CONFIGURING

Using Notes distinguished names in a remote LDAP directory

This feature allows organizations that migrate users from a Domino® Directory to a remote LDAP directory to continue to use the original Notes® distinguished names for users. This feature is also useful as a way to hide complex LDAP distinguished names from users.

About this task

You can set up directory assistance for a remote LDAP directory so that a Domino server:


To set up this feature, you add an attribute for storing Notes name values to the user entries in the LDAP directory, and then add the Notes distinguished names as values for the attributes. Then you specify the attribute you use for the Notes names in a Directory Assistance document for the LDAP directory.

Once you have set up this feature, clients can authenticate using either their Notes distinguished names or their original LDAP distinguished names. Database ACLs, Server document access control fields, access control groups, and Web server File Protection documents can use only the Notes distinguished names.

Procedure

1. To add the Notes distinguished names to the LDAP directory, in the remote LDAP directory, choose an attribute for storing the values of the Notes names in the LDAP directory user entries. The syntax for the attribute must be DN. You can create a new attribute, or use an existing one already defined in the schema.

2. Add Notes names as values for the selected attribute to the remote LDAP directory user entries.

3. Set up directory assistance to use the Notes distinguished names:
4. Add the Notes distinguished names as necessary to database ACLs, Server document access control fields, access control groups, and Web server File Protection documents. Use the Notes format for the name, for example John Doe/Renovations or cn=John Doe/o=Renovations and not the LDAP format cn=John Doe, o=Renovations.

Results

Note: If you enable this feature and some user entries in the LDAP directory do not have a value for the Notes distinguished name attribute, then the users must specify their LDAP distinguished names to authenticate, and Domino database ACLs and other access control lists must use the LDAP distinguished names.

Example of using Notes distinguished names in a remote LDAP directory

About this task

Renovations corporation uses the LDAP distinguished name uid=675894,ou=boston,o=airius.com for a particular user in a remote LDAP directory. For the same user Renovations uses the name Jack Johnson/Boston/Renovations in Notes database ACLs and in groups used in database ACLs. The Domino server uses directory assistance to look up user credentials for client authentication in the remote LDAP directory.

An Renovations administrator does the following to configure the use of the Notes distinguished name for client authentication and for database access control:

Procedure

1. In the remote LDAP directory, the administrator adds an attribute called notesname to the user entry for uid=675894,ou=boston,o=airius, and gives the attribute the value cn=Jack Johnson,ou=Boston,o=Renovations.

2. On the LDAP tab of the Directory Assistance document for the LDAP directory, the administrator adds the attribute notesname to the field Attribute to be used as Notes distinguished name.

3. On the Naming contexts (rules) tab of the Directory Assistance document, the administrator specifies an all-asterisk trusted rule.

Results

The user can then use any of the following names as the client logon name for authentication:


The Notes name Jack Johnson/Boston/Renovations is used in database ACLs and groups.

Related concepts
Setting up directory assistance

Related tasks
Creating a Directory Assistance document for a remote LDAP directory