Home
Welcome to the HCL Domino 11.0.1 documentation
Welcome to the HCL Domino® 11.0.1 documentation. Here administrators can find information about planning, installing, configuring, and administering Domino 11.0.1.
Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring directory services
This section describes how to plan, set up, and use HCL Domino® directory services.
Directory assistance
Directory assistance allows a server to look up information in a directory other than a local primary Domino® Directory (NAMES.NSF).
Setting up directory assistance
To set up directory assistance in an Domino® domain, complete these procedures.
Creating a Directory Assistance document for a remote LDAP directory
To set up directory assistance for a remote LDAP directory, create a Directory Assistance document for the directory in a directory assistance database.
Specifying a name and password for Domino® servers in a Directory Assistance document for a remote LDAP directory
In the Optional Authentication Credential section on the LDAP tab of a Directory Assistance document for a remote LDAP directory you can enter a distinguished user name and a password. If a Domino® server connects to the remote LDAP directory server, it presents the name and password so the remote LDAP directory server can authenticate the Domino server.

Welcome to the HCL Domino 11.0.1 documentation
Welcome to the HCL Domino® 11.0.1 documentation. Here administrators can find information about planning, installing, configuring, and administering Domino 11.0.1.
- Translated documentation
  The HCL Domino 11.0.1 documentation is currently available in the following languages.
- What's new in Domino® 11?
  Learn about all of the new features for administrators in HCL Domino® 11.
- Overview
  Welcome to HCL Domino® Administrator Help.
- Domino trial
  A trial version of HCL Domino® 11.0.1 is available free of charge.
- Installing
  Use this documentation to install the HCL Domino® server and subsequently deploy the HCL Notes®client.
- Planning
  Use this topic as an overview of planning task.
- Configuring
  Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
  - Configuring a network
    This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
  - Configuring users and servers
    Topics in this section describe how to set up users and servers.
  - Editing the NOTES.INI file
    You should rarely, if ever, need to modify a server's or client's NOTES.INI file. The NOTES.INI file contains many settings that Domino® and Notes® rely on to work properly. An accidental or incorrect change may cause Domino or Notes to run unpredictably. Therefore, you should edit the NOTES.INI file only if special circumstances occur or if Support recommends that you do so.
  - Configuring directory services
    This section describes how to plan, set up, and use HCL Domino® directory services.
    - The Domino® Directory
      The Domino® Directory, which some previous releases referred to as the Public Address Book or Name and Address Book, is a database that Domino creates automatically on every server. The Domino Directory is a directory of information about users, servers, and groups, as well as custom entries you may add. Registering users and servers in a domain automatically creates corresponding Person documents and Server documents in the Domino Directory for the domain. These documents contain detailed information about each user and server.
    - The LDAP service
      Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for searching and managing entries in a directory, where an entry has one or more attributes associated with a distinguished name. A distinguished name -- for example, cn=Phyllis Spera,ou=Sales,ou=East,o=Renovations -- is a name that identifies an entry within a directory tree.
    - LDAP schema
      A directory entry contains information about a particular entity, or object -- for example, a person or a group -- and is associated with a distinguished name. An LDAP schema is a set of rules that define what can be stored as entries in an LDAP directory. Each LDAP directory has a default schema, which organizations can customize, or "extend," by adding elements to it. The elements of a schema are attributes, syntaxes, and object classes. LDAP directory servers provide the ability to enforce the schema to ensure that directory changes made using LDAP operations conform to it.
    - ldapsearch utility
      Domino® and Notes® provide a command-line search utility, LDAPSEARCH.EXE, that you use to search entries in any LDAP directory. The ldapsearch utility connects to a directory server and returns results that match search criteria you specify. It is available on Domino server and Notes client platforms.
    - Directory assistance
      Directory assistance allows a server to look up information in a directory other than a local primary Domino® Directory (NAMES.NSF).
      - How directory assistance works
        To configure directory assistance, you create a directory assistance database from the template DA.NTF, and replicate it to the servers that will use it. A server must have a local replica of a directory assistance database to use directory assistance. Then you add the database file name to the Directory Assistance database name field in the Domino® Directory Server documents of these servers.
      - Directory assistance services
        Before you set up directory assistance, read about the services directory assistance can provide.
      - Directory assistance concepts
        Before you set up directory assistance, read about these directory assistance concepts.
      - Setting up directory assistance
        To set up directory assistance in an Domino® domain, complete these procedures.
        Creating and replicating a directory assistance database
        Create a directory assistance database on one server, and then create a replica of the database on each server in the domain that will use it for directory assistance.
        Setting up servers to use a directory assistance database
        After you create a directory assistance database and replicate it to servers, set up the servers to use the database. To set up a server to use a directory assistance database, add the file name of the server's replica of the database to the Directory assistance database name field of the server's Server document in the primary Domino® Directory.
        Creating a Directory Assistance document for a Domino® Directory or extended directory catalog
        To set up directory assistance for an HCL Domino® Directory or an extended directory catalog, create a Directory Assistance document for the directory in the directory assistance database.
        Creating a Directory Assistance document for a remote LDAP directory
        To set up directory assistance for a remote LDAP directory, create a Directory Assistance document for the directory in a directory assistance database.
        Configuring SSL in a Directory Assistance document for a remote LDAP directory
        If an HCL Domino® server uses a remote LDAP directory to look up credentials during Internet client authentication, or to look up the members of groups during database authorization, specify that the server use SSL to connect to the LDAP directory server. Specify SSL so there are secure communications between the Domino server and the LDAP server, and so that the Domino server can use an X.509 certificate to verify the remote LDAP directory server's identity.
        Specifying a name and password for Domino® servers in a Directory Assistance document for a remote LDAP directory
        In the Optional Authentication Credential section on the LDAP tab of a Directory Assistance document for a remote LDAP directory you can enter a distinguished user name and a password. If a Domino® server connects to the remote LDAP directory server, it presents the name and password so the remote LDAP directory server can authenticate the Domino server.
        Configuring search filters in a Directory Assistance document for a remote LDAP directory
        For servers that use directory assistance to search a remote LDAP directory, you can control which LDAP search filters are used to search the directory. Use the Type of search filter to use field in the Directory Assistance document for the directory whose to control which LDAP search filters are used to search the directory.
        Configuring alias dereferencing in a Directory Assistance document for a remote LDAP directory
        An alias entry in an LDAP directory is an entry that points to another entry. Searching the entry that an alias entry points to is known as dereferencing an alias.
        Using Notes® distinguished names in a remote LDAP directory
        This feature allows organizations that migrate users from a Domino® Directory to a remote LDAP directory to continue to use the original Notes® distinguished names for users. This feature is also useful as a way to hide complex LDAP distinguished names from users.
        Special considerations for change detection
        Some subsystems in the Domino® server perform searches against LDAP servers. Directory Assistance, for instance, uses and retains LDAP search results for a period of time, eliminating the need to obtain refreshed information from the LDAP servers. Domino allows these subsystems to quickly detect if entries in certain LDAP directories have changed, allowing Domino subsystems to flush stale search results and conduct another search for current LDAP information.
      - Directory assistance examples
        These examples illustrate directory assistance for one secondary Domino® Directory, for an extended directory catalog, and for an extended directory catalog and a remote LDAP directory.
    - Directory Sync
      Directory Sync allows you to sync people and group data from an external LDAP directory into the Domino® directory. Currently data from Active Directory can be synced.
    - Directory catalogs
      A directory catalog is an optional directory database that typically contains information aggregated from multiple Domino® directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses.
    - Extended ACL
      An extended access control list (ACL) is an optional directory access-control feature available for a directory created from the PUBNAMES.NTF template -- a Domino® Directory or an extended directory catalog. An extended ACL is tied to the database ACL, and you access it through the Access Control List dialog box using a Notes® or Domino Administrator client.
    - Setting up Domino® Active Directory synchronization (Deprecated)
      When the Domino® server is installed on a Microsoft™ Windows™ 2003 server, as an administrator, you typically need to maintain two separate directories for the same set of people and groups. Maintaining user and group information involves adding entries to both directories, deleting entries, ensuring that passwords are the same when users use Notes® Single Logon, coordinating group membership in both directories, and ensuring that user or group settings, such as email addresses and telephone numbers, are identical.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
  - Configuring iNotes®
    HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.
  - Configuring Web servers
    This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
- Securing
  This section describes security features, including execution control lists, IDs, and SSL.
- Administering
  This documentation provides information about the administration tools for managing and monitoring servers and databases.
- Tuning
  Use this information to improve HCL Domino® server, Domino Web server, and messaging performance through the use of resource balancing and activity trends, Server.Load commands, advanced database properties, cluster statistics, and the Server Health Monitor.
- Troubleshooting
  This section describes how to find and solve problems with HCL Domino® server and Administrator client.
- Notices

