As soon as you select the advanced ACL option Enable
Extended Access for a directory served by the LDAP service,
the Choose fields that anonymous users can query via LDAP setting
stops controlling anonymous LDAP search access and is no longer visible
in the domain Configuration Settings document. You can convert the
default anonymous search access settings set in the domain Configuration
Settings document to database ACL and extended ACL settings for a IBM® Domino® Directory
or extended directory catalog.
Procedure
- Make sure you have read thoroughly the documentation on
Extended ACLs.
- Open the directory and select Enable Extended
Access in the Advanced tab of the
database ACL; then click OK.
- On the Basics tab of the ACL, give
the Anonymous entry Reader access.
- Click Extended Access and set the
access as follows:
- Select / (root) as the target.
- Add Anonymous as a subject at / (root).
- Leave This container and all descendants selected
as the scope.
- For the default privileges, click Allow Browse and
click Deny Create, Delete, Read, and Write.
- Click Form and Field Access.
- Next to Schema, select Domino.
- In the Forms box, select Person.
- With the Person form still selected, select each of the
following fields in the Fields box, and for each field click Allow
Read:
- AltFullName
- Certificate
- FirstName
- InternetAddress
- LastName
- Location
- MailAddress
- MailDomain
- O
- OfficeCity
- OfficeCountry
- OfficeState
- OU
- PublicKey
- ShortName
- Street
- Type
- UserCertificate
- In the Forms box, select Group.
- With the Group form still selected, select each of the
following fields in the Fields box, and for each field click Allow
Read:
- InternetAddress
- MailDomain
- Members
- Type
- Next to Schema, select LDAP.
- In the Object Classes box, select dominoPerson.
- With the dominoPerson object class still selected, in the
Attributes box select cn and click Allow
Read.
- Click OK twice, and when you see
the message Save changes before exiting? Click Yes.
Results
If you disable Enable Extended Access in
a directory ACL, the default settings in the Choose fields
that anonymous users can query via LDAP setting in the
domain Configuration Settings document resume control of anonymous
LDAP search access for the directory.