Extended directory catalogs and group lookups for database authorization

You can use the groups in one directory configured in a Directory Assistance database, in addition to the primary Domino® Directory, to authorize database access for Internet and Notes® clients. When group authorization is enabled for a directory, if a server finds groups in a database ACL, it can look up the members of the groups to verify a user's access to a database. The one directory enabled for group authorization can be an extended directory catalog, which effectively allows servers to use groups from any of the source Domino® directories for database access control.

About this task

Select the option Group authorization in the Directory Assistance document for the extended directory catalog to enable this feature. If you enable group authorization for an extended directory catalog, you cannot enable it for any other directory, Notes® or LDAP, configured in the directory assistance database.

If you enable Group authorizationfor an extended directory catalog, and groups used for database access control in the directory catalog contain groups as members -- nested groups -- a server looks up names in the nested groups only if the nested groups are located in the extended directory catalog.

Note: A server cannot use groups aggregated in a condensed directory catalog for database authorization.