Setting up clients to use the LDAP service

You can set up both non-Notes clients and Notes® clients to use the LDAP service running on a specific server.

Setting up non-Notes clients to use the LDAP service

About this task

For more information, see the documentation provided with the client.

Procedure

To set up Internet clients to connect to the LDAP service, specify the following on the clients:
  • Host name of a Domino® server running the LDAP service -- for example, ldap.renovations.com
  • Port to use for the connection, for example 389 for TCP/IP, or 636 for SSL
  • Client authentication: SSL or name-and-password security
  • Search base -- applies only to any secondary Domino Directories the LDAP service serves using directory assistance

Setting up Notes clients to use the LDAP service

About this task

To set up Notes clients to connect to the LDAP service running on a particular Domino server, create LDAP accounts for the LDAP service in the Notes clients' Personal Address Books. Use Desktop policy settings documents to automate setup of the LDAP accounts. If you do not automate setup of the accounts, you or the users must create the accounts manually. Make sure you understand policies and how to set them up.

Procedure

  1. If you haven't already done so, create a Desktop policy settings document to use to automate setup of the LDAP accounts.
  2. Open the Desktop policy settings document you want to use to automate setup of the LDAP account.
  3. Click the Accounts tab, then complete the following fields, and then save and close the document:
    Table 1. Accounts tab fields

    Field

    Enter

    Inherit Default Accounts Settings from Parent

    Select to inherit default account settings from parent.

    Enforce Default Accounts Settings in Children

    Select to enforce default account settings in children.

    Account Names

    A descriptive name for the LDAP service account; users see this name in the list of directories the client can search. If you specify more than one account -- for example, an account for another Internet service -- separate account names with commas (,).

    Server Addresses

    The host name of the server running the LDAP service -- for example, ldap.renovations.com.

    Protocols

    LDAP

    Use SSL Connection

    Yes to use SSL; otherwise, No.

Results

To authenticate LDAP clients, the LDAP service can look up the clients' distinguished names and passwords/certificates in any of the following directories:

  • Primary Domino Directory
  • Extended directory catalog
  • Secondary Domino Directory
  • Remote LDAP directory

The primary Domino Directory of the server running the LDAP service is trusted for client authentication automatically. You must explicitly trust other directories for client authentication.