IBM Domino Administrator 9.0.1 Social Edition Help

CONFIGURING

Customizing the LDAP service configuration
The default LDAP service configuration works without modification, but you can customize it to suit your needs. The following table describes the LDAP service configuration settings. In addition to the settings in the table, there are NOTES.INI settings you can use to configure the LDAP service.

Except where noted in the table, restarting the LDAP task or theIBM® Domino® server is unnecessary after changing a setting because the task checks for setting changes automatically, by default at three-minute intervals. You can use the NOTES.INI setting LDAPConfigUpdateInterval to change the interval at which the LDAP service checks for changes to its settings.

For more information, see the related topics.

Table 1. LDAP customization settings

Setting Description

Port and port security settings
Note: See Note 1.
Controls the ports LDAP clients can use to connect to the LDAP service, and the authentication methods enabled for each port
Default: TCP/IP port 389 enabled for name-and-password authentication and for anonymous access
Changing requires restarting the LDAP task

Automatically Full Text Index Domino Directory?
Note: See Note 4.
Controls whether the LDAP service creates and updates full-text indexes on the Domino Directories it serves
Default: does not create full-text indexes

Choose fields that anonymous users can query via LDAP
Note: See Notes® 2 and 3.
If the port settings allow anonymous access, controls which attributes anonymous LDAP users can search
Changing requires restarting the server

Allow LDAP users write access
Note: See Note 3.
Controls whether LDAP users can modify a directory
Default: LDAP modifications not allowed
Changing requires restarting the server

Rules to follow when this directory.
Note: See Note 4.
Controls how the LDAP service responds when it encounters more than one entry or naming rule that applies to an LDAP add, modify, or compare operation
Default: don't carry out the operation

Timeout
Note: See Note 4.
Controls the maximum time allowed to process an LDAP search
Default: no limit

Maximum number of entries returned
Note: See Note 4.
Controls the maximum number of entries that the LDAP service can return in response to an LDAP search
Default: no limit

Minimum characters for wildcard search
Note: See Note 4.
Controls the minimum number of characters users must place before the first wildcard in a substring search filter
Default: 1

Allow Alternate Language Information processing
Note: See Note 4.
Controls whether LDAP users can do alternate language searches
Default: not allowed

Enforce schema?
Note: See Note 4.
Controls whether directory modifications through LDAP must conform to the schema
Default: schema enforced

DN Required on Bind?
Note: See Note 4.
Controls whether the LDAP service requires clients to log on with distinguished names for name-and-password authentication
Default: distinguished logon names not required

Encode results in UTF8 for LDAP-v2 clients?
Note: See Note 4.
Controls whether the LDAP service returns results in OUTFIT to LDAP v2 clients.
Default: Returns results in OUTFIT to v2 clients

Maximum number of referrals Controls the maximum number of directory server referrals the LDAP service can return to a client
Default: 1

Activity Logging truncation size
Note: See Note 4.
Controls the size of the information Activity Logging can log for an LDAP Add or Modify operation
Default: 4096 bytes

Allow dereferencing of aliases on search requests? Enables limited alias dereferencing for LDAP search requests
Default: not enabled

1. Set in the Server document of each server that runs the LDAP service. To configure authentication options for the ports enabled in a Server document, you can instead use a Directory Site document.

2. Alternatively, use the database ACL/extended ACL to specify anonymous LDAP search access.

3. Set in the domain Configuration Settings document of each Domino Directory and Extended Directory Catalog the LDAP service serves. Each directory can have different settings.

4. Set in the domain Configuration Settings document of the primary Domino Directory of the servers that run the LDAP service in a domain. Setting applies to the LDAP service running on any server in the domain.

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help

All Help Contents

Setting	Description
Port and port security settings Note: See Note 1.	Controls the ports LDAP clients can use to connect to the LDAP service, and the authentication methods enabled for each port Default: TCP/IP port 389 enabled for name-and-password authentication and for anonymous access Changing requires restarting the LDAP task
Automatically Full Text Index Domino Directory? Note: See Note 4.	Controls whether the LDAP service creates and updates full-text indexes on the Domino Directories it serves Default: does not create full-text indexes
Choose fields that anonymous users can query via LDAP Note: See Notes® 2 and 3.	If the port settings allow anonymous access, controls which attributes anonymous LDAP users can search Changing requires restarting the server
Allow LDAP users write access Note: See Note 3.	Controls whether LDAP users can modify a directory Default: LDAP modifications not allowed Changing requires restarting the server
Rules to follow when this directory. Note: See Note 4.	Controls how the LDAP service responds when it encounters more than one entry or naming rule that applies to an LDAP add, modify, or compare operation Default: don't carry out the operation
Timeout Note: See Note 4.	Controls the maximum time allowed to process an LDAP search Default: no limit
Maximum number of entries returned Note: See Note 4.	Controls the maximum number of entries that the LDAP service can return in response to an LDAP search Default: no limit
Minimum characters for wildcard search Note: See Note 4.	Controls the minimum number of characters users must place before the first wildcard in a substring search filter Default: 1
Allow Alternate Language Information processing Note: See Note 4.	Controls whether LDAP users can do alternate language searches Default: not allowed
Enforce schema? Note: See Note 4.	Controls whether directory modifications through LDAP must conform to the schema Default: schema enforced
DN Required on Bind? Note: See Note 4.	Controls whether the LDAP service requires clients to log on with distinguished names for name-and-password authentication Default: distinguished logon names not required
Encode results in UTF8 for LDAP-v2 clients? Note: See Note 4.	Controls whether the LDAP service returns results in OUTFIT to LDAP v2 clients. Default: Returns results in OUTFIT to v2 clients
Maximum number of referrals	Controls the maximum number of directory server referrals the LDAP service can return to a client Default: 1
Activity Logging truncation size Note: See Note 4.	Controls the size of the information Activity Logging can log for an LDAP Add or Modify operation Default: 4096 bytes
Allow dereferencing of aliases on search requests?	Enables limited alias dereferencing for LDAP search requests Default: not enabled