Home
Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring users and servers
Topics in this section describe how to set up users and servers.
Configuring directory services
This section describes how to plan, set up, and use HCL Domino® directory services.
Directory catalogs
A directory catalog is an optional directory database that typically contains information aggregated from multiple Domino® directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses.
Planning issues specific to extended directory catalogs
Consider the issues in the related topics when planning an extended directory catalog.
Extended directory catalogs and group lookups for database authorization
You can use the groups in one directory configured in a Directory Assistance database, in addition to the primary Domino® Directory, to authorize database access for Internet and Notes® clients. When group authorization is enabled for a directory, if a server finds groups in a database ACL, it can look up the members of the groups to verify a user's access to a database. The one directory enabled for group authorization can be an extended directory catalog, which effectively allows servers to use groups from any of the source Domino directories for database access control.

Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
- Configuring a network
  This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
- Configuring users and servers
  Topics in this section describe how to set up users and servers.
  - Understanding the Server document
    The Server document is set up when you register a server. It contains many of the settings that define how your server operates.
  - Policies
    Use Domino® policy settings to control how users work with Notes®. A policy is a document that identifies a collection of individual policy settings. Policy settings documents define a set of defaults that apply to the users and groups to which the policy is assigned. You can change policy settings and they will be automatically applied to the assigned users and groups.
  - Defining default settings for Notes® user registration
    Before you register new Notes® users, you can specify default settings that apply to all users. Default settings simplify user registration and ensure user settings consistency. You can define many default settings, such as what mail server users have or what certifier ID to use for user registration. You can also specify a default workstation execution control list (ECL) to protect data from unauthorized workstation access.
  - Using groups
    Groups are lists of users, groups, and servers that have common traits. They are useful for mailing lists and access control lists. Using groups can simplify administration tasks.
  - Replicas
    You can make a database available to users in different locations, on different networks, or in different time zones, by creating replicas of the database.
  - Calendars and scheduling
    The calendar and scheduling features allow users to check the free time of other users, schedule meetings with them, and reserve resources, such as conference rooms and equipment.
  - Editing the notes.ini file
    The Domino and Notes notes.ini files contain the settings required for the server and client to operate correctly. If you modify or add settings in a notes.ini file, do so cautiously and never edit the file directly with a text editor.
  - Configuring directory services
    This section describes how to plan, set up, and use HCL Domino® directory services.
    - The Domino® Directory
      The Domino® Directory, which some previous releases referred to as the Public Address Book or Name and Address Book, is a database that Domino creates automatically on every server. The Domino Directory is a directory of information about users, servers, and groups, as well as custom entries you may add. Registering users and servers in a domain automatically creates corresponding Person documents and Server documents in the Domino Directory for the domain. These documents contain detailed information about each user and server.
    - The LDAP service
      Lightweight Directory Access Protocol (LDAP) is a standard Internet protocol for searching and managing entries in a directory, where an entry has one or more attributes associated with a distinguished name. A distinguished name -- for example, cn=Phyllis Spera,ou=Sales,ou=East,o=Renovations -- is a name that identifies an entry within a directory tree.
    - LDAP schema
      A directory entry contains information about a particular entity, or object -- for example, a person or a group -- and is associated with a distinguished name. An LDAP schema is a set of rules that define what can be stored as entries in an LDAP directory. Each LDAP directory has a default schema, which organizations can customize, or "extend," by adding elements to it. The elements of a schema are attributes, syntaxes, and object classes. LDAP directory servers provide the ability to enforce the schema to ensure that directory changes made using LDAP operations conform to it.
    - ldapsearch utility
      Domino® and Notes® provide a command-line search utility, LDAPSEARCH.EXE, that you use to search entries in any LDAP directory. The ldapsearch utility connects to a directory server and returns results that match search criteria you specify. It is available on Domino server and Notes client platforms.
    - Directory assistance
      Directory assistance allows a server to look up information in a directory other than a local primary Domino® Directory (NAMES.NSF).
    - Directory Sync
      Directory Sync allows you to sync people and group data from an external LDAP directory into the Domino® directory. Currently data from Active Directory can be synced.
    - Directory catalogs
      A directory catalog is an optional directory database that typically contains information aggregated from multiple Domino® directories. Clients and servers can use a directory catalog to look up mail addresses and other information about the people, groups, mail-in databases, and resources throughout an organization, regardless of the number of Domino domains and Domino Directories the organization uses.
      - Condensed directory catalogs
        You create a condensed directory catalog from the Directory Catalog template (DIRCAT5.NTF). For example, an organization can have several directories that together contain more than 350,000 users and total 3GB in size. When these directories are aggregated in a condensed directory catalog, it is likely to be only about 50MB.
      - Directory catalogs on servers compared to directory assistance for individual Domino® Directories
        A server can do lookups directly in a secondary Domino® Directory using directory assistance, or can do lookups in a directory catalog that aggregates information from the secondary Domino Directory.
      - Extended directory catalogs
        You can set up servers to use an extended directory catalog. You create an extended directory catalog from the PUBNAMES.NTF template, the same template used to create the Domino® Directory. An extended directory catalog combines advantages of a Domino Directory and a condensed directory catalog. It aggregates entries from multiple Domino directories into a single directory database as does the condensed directory catalog, but it retains the individual documents and the multiple, sorted views available in the Domino Directory to facilitate quick name lookups.
