Creating a Directory Assistance document enabled for Directory Sync

Domain type

Select LDAP.

Domain name

A domain name of your choice that is different from the domain name specified for any other Directory Assistance document (HCL Notes® or LDAP) in the directory assistance database. For example, Renovations AD.

Make this domain available to

Group authorization

Select No.

Enabled

Select Yes

N.C. #

Enter a naming context (rule) that describes the user names in the LDAP directory.

Enabled

Choose one:

• Yes to enable a rule
• No (default) to disable a rule

Trusted for Credentials

Choose one:

• Yes to allow servers to use credentials in the LDAP directory to authenticate Internet clients whose distinguished names in the directory correspond to the rule. If you want to add Active Directory users or groups to the ACLs of Notes databases that are accessed over HTTP, select Yes.
• No (default) to prevent servers from using this directory to authenticate Internet clients whose distinguished names in the directory correspond to the rule.

Hostname

The host name for the Active Directory server, for example, ad.renovations.com. A Domino® server uses this host name to connect to the directory server.

Click Suggest to look up the host names of LDAP servers listed in your DNS.

Port values entered in this field override those specified in the Port field. If no port is specified in this field, then the value specified in the Port field is used.

Optional authentication credential for search

For Optional Authentication Credential enter a user name and a password for a Domino® server to present when it connects to the Active Directory server. The Active Directory server uses the name and password to authenticate the Domino® server. If you don't specify a name and password, a Domino® server attempts to connect anonymously.

Click Verify to verify that the user name and password you entered is valid on each host name.

This setting may affect change detection for LDAP servers.

Base DN for search

A search base, if the LDAP directory server requires one. For example:

o=Renovations

o=Renovations,c=US

Click Suggest to search each host name for likely search bases.

Click Verify to verify that the search base is accessible on each host name using the configured credentials.

This setting may affect change detection for LDAP servers.

Channel encryption

Choose one:

• TLS (the default) to use TLS when a Domino® server connects to the Active Directory server
• None to prevent TLS from being used.

If you choose TLS, make selections in these associated fields:

• Accept expired TLS certificates
• TLS protocol version
• Verify server name with remote server's certificate

Port

The port number Domino® servers use to connect to the Active Directory server.

• If you choose TLS in the Channel encryption field, the default port is 636.
• If you choose None in the Channel encryption field, the default port is 389.

If the directory server doesn't use one of these default ports, enter a different port number manually.

Timeout

The maximum number of seconds allowed for a search of the directory; default is 60 seconds.

If the Active Directory server is also configured with a timeout value, the smaller value takes precedence.

Maximum number of entries returned

The maximum number of entries the Active Directory server can return for a name for which a Domino® server searches. If the directory server also has a maximum setting, the smaller value takes precedence. If the directory server times out, it returns the number of names found up to that point.

Default is 100.

Dereference alias on search

Choose one to control the extent to which alias dereferencing occurs during searches of the directory:

• Never
• Only for subordinate entries
• Only for search base entries
• Always (default)

If aliases are not used in the directory, selecting Never can improve search performance.

Preferred mail format

Type of search filter to use

Select Active Directory.