration
The default LDAP service configuration works without modification, but you can customize it to suit your needs. The following table describes the LDAP service configuration settings. In addition to the settings in the table, there are NOTES.INI settings you can use to configure the LDAP service.

Except where noted in the table, restarting the LDAP task or the IBM® Lotus® Domino® server is unnecessary after changing a setting because the task checks for setting changes automatically, by default at three-minute intervals. You can use the NOTES.INI setting LDAPConfigUpdateInterval to change the interval at which the LDAP service checks for changes to its settings.
SettingDescriptionFor more information
Port and port security settings1Controls the ports LDAP clients can use to connect to the LDAP service, and the authentication methods enabled for each port

Default: TCP/IP port 389 enabled for name-and-password authentication and for anonymous access

Changing requires restarting the LDAP task

See the topic "Changing the LDAP service port and port security configuration."
"Automatically Full Text Index Domino Directory?" 4Controls whether the LDAP service creates and updates full-text indexes on the Domino Directories it serves

Default: does not create full-text indexes

See the topic "Full-text indexing directories served by the LDAP service."
"Choose fields that anonymous users can query via LDAP" 2, 3,If the port settings allow anonymous access, controls which attributes anonymous LDAP users can search

Changing requires restarting the server

See the topic "Configuring anonymous LDAP search access to a directory."
"Allow LDAP users write access" 3Controls whether LDAP users can modify a directory

Default: LDAP modifications not allowed

Changing requires restarting the server

See the topic "Using LDAP to modify a directory served by the LDAP service."
"Rules to follow when this directory..." 4Controls how the LDAP service responds when it encounters more than one entry or naming rule that applies to an LDAP add, modify, or compare operation

Default: don't carry out the operation

See the topic "Configuring how the LDAP service responds to multiple name matches when processing write and compare operations."
"Timeout" 4Controls the maximum time allowed to process an LDAP search

Default: no limit

See the topic "Customizing search processing to improve LDAP service performance."
"Maximum number of entries returned" 4Controls the maximum number of entries that the LDAP service can return in response to an LDAP search

Default: no limit

See the topic "Customizing search processing to improve LDAP service performance."
"Minimum characters for wildcard search" 4Controls the minimum number of characters users must place before the first wildcard in a substring search filter

Default: 1

See the topic "Customizing search processing to improve LDAP service performance."
"Allow Alternate Language Information processing: 4Controls whether LDAP users can do alternate language searches

Default: not allowed

See the topic "Enabling LDAP alternate language searches."
"Enforce schema?" 4Controls whether directory modifications through LDAP must conform to the schema

Default: schema enforced

See the topic "Enabling or disabling schema-checking."
"DN Required on Bind?" 4Controls whether the LDAP service requires clients to log on with distinguished names for name-and-password authentication

Default: distinguished logon names not required

See the topic "Requiring distinguished logon names for LDAP name-and-password security."
"Encode results in UTF8 for LDAP-v2 clients?" 4Controls whether the LDAP service returns results in OUTFIT to LDAP v2 clients.

Default: Returns results in OUTFIT to v2 clients

See the topic "Configuring character encoding for LDAP V2 clients."
"Maximum number of referrals" 4Controls the maximum number of directory server referrals the LDAP service can return to a client

Default: 1

See the topic "Configuring the number of referrals the LDAP service can return."
"Activity Logging truncation size" 4Controls the size of the information Activity Logging can log for an LDAP Add or Modify operation

Default: 4096 bytes

See the topic "Limiting the amount of attribute information logged for LDAP Add and LDAP Modify activity."
"Allow dereferencing of aliases on search requests?"Enables limited alias dereferencing for LDAP search requests

Default: Not enabled

See the topic "Configuring alias dereferencing for search requests."

1 Set in the Server document of each server that runs the LDAP service. To configure authentication options for the ports enabled in a Server document, you can instead use a Directory Site document. Using the site document to configure authentication options is required in a hosted organization environment.

2 Alternatively, use the database ACL/extended ACL to specify anonymous LDAP search access.

3 Set in the domain Configuration Settings document of each Domino Directory and Extended Directory Catalog the LDAP service serves. Each directory can have different settings.

4 Set in the domain Configuration Settings document of the primary Domino Directory of the servers that run the LDAP service in a domain. Setting applies to the LDAP service running on any server in the domain.

Related topics