Setting up Notes user, Domino server, and Internet user access to a Domino server

You can specify Notes® users and Domino® servers that are allowed to access the server, as well as users who access the server using Internet protocols (HTTP, IMAP, LDAP, POP3). If your system uses multiple Domino Directories, Domino searches only the first Domino Directory specified in the Names setting in the NOTES.INI file for Notes users. If you have enabled the server access settings for Internet protocols, you can also specify users from secondary Domino directories and external LDAP directories in the Allow or Deny access lists.

About this task

It is not necessary to specify Anonymous for the Access server and Not Access server fields. Anonymous access for Notes users is enabled through the Allow anonymous Notes connections field in the Server document, and anonymous access for Internet users is enabled in the Internet Site document for each Internet protocol (or the Server document if you are not using Internet Sites to configure Internet protocols).

To improve log-in performance for a group of frequent users and still allow access to everyone listed in the Domino Directory, create a group named Frequent Users and then enter that group name first in the Access server field. If Domino finds a user in the Frequent Users group first, it doesn't check the Domino Directory for the individual name. For example, enter the following in the Access server field:

Frequent Users, *

To set up Notes user and Domino server access to a Domino server

Procedure

  1. From the Domino Administrator, click Configuration and open the Server document.
  2. Click the Security tab.
  3. Complete one or more of these fields, and then save the document.
    Table 1. Server Access fields

    Field

    Enter

    Access server

    Click the check box to allow server access to users listed in all trusted directories. This box is disabled by default. If this option is not selected, then only those users specified can access the server.

    Add the names of specific Notes users, servers, and groups to whom you want to give access to the server, such as:

    • Names of users, servers, and groups.
    • An asterisk (*) to allow all users in the Domino Directory to have access. This is the same as enabling the Users listed in all trusted directories field.
    • An asterisk, followed by a certificate name -- for example, */Sales/East/Renovations -- to allow all users certified by a particular certifier to have access.
    • An asterisk followed by the name of the view -- for example, *($Users) -- to allow all names that appear in a specific view in the Domino Directory to have access. Access time is quicker if you specify a group name rather than a view name.

    The default value for this field is blank, which means that all users can access the server.

    Separate multiple names with a comma or semicolon.

    Not access server

    Any of these:

    • Names of users, servers, and groups.
    • An asterisk, followed by a certificate name -- for example, */Sales/East/Renovations -- to deny access to all users certified by a particular certifier.
    • An asterisk followed by the name of the view -- for example, *($Users) -- to deny access to all names that appear in a specific view in the Domino Directory. Access time is quicker if you specify a group name rather than a view name.

    The default value for this field is blank, which means that all names entered in the Access server field can access the server.

    Names entered in the Not Access server field take precedence over names entered in the Access server field. For example, if you enter a group name in the Access server field and enter the name of an individual member of this group in the Not Access server field, the user will not be able to access the server.

    Note: An alternative way to deny Notes user access to a server is to lock out an individual user's ID from the server.

    Separate multiple names with a comma or semicolon.

    Trusted servers

    Names of servers that are trusted to assert the identities of users to this server, and thus are trusted by the current server to have authenticated those users. Used for remote agent access and xSP.

To enable Server document access settings for Internet protocols

Procedure

  1. From the Domino Administrator, click Configuration and open the Server document.
  2. Click Ports > Internet Ports.
  3. Choose the Internet protocol tab for which you want to enable server access settings.
  4. In the field Enforce server access settings, select Yes.