Directory search order for LDAP searches
If an LDAP user does not specify a search base, the LDAP service does not return a referral. If an LDAP user specifies a search base, the server picks an LDAP directory enabled for LDAP users with a naming rule that matches the specified search base. If there is no such directory, the server doesn't return a referral. If there is more than one such directory, the server picks the one with the most specific matching rule before picking one with a less-specific rule. If directories have identical naming rules that match the search base specified by the user, search orders assigned to these directories determine the order in which the LDAP service picks them for referrals.
About this task
A server running the LDAP service searches directories
in the following order to process LDAP search requests:
- A server's primary IBM® Domino® Directory, unless the primary Domino® Directory is configured in a directory assistance database used by the server and has the option Make this domain available to: LDAP clients deselected
- A Domino® Directory or
extended directory catalog that is configured in a server's directory
assistance with the option Make this domain available to:
LDAP clients selectedNote: If an LDAP user does not specify a search base, which is a distinguished name used to indicate the directory location at which to begin a search, the LDAP service searches the Domino® directories and/or extended directory catalog according to the search orders assigned to the directories. The LDAP service searches directories with no assigned search orders alphabetically according to their specified domain names.Note: If an LDAP user specifies a search base, only directories assigned naming rules that correspond to the search base are searched. If there is more than one directory assigned a naming rule that matches, the directory with the most specific matching rule is searched first. For example, if a user specifies the search base
ou=Sales,o=Renovations
, the server first searches a directory with the rule/Sales/Renovations
, before searching a directory with the rule*/Renovations
. If directories have identical naming rules that match the search base specified by the user, search orders assigned to these directories determine the order in which the directories are searched. - If the search is not successful in any Domino® Directory or extended directory catalog, the LDAP service refers clients to an LDAP directory enabled for LDAP clients in the directory assistance database.