      - Overview of directory catalog setup
        To set up a directory catalog, you first create a directory catalog database. You use the PUBNAMES.NTF template to create an extended directory catalog for a server or the DIRCAT5.NTF template to create a condensed directory catalog for clients. In the directory catalog database, you create a configuration document in which you indicate which Domino® Directories -- known as the source Domino Directories -- to aggregate, which information from them to aggregate, and other options.
      - Planning to set up directory catalogs
        When planning directory catalogs, consider the following issues.
      - Directory catalogs and client authentication
        When an Internet client logs on to a server to authenticate, the server can look up the client name in the directory catalog to find the client credentials for authentication.
      - Directory catalogs and Notes® mail encryption
        When Notes® users send encrypted mail to users registered in secondary Domino® Directories, servers can use an extended directory catalog to look up the public keys of the recipients to encrypt the mail. Even off-line Notes users with condensed directory catalogs can flag mail for encryption; then when they reconnect to the network to send the mail, the clients look up the public keys in the extended directory catalog.
      - Picking the server(s) to run the Dircat task
        The Dircat task (Directory Cataloger) is the server task that initially aggregates information from source Domino® Directories into a directory catalog, and then continues to run at scheduled intervals to update the directory catalog to reflect changes to the source Domino Directories, or to the directory catalog configuration. The Dircat task aggregates both condensed Directory Catalogs and Extended Directory Catalogs.
      - Specifying the Domino® Directories for the Dircat task to aggregate
        You use the Directories to include field in a directory catalog configuration document to indicate which source Domino® Directories the Dircat task aggregates. The Dircat task runs on replicas of the specified directories, in the order in they are listed in the Directories to include field. Use commas to separate source directory file names.
      - Controlling which information is aggregated into a directory catalog
        Read the topics listed in the related links to learn about controlling which information the Dircat task aggregates into a directory catalog.
      - Full-text indexing directory catalogs
        A condensed directory catalog should have a full-text index, but a full-text index on an extended directory catalog is optional.
      - Planning issues specific to extended directory catalogs
        Consider the issues in the related topics when planning an extended directory catalog.
        Extended directory catalog size
        Because the extended directory catalog contains the views that are in a standard Domino® Directory and combines multiple Domino directories into one database, it typically is very large. If you aggregate all fields as recommended, an extended directory catalog is about the size of all the aggregated Domino directories combined. Do not replicate the database to Notes® clients, and use as few replicas on servers as feasible.
        Extended directory catalogs and directory assistance
        Unless you integrate an extended directory catalog into a server's primary Domino® Directory, a server must use directory assistance to look up information in an extended directory catalog, and to determine whether to use an extended directory catalog for client authentication and/or group lookups for database authorization.
        Extended directory catalogs and group lookups for database authorization
        You can use the groups in one directory configured in a Directory Assistance database, in addition to the primary Domino® Directory, to authorize database access for Internet and Notes® clients. When group authorization is enabled for a directory, if a server finds groups in a database ACL, it can look up the members of the groups to verify a user's access to a database. The one directory enabled for group authorization can be an extended directory catalog, which effectively allows servers to use groups from any of the source Domino directories for database access control.
        Integrating an extended directory catalog into a primary Domino® Directory
        You can build an extended directory catalog into an existing primary Domino® Directory so that servers and users within the domain can use a single integrated corporate directory. Instead of creating a new database from the PUBNAMES.NTF template in which to add the directory catalog configuration document and aggregate documents, create the configuration document in the primary Domino Directory (NAMES.NSF). All the original documents in the NAMES.NSF are retained, and the Dircat task adds documents aggregated from other Domino Directories into the database.
      - Planning issues specific to condensed directory catalogs
        Using a condensed directory catalog on a server is no longer supported. If you created condensed directory catalogs and are using them on servers running earlier releases, they will continue to operate, but are not recommended.
      - Multiple directory catalogs
        You can set up Notes® clients to use more than one condensed directory catalog, set up servers to use more than one extended directory catalog, and set up groups of clients or servers to use separate directory catalogs.
      - Overview of setting up a condensed directory catalog
        The following tables describe the databases, documents, and fields you use to set up a condensed directory catalog, in the order in which you use them.
      - Overview of setting up an extended directory catalog
        The following table describes the databases, documents, and fields used to set up an extended directory catalog, in the order in which you use them.
      - The Dircat task
        When the Dircat task runs it can do one of these things to a directory catalog: build it, update it, partially rebuild it, or fully rebuild it. The first time the Dircat task runs on a directory catalog it builds it. Subsequently, the Dircat task usually updates a directory catalog, which means it checks for changes to the contents of fields in the source Domino® Directories, and then makes the appropriate changes to the directory catalog.
      - Opening the configuration document for a directory catalog
        You can open the configuration document for a directory catalog.
      - Monitoring directory catalogs
        You can use multiple commands and settings to monitor directory catalogs, and you can mail directory catalog reports to users you specify.
    - Extended ACL
      An extended access control list (ACL) is an optional directory access-control feature available for a directory created from the PUBNAMES.NTF template -- a Domino® Directory or an extended directory catalog. An extended ACL is tied to the database ACL, and you access it through the Access Control List dialog box using a Notes® or Domino Administrator client.
    - Setting