To conform to RFCs 2251 through 2254, you can use the LDAP service option DN Required on Bind? to require that an LDAP client that binds using name-and-password security to any LDAP service running in the domain use their fully qualified LDAP distinguished name as their LDAP client logon name. In a Person document in the Domino® Directory, the distinguished name is the first value in the FullName field, labeled User Name. By default, the LDAP service doesn't require an LDAP client to use the distinguished name as a logon name.

About this task

If you do not require distinguished names as logon names for name-and-password security, the Internet authentication field on the Security tab of a Server document for a server that runs the LDAP service controls which client logon names are allowed for name-and-password security.

To enable or disable the requirement that LDAP users use their distinguished names as log on names when using name-and-password security when binding to the LDAP service:

Procedure

1. From the Domino Administrator, open a server that runs the LDAP service, or a server in the same domain as a server that runs the LDAP service.

2. Click the Configuration tab.

3. In the navigation pane, expand Directory, then LDAP, and then select Settings.

4. Do one of the following:

• If you see the prompt Unable to locate a Server Configuration document for this domain. Would you like to create one now? click Yes, then click the LDAP tab on the document that is created.
• If you do not see this prompt, click Edit LDAP Settings.

• Yes to require distinguished names as LDAP client logon names for name-and-password security.
• No (default) to not require distinguished names for client logon names.

Related concepts
Customizing the LDAP service configuration
The LDAP service

Related tasks
Controlling the level of authentication for Internet clients
Setting up clients to use the LDAP service

Help on Help

All Help Contents

Help on Help