Customizing the LDAP service configuration
The default LDAP service configuration works without modification, but you can customize it to suit your needs. The following table describes the LDAP service configuration settings. In addition to the settings in the table, there are NOTES.INI settings you can use to configure the LDAP service.
Except where noted in the table, restarting the LDAP task or theHCL Domino® server is
unnecessary after changing a setting because the task checks for setting
changes automatically, by default at three-minute intervals. You can
use the NOTES.INI setting LDAPConfigUpdateInterval to
change the interval at which the LDAP service checks for changes to
its settings.
For more information, see the related topics.
| Setting |
Description |
|---|---|
| Port and port security settings Note: See
Note 1. |
Controls the ports LDAP clients can use to connect to the LDAP service, and the authentication methods enabled for each port Default: TCP/IP port 389 enabled for name-and-password authentication and for anonymous access Changing requires restarting the LDAP task |
| Automatically Full Text Index Domino® Directory? Note: See Note 4. |
Controls whether the LDAP service creates and updates full-text indexes on the Domino® Directories it serves Default: does not create full-text indexes |
| Choose fields that anonymous users can query via LDAP Note: See Notes® 2
and 3. |
If the port settings allow anonymous access, controls which attributes anonymous LDAP users can search Changing requires restarting the server |
| Allow LDAP users write access Note: See
Note 3. |
Controls whether LDAP users can modify a directory Default: LDAP modifications not allowed Changing requires restarting the server |
| Rules to follow when this directory. Note: See
Note 4. |
Controls how the LDAP service responds when it encounters more than one entry or naming rule that applies to an LDAP add, modify, or compare operation Default: don't carry out the operation |
| Timeout Note: See Note 4. |
Controls the maximum time allowed to process an LDAP search Default: no limit |
| Maximum number of entries returned Note: See
Note 4. |
Controls the maximum number of entries that the LDAP service can return in response to an LDAP search Default: no limit |
| Minimum characters for wildcard search Note: See
Note 4. |
Controls the minimum number of characters users must place before the first wildcard in a substring search filter Default: 1 |
| Allow Alternate Language Information processing Note: See
Note 4. |
Controls whether LDAP users can do alternate language searches Default: not allowed |
| Enforce schema? Note: See Note 4. |
Controls whether directory modifications through LDAP must conform to the schema Default: schema enforced |
| DN Required on Bind? Note: See Note 4. |
Controls whether the LDAP service requires clients to log on with distinguished names for name-and-password authentication Default: distinguished logon names not required |
| Encode results in UTF8 for LDAP-v2 clients? Note: See
Note 4. |
Controls whether the LDAP service returns results in OUTFIT to LDAP v2 clients. Default: Returns results in OUTFIT to v2 clients |
| Maximum number of referrals |
Controls the maximum number of directory server referrals the LDAP service can return to a client Default: 1 |
| Activity Logging truncation size Note: See
Note 4. |
Controls the size of the information Activity Logging can log for an LDAP Add or Modify operation Default: 4096 bytes |
| Allow dereferencing of aliases on search requests? |
Enables limited alias dereferencing for LDAP search requests Default: not enabled |
- Set in the Server document of each server that runs the LDAP service. To configure authentication options for the ports enabled in a Server document, you can instead use a Directory Site document.
- Alternatively, use the database ACL/extended ACL to specify anonymous LDAP search access.
- Set in the domain Configuration Settings document of each Domino® Directory and Extended Directory Catalog the LDAP service serves. Each directory can have different settings.
- Set in the domain Configuration Settings document of the primary Domino® Directory of the servers that run the LDAP service in a domain. Setting applies to the LDAP service running on any server in the domain.