Procedure

1. Make sure you have read thoroughly the documentation on Extended ACLs.

2. Open the directory and select Enable Extended Access in the Advanced tab of the database ACL; then click OK.

3. On the Basics tab of the ACL, give the Anonymous entry Reader access.

4. Click Extended Access and set the access as follows:

a. Select / (root) as the target.

b. Add Anonymous as a subject at / (root).

c. Leave This container and all descendants selected as the scope.

6. Click Form and Field Access.

7. Next to Schema, select Domino.

8. In the Forms box, select Person.

9. With the Person form still selected, select each of the following fields in the Fields box, and for each field click Allow Read:

• AltFullName
• Certificate
• FirstName
• InternetAddress
• LastName
• Location
• MailAddress
• MailDomain
• O
• OfficeCity
• OfficeCountry
• OfficeState
• OU
• PublicKey
• ShortName
• Street
• Type
• UserCertificate

11. With the Group form still selected, select each of the following fields in the Fields box, and for each field click Allow Read:

• InternetAddress
• MailDomain
• Members
• Type

13. In the Object Classes box, select dominoPerson.

14. With the dominoPerson object class still selected, in the Attributes box select cn and click Allow Read.

15. Click OK twice, and when you see the message Save changes before exiting? Click Yes.

Results

If you disable Enable Extended Access in a directory ACL, the default settings in the Choose fields that anonymous users can query via LDAP setting in the domain Configuration Settings document resume control of anonymous LDAP search access for the directory.

Related concepts
Extended ACL
Enabling extended access
Configuring anonymous LDAP search access to a directory
Customizing the LDAP service configuration
The LDAP service

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help