Enabling or disabling LDAP write access to a directory served by the LDAP service
By default, the LDAP service does not allow LDAP clients to modify the directories the LDAP service serves. If you enable directory changes to be made via LDAP, the directory database ACL and, optionally, an extended ACL, control the extent to which authenticated and anonymous LDAP users can modify directory entries.
About this task
For example, an LDAP user with Editor database ACL access can modify all entries, whereas an LDAP user with only Author database ACL access and the UserModifier role can modify only Person entries and not other entries.
To enable or disable LDAP write access to the primary Domino® Directory of the LDAP service, or to a secondary Domino® Directory or Extended Directory Catalog the LDAP service serves:
Procedure
- From the Domino® Administrator, open the directory for which you want to enable write access.
- Select the view.
- If you do not see a domain Configuration Settings document
in the view, a document named
* - [All Servers], skip to step 4. If you see this document, do the following:- Open the document
- Click the LDAP tab.
- Click Edit Server Configuration.
- If you do not see a domain Configuration Settings document
in the view, create one by doing the following:
- Click Add Configuration.
- On the Basics tab select Yes next to Use these settings as the default settings for all servers.
- Click the LDAP tab.
Tip: If you are enabling write access for the primary Domino® Directory in the domain, a shortcut for steps 2-4 is: from the Domino® Administrator open the server that stores the directory. Click the Configuration tab and expand , and then select Settings; click Edit LDAP Settings. - For Allow LDAP users write access,
select one:
- Yes to allow directory changes via LDAP.
- No (default) to prevent directory changes via LDAP.
- Click Save & Close.
- For each server in the domain that runs the LDAP service,
do the following: