Modifying the IBM® Domino® Directory Assistance
document is required when you use SSL to encrypt data transmitted
between the IBM Domino and the LDAP servers.
About this task
Use this procedure if you want the
authentication data that is sent during a web login to the Domino server sent to
the LDAP server through a secured connection. For example, if you
want the authentication data that is sent during a web login to the
legacy admin pages on the IBM Sametime® Community Server
sent to the LDAP server through a secured connection, complete this
procedure.
Procedure
- From an IBM Notes® client,
open the Directory Assistance database
da.nsf
.
- Click .
- For the Server, select Local.
- Select the Directory Assistance database
(da.nsf).
- Click Open.
- In the Directory Assistance database, double-click the
Directory Assistance document for the LDAP server to open the document.
- Click Edit Directory Assistance.
- Next, click the Basics tab.
- In the Make this domain available to: field,
select Notes Clients & Internet Authentication/Authorization.
- Now click the LDAP tab.
- Fill in the following fields
Option | Description |
---|
Channel encryption |
Select SSL. |
Port |
Specify the same port that appears in the LDAP
SSL port field of the options in the Sametime Administration
Tool This port is the one on which the LDAP server listens for SSL
connections; the default is port 636. |
Accept expired SSL certificates |
Select Yes (the default setting) to
accept a certificate from the LDAP directory server, even if the certificate
has expired. For tighter security, select No to
require the Sametime Community
server to check certificate expiration dates. If the certificate presented
by the LDAP server has expired, the connection is terminated. |
SSL protocol version |
Select the version number of the SSL protocol to use. The
choices are:
- V2.0 only - This setting allows only SSL
2.0 Connections.
- V3.0 handshake - This setting attempts
an SSL 3.0 connection. If this connection attempt fails but Sametime detects that SSL
2.0 is available on the LDAP server, Sametime attempts the connection
using SSL 2.0.
- V3.0 only - This setting allows only SSL
3.0 Connections.
- V3.0 and V2.0 handshake - This setting
attempts an SSL 3.0 connection, but starts with an SSL 2.0 handshake
that displays relevant error messages. This setting is used to receive
V2.0 error messages when trying to connect to the LDAP server. These
error message might provide information about any compatibility problems
found during the connection.
- Negotiated - This setting allows SSL to
determine the handshake and protocol version required.
|
Verify server name with remote server's certificate |
Select Enabled (the default setting)
to verify the server name with the remote server's certificate. If Enabled is
selected, the Sametime Community
server verifies the name of the LDAP server with the remote server's
certificate. If the names do not match, the connection is terminated.
For more relaxed security, select Disabled (the
server name is not verified with the certificate). |
- Click Save and Close to close the
Directory Assistance document.
- Close the Directory Assistance database.