Using the domain Configuration Settings document to customize anonymous LDAP search access to a directory
You can use the domain Configuration Settings document to customize anonymous LDAP search access to a specific Domino® Directory or Extended Directory Catalog served by the LDAP service.
Opening the domain Configuration Settings document in the primary Domino® Directory
Procedure
- From the Domino® Administrator, open a server within the domain that runs the LDAP service.
- Click the Configuration tab.
- In the first pane, select .
- Do one of the following:
- If you see the message Unable to locate a Server Configuration document for this domain. Would you like to create one now? click Yes, then click the LDAP tab on the document.
- If you do not see the message, click Edit LDAP Settings.
What to do next
Opening the domain Configuration Settings document for a secondary Domino® Directory or an extended directory catalog
Procedure
- From the Domino® Administrator, open the directory.
- Select the view.
- If you do not see a domain Configuration Settings document
in the view, a document named * - [All Servers],
skip to the next step. If you do see this document, do the following:
- Open the document
- Click the LDAP tab.
- Click Edit Server Configuration.
- If you do not see a domain Configuration Settings document
in the view, create one by doing the following:
- Click Add Configuration.
- On the Basics tab select Yes next to Use these settings as the default settings for all servers.
- Click the LDAP tab.
What to do next
Customizing anonymous LDAP search access to the directory
Procedure
- Next to Choose fields that anonymous users can
query via LDAP, select Select Attribute Types to
open the LDAP Attribute Type Selection dialog box.
The Queriable Attribute Types box in the dialog box shows the attributes anonymous LDAP users can access.
- To add an attribute to the Queriable Attribute
Typesbox:
- In the Object Classes box, select an object class that contains the attribute.
- Click Display Attributes This shows all the attributes defined for the selected object class(es).
- Select the attribute in the Selectable Attribute Types box that you want to allow anonymous LDAP users to access, and click Add to add the attribute to the Queriable Attribute Types box. You can select more than one attribute.
When you allow anonymous access to an attribute, the access applies to all object classes for which that attribute is defined.
- To remove an attribute from the Queriable Attribute
Types box to prevent anonymous LDAP users from accessing
the attribute, select the attribute and click Remove. Or, to remove
all attributes, click Remove All.Tip: To revert the Queriable Attribute Types box to the attributes the LDAP service allows for anonymous LDAP access by default, click Use Default Values.
- Click OK to close the LDAP Attribute Type Selection dialog box.
- Click Save & Close to save the changes in the Configuration Settings document.
- Do the following for each server in the domain that runs
the LDAP service:
- If you made the changes to a Domino® Directory replica on a different server, replicate the changes to the server.
- Enter the Restart Server command on the server to put the changes into effect