Home
IBM® Domino 10.0.1 Documentation
Welcome to the IBM® Domino 10.0.1 Administrator Help.
Configuring
Use this information to configure an IBM® Domino® network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters. Also use this information to set up IBM iNotes® on a server using Domino Off-Line Services (DOLS).
Configuring directory services
This section describes how to plan, set up, and use IBM® Domino® directory services.
LDAP schema
A directory entry contains information about a particular entity, or object -- for example, a person or a group -- and is associated with a distinguished name. An LDAP schema is a set of rules that define what can be stored as entries in an LDAP directory. Each LDAP directory has a default schema, which organizations can customize, or "extend," by adding elements to it. The elements of a schema are attributes, syntaxes, and object classes. LDAP directory servers provide the ability to enforce the schema to ensure that directory changes made using LDAP operations conform to it.
Searching the root DSE and schema entry
The LDAP service supports schema-publishing, which means the directory includes a schema entry that you can use to retrieve the directory schema. Use the ldapsearch utility provided with Notes® and Domino® or use another LDAP V3-compliant LDAP search tool to search the root directory server entry (DSE) to determine the name of this schema entry and to retrieve other information about the Domino LDAP directory -- for example, to retrieve the LDAP versions, extensions, and controls supported.

IBM® Domino 10.0.1 Documentation
Welcome to the IBM® Domino 10.0.1 Administrator Help.
- What's new in IBM® Domino® 10?
  Learn about all of the new features for administrators in IBM® Domino® 10.
- Overview
  Welcome to IBM® Domino® Administrator Help.
- Installing
  Use this documentation to install the IBM® Domino® server and subsequently deploy the IBM Notes® client.
- Planning
  Use this topic as an overview of planning task.
- Configuring
  Use this information to configure an IBM® Domino® network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters. Also use this information to set up IBM iNotes® on a server using Domino Off-Line Services (DOLS).
  - Configuring a network
    This section presents the planning concepts and setup procedures necessary for a successful IBM® Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
  - Configuring users and servers
    Topics in this section describe how to set up users and servers.
  - Editing the NOTES.INI file
    You should rarely, if ever, need to modify a server's or client's NOTES.INI file. The NOTES.INI file contains many settings that Domino® and Notes® rely on to work properly. An accidental or incorrect change may cause Domino or Notes to run unpredictably. Therefore, you should edit the NOTES.INI file only if special circumstances occur or if IBM® Support Services recommends that you do so.
  - Configuring directory services
    This section describes how to plan, set up, and use IBM® Domino® directory services.
    - The Domino® Directory
      The Domino® Directory, which some previous releases referred to as the Public Address Book or Name and Address Book, is a database that Domino creates automatically on every server. The Domino Directory is a directory of information about users, servers, and groups, as well as custom entries you may add. Registering users and servers in a domain automatically creates corresponding Person documents and Server documents in the Domino Directory for the domain. These documents contain detailed information about each user and server.
    - The LDAP service
      Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for searching and managing entries in a directory, where an entry has one or more attributes associated with a distinguished name. A distinguished name -- for example, cn=Phyllis Spera,ou=Sales,ou=East,o=Renovations -- is a name that identifies an entry within a directory tree.
    - LDAP schema
      A directory entry contains information about a particular entity, or object -- for example, a person or a group -- and is associated with a distinguished name. An LDAP schema is a set of rules that define what can be stored as entries in an LDAP directory. Each LDAP directory has a default schema, which organizations can customize, or "extend," by adding elements to it. The elements of a schema are attributes, syntaxes, and object classes. LDAP directory servers provide the ability to enforce the schema to ensure that directory changes made using LDAP operations conform to it.
      - The Domino® LDAP schema
        The default Domino® LDAP schema includes both Domino-specific and LDAP-standard elements.
      - The schema daemon
        When the LDAP service runs on a server, it spawns a schema daemon that runs at regular intervals. The schema daemon running on the administration server for the Domino® Directory implements schema changes and propagates the changes to other (subordinate) servers in the domain that run the LDAP service. The schema daemon running on each subordinate server updates its LDAP service with the schema changes propagated from the administration server. The Domino LDAP Schema database (SCHEMA.NSF) is the vehicle for propagating the schema changes.
      - Domino® LDAP Schema database
        The schema daemon spawned by the LDAP service running on the administration server for the Domino® Directory creates the Domino LDAP Schema database (SCHEMA.NSF). Subordinate servers within the domain that run the LDAP service automatically get a replica of this database. The Schema database is the vehicle used to propagate schema changes to all the servers in the domain that run the LDAP service.
      - Methods for extending the schema
        Extending the schema refers to adding elements to the schema, usually object classes and attributes. The default schema comes with many object classes and attributes that are ready to be used for entries.
      - Guidelines for extending the schema
        Regardless of the method you use to extend the schema, see this topic for guidelines.
      - Extending the schema using the Schema database
        You can use the Domino® LDAP Schema database to extend the schema by adding attributes, object classes, and syntaxes to the schema.
      - Deleting schema elements from the Schema database
        If you use the Domino® LDAP Schema database (SCHEMA.NSF) to add an element to the schema, you can delete that element if it is no longer needed. After you delete an element, entries already in the directory with values for the deleted element remain, but LDAP add and modify operations can no longer specify the deleted element if schema-checking is enabled.
      - Schema-checking
        When schema-checking is enabled the LDAP service carries out LDAP add and modify operations only if the operations conform to the schema. Schema checking is enabled by default and it is best to keep this default behavior if you allow write access to a directory so that you have better control over the contents of a directory.
      - Searching the root DSE and schema entry
        The LDAP service supports schema-publishing, which means the directory includes a schema entry that you can use to retrieve the directory schema. Use the ldapsearch utility provided with Notes® and Domino® or use another LDAP V3-compliant LDAP search tool to search the root directory server entry (DSE) to determine the name of this schema entry and to retrieve other information about the Domino LDAP directory -- for example, to retrieve the LDAP versions, extensions, and controls supported.
      - LDAP root DSE attributes
        LDAP clients, such as the NAMELookup/LDAP Gateway in Domino®, need to be able to determine special capabilities belonging to a given LDAP server. Once these capabilities are determined, LDAP clients can then decide whether to take advantage of them.
    - ldapsearch utility
      Domino® and Notes® provide a command-line search utility, LDAPSEARCH.EXE, that you use to search entries in any LDAP directory. The ldapsearch utility connects to a directory server and returns results that match search criteria you specify. It is available on Domino server and Notes client platforms.
    - Directory assistance
      Directory assistance allows a server to look up information in a directory other than a local primary Domino® Directory (NAMES.NSF).
    - Directory catalogs
      A directory catalog is an optional directory database that typically contains information aggregated from multiple Domino® directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses.
    - Extended ACL
      An extended access control list (ACL) is an optional directory access-control feature available for a directory created from the PUBNAMES.NTF template -- a Domino® Directory or an extended directory catalog. An extended ACL is tied to the database ACL, and you access it through the Access Control List dialog box using a Notes® or Domino Administrator client.
    - Setting up Domino® Active Directory synchronization
      When the Domino® server is installed on a Microsoft™ Windows™ 2003 server, as an administrator, you typically need to maintain two separate directories for the same set of people and groups. Maintaining user and group information involves adding entries to both directories, deleting entries, ensuring that passwords are the same when users use Notes® Single Logon, coordinating group membership in both directories, and ensuring that user or group settings, such as email addresses and telephone numbers, are identical.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
  - Configuring iNotes®
    IBM® iNotes® (previously IBM Domino® Web Access) provides IBM Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of IBM iNotes.
  - Configuring Web servers
    This section describes how to set up the IBM® Domino® Web server, the Domino Web Navigator, and other Web servers such as IBM HTTP.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
- Securing
  This section describes IBM® Domino® security features, including execution control lists, IDs, and SSL.
- Administering
  This documentation provides information about the administration tools for managing and monitoring IBM Domino® servers and databases.
- Tuning
  Use this information to improve IBM® Domino® server, Domino Web server, and messaging performance through the use of resource balancing and activity trends, Server.Load commands, advanced database properties, cluster statistics, and the Server Health Monitor.
- Troubleshooting
  This section describes how to find and solve problems with IBM® Domino® server and Administrator client.
- Glossary