Specifying a name and password for Domino® servers in a Directory Assistance document for a remote LDAP directory

In the Optional Authentication Credential section on the LDAP tab of a Directory Assistance document for a remote LDAP directory you can enter a distinguished user name and a password. If a Domino® server connects to the remote LDAP directory server, it presents the name and password so the remote LDAP directory server can authenticate the Domino® server.

About this task

If you do not specify a name and password, a Domino® server attempts to connect to a remote LDAP directory server anonymously. You must specify a name and password if the remote LDAP directory server does not allow anonymous access.

Enter a distinguished name in the Username field, and a password in the Password field. The name and password must correspond to a valid name and password in the remote LDAP directory. Enter the distinguished name in LDAP format, for example cn=domino server,o=renovations.

Perform the following steps to encrypt the Directory Assistance document to restrict access to the name and password:

Procedure

Right-click the Directory Assistance document, select Properties, and click the key tab.
In the Public Encryption keys field, enter:
- The name of each administrator who requires access to the Directory Assistance document.
- The name of each Domino® server that uses the document to connect to the remote LDAP directory server or that replicates changes to the directory assistance database.
  Note: Be sure to add at least one administrator name, otherwise no one will be able to open the document.

Results

The document is encrypted with the public keys of the specified administrators and servers so that only they can access the document.