Directory catalogs and client authentication
When an Internet client logs on to a server to authenticate, the server can look up the client name in the directory catalog to find the client credentials for authentication.
Using an extended directory catalog for client authentication
Procedure
- To allow a server to use an extended directory catalog to look up client names for authentication, in the Directory Assistance document for the extended directory catalog, enable a rule that is trusted for credentials.
- In addition, if you don't aggregate all fields from documents as recommended, you must aggregate the fields required for the authentication. For example, to use name-and-password security, aggregate the HTTPPassword field from Person documents. Or to use X.509 certificate security, aggregate the userCertificate field.
- If you want servers to use some secondary Domino® Directories for Internet client authentication but not others, you can create one extended directory catalog that aggregates the Domino Directories to use for authentication, and another that aggregates the other Domino Directories. Then create a Directory Assistance document for each extended directory catalog, and enable a rule that is trusted for credentials only in the one that aggregates the directories to be used for authentication.
Directory catalogs and Notes client authentication
About this task
If there are Notes users who use a server with this option enabled who are not registered in the server's primary Domino Directory, servers can use a directory catalog that it trusts for credentials, to look up names to do the public key comparison.