Searching the root DSE and schema entry

The LDAP service supports schema-publishing, which means the directory includes a schema entry that you can use to retrieve the directory schema. Use the ldapsearch utility provided with Notes® and Domino® or use another LDAP V3-compliant LDAP search tool to search the root directory server entry (DSE) to determine the name of this schema entry and to retrieve other information about the Domino® LDAP directory -- for example, to retrieve the LDAP versions, extensions, and controls supported.

When you search the root DSE or the schema entry you can specify whether to return values for operational attributes. An operational attribute is an attribute that is used for directory administration.

Searching the root DSE

To search the root DSE, use one of the following ldapsearch commands:

To return the values of all attributes, specify one of the following:

ldapsearch -h hostname -b
'' -s base "(objectclass=*)"

ldapsearch -h hostname -b
"" -s base "(objectclass=*)" * +

To return only the values of non-operational attributes, specify:

ldapsearch -h hostname -b
"" -s base "(objectclass=*)" *

To return only the values of operational attributes, specify:

ldapsearch -h hostname -b
"" -s base "(objectclass=*)" +

Searching the schema entry

To search the schema entry to retrieve the directory schema, use one of the following ldapsearch commands.

To return only the values of non-operational attributes, specify:

ldapsearch
-h hostname -b "cn=schema" -s base "(objectclass=subschema)"
*

To return only the values of operational attributes, specify:

ldapsearch -h hostname -b
"cn=schema" -s base "(objectclass=subschema)" +

To return the values of all attributes, specify:

ldapsearch -h hostname -b
"cn=schema" -s base "(objectclass=subschema)" * +

The easiest way to see the schema is to open the All Schema Documents views in the Domino® LDAP Schema database (SCHEMA.NSF).

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.