Creating a Directory Assistance document for a Domino® Directory or extended directory catalog
To set up directory assistance for an IBM® Domino® Directory or an extended directory catalog, create a Directory Assistance document for the directory in the directory assistance database.
Before you begin
- Make sure you have read about directory assistance services and concepts.
- Make sure that you have created and replicated a directory assistance database and have set up servers to use it.
About this task
Procedure
- From the Domino® Administrator, choose , and select a server that you have set up to use the directory assistance database.
- Click the Configuration tab.
- In the navigation pane, expand
Server Error: File does not exist
, the server you selected is not set up to use the directory assistance database. . If you see - Click Add Directory Assistance.
- On the Basics tab, complete these
fields:
Table 1. Basics tab fields Field
Enter
Domain type
Choose Notes.Note: When the Domain type is Notes, theLTPA_Usernm
attribute is used as the name for the SSP token.Domain name
The name of the Domino® domain associated with the directory. If the directory isn't associated with a Domino® domain because you created it manually rather than through server setup, make up a unique domain name for it.
Company name
The name of the company associated with this directory. Multiple Directory Assistance documents can use the same company name.
Search order
A number affecting the order in which servers search this directory relative to other directories configured in the directory assistance database. See the link in the related topics for more information on how naming rules relate to directory searcher orders.
Make this domain available to
Choose one or both:
- Notes Clients and Internet Authentication/Authorization --
to use the directory for IBM® Notes® mail addressing,
Internet client authentication (including LDAP client authentication),
or to look up the members of groups for database authorization. For
group authorization, you must also enable Group Authorization.
By default, the option is enabled. To prevent servers from using the
directory for these services, do not choose this option.
If the domain specified in the Domain name field is the same Domino® domain (the primary domain) of the servers that use directory assistance, the servers use the directory for these three services automatically, even if you do not choose this option. If you are using a configuration directory server, you can then make this option equal to the primary address book domain and have the secondary address book available through directory assistance.
- LDAP Clients -- to enable the LDAP service running on servers to use the directory for search and write operation when processing LDAP requests. To use the directory for LDAP write operations, you must also enable the directory for write operations in the "All Servers" Configuration Settings document. By default, the option is enabled. To prevent the LDAP service from using the directory for search and write operation, do not choose this option.
Group Authorization
Choose one:
- Yes to search the members of groups in the directory when authorizing database access. You must also select Make this domain available to: Notes Clients and Internet Authentication/Authorization.
- No (default) to prevent searching the members of groups in the directory when authorizing database access.
You do not have to enable a rule that is Trusted for Credentials.
Enable this option in only one Directory Assistance document, Notes® or LDAP, in the directory assistance database.
If the domain specified in the Domain name field is the same Domino® domain (the primary domain) of the servers that use directory assistance, the servers use the directory to look up groups for database authorization automatically, even if you choose No for this option.
Refer to the related topics for more information on directory assistance and group lookups for database authorization.
Use exclusively for group authorization or credential authentication
Note: This item is visible only if Group Authorization has been enabled for this directory, or if at least one rule has Trusted enabled.Choose Yes to allow directory assistance to use this directory exclusively for Group Authorization or Credential Authentication. Enabling this will minimize the number of non-authentication and non-authorization lookups to this directory.
Refer to the related topics for more information on limiting directories to authentication-only lookups.
Enabled
Choose Yes to enable directory assistance for this directory.
Note: You can enable or disable directory assistance from the main view of the Directory Assistance database by selecting the directory assistance record for the directory and, on the toolbar, clicking Enable or Disable. - Notes Clients and Internet Authentication/Authorization --
to use the directory for IBM® Notes® mail addressing,
Internet client authentication (including LDAP client authentication),
or to look up the members of groups for database authorization. For
group authorization, you must also enable Group Authorization.
By default, the option is enabled. To prevent servers from using the
directory for these services, do not choose this option.
- Click the Naming Contexts (Rules) tab,
and for each rule you want to define, complete the following fields.
By default, an all-asterisk rule is enabled with Trusted
for Credentials set to No.
Table 2. Naming Contexts (Rules) tab fields Field
Enter
N.C. #
A naming context (rule) that describes names in the directory. Refer to the related topics for more information on directory assistance and naming rules.
Enabled
Choose one:
- Yes to enable a rule
- No to disable a rule
Trusted for Credentials
Choose one:
- Yes to allow servers to use credentials in this directory to authenticate Internet clients whose distinguished names in the directory correspond to the rule.
- No (default) to prevent servers from using this directory to authenticate Internet clients whose distinguished names correspond to the rule.
Refer to the related topics for more information on trusted naming rules.
If the domain specified in the Domain name field on the Basics tab is the same Domino® domain (the primary domain) of the servers that use directory assistance, the servers trust all user names in the directory for client authentication, even if you do not choose this option.
- Click the Replicas tab. Use either
the Database links field or the Replica# fields
to specify replicas of the directory for servers to use. If you make
any entry in a Replica# field, then directory
assistance ignores all entries in the Database links field.
To set up directory assistance to use cluster failover to locate an available replica of the directory, specify only one replica of the directory within the cluster. Refer to the related topics for more information on directory assistance and failover for a Domino® Directory or extended directory catalog.
Table 3. Replicas tab fields Field
Enter
Database links
For each replica you want to specify:
- Open the replica of the directory, and choose .
- Select the Database links field, and choose .
Using database links may delay server startup. When you restart a server that uses directory assistance, server tasks retrieve database information from the remote servers to which the links refer. Use database links only if the servers to which the links refer are consistently available.
Replica#
The server name and file name of a replica of the directory -- for example:
Server Name: Mail1/West/Renovations
Domino® Directory File Name: EASTNAMES.NSF
Selected Enabled next to each replica you specify.
- Click Save & Close.