Directory catalogs and client authentication

When an Internet client logs on to a server to authenticate, the server can look up the client name in the directory catalog to find the client credentials for authentication.

Using an extended directory catalog for client authentication

Procedure

  1. To allow a server to use an extended directory catalog to look up client names for authentication, in the Directory Assistance document for the extended directory catalog, enable a rule that is trusted for credentials.
  2. In addition, if you don't aggregate all fields from documents as recommended, you must aggregate the fields required for the authentication. For example, to use name-and-password security, aggregate the HTTPPassword field from Person documents. Or to use X.509 certificate security, aggregate the userCertificate field.
  3. If you want servers to use some secondary Domino® Directories for Internet client authentication but not others, you can create one extended directory catalog that aggregates the Domino Directories to use for authentication, and another that aggregates the other Domino Directories. Then create a Directory Assistance document for each extended directory catalog, and enable a rule that is trusted for credentials only in the one that aggregates the directories to be used for authentication.

Directory catalogs and Notes client authentication

About this task

By default, when a Notes® client logs on to a server, the server does not look up information in Domino Directory Person documents during the client authentication process. However, if the option Compare Notes public keys against those stored in Directory is enabled in the server's Server document, then the server must be able to look up public key information in Person documents to authenticate Notes clients.

If there are Notes users who use a server with this option enabled who are not registered in the server's primary Domino Directory, servers can use a directory catalog that it trusts for credentials, to look up names to do the public key comparison.