Enabling extended access

To set up an extended ACL for a Domino® Directory or Extended Directory Catalog, you must enable extended access for the database.

Before you enable extended access, make sure you understand the implications of doing so:

  • Enabling extended access may take a few minutes on a very large directory database. The Notes® or Domino® Administrator client is unavailable for other purposes during this process.
  • To ensure that the database replicates properly, extended access requires use of the advanced database ACL option Enforce a consistent Access Control List across all replicas.
  • Enabling extended access enforces the database ACL, extended ACL, and Readers and Authors fields for Notes® clients looking up names in the directory. For example, if you enable extended access, then Notes® users who are addressing mail must have at least Reader access in the database ACL to use type-ahead addressing or F9 address resolution against the directory. Or a Notes® application that calls NAMELookup functions to search the directory must have the necessary database access to carry out the operation.
  • Enabling extended access enforces the database ACL and extended ACL for anonymous LDAP searches of the directory. Enabling extended access removes the anonymous LDAP access settings from the domain Configuration Settings document, and they remain removed unless you disable extended access at a later point. By default the directory database ACL gives Anonymous users No Access, so if you want LDAP users to search the directory anonymously, you must change the access for the Anonymous entry if you enable extended access.
CAUTION: Do not enable extended access if you have any uncertainty about doing so.

To enable extended access for a Domino® Directory or Extended Directory Catalog:

  1. Open the database, and choose File > Application > Access Control.
  2. Make sure you have Manager access in the database ACL.
  3. Click Advanced, and then select Enable Extended Access.
  4. At this message, click Yes to continue:
    Enabling extended access control enforces additional security checking. See Domino Administrator Help for more details. Do you want to continue?
  5. At this message, which appears only if the advanced database ACL option Enforce a consistent Access Control List across all replicas is not yet enabled, click Yes:
    Consistent access control must be enabled first. Do you want to enable it now?
  6. At this message, click OK:
     If more than one administrator manages extended access control for this database, enable document locking on the database to avoid conflicts.
  7. Click OK in the Access Control List dialog box.
  8. At this message, click OK:
    Enabling extended access control restrictions. This may take a while.
  9. Look at the status bar on the client to see the status of this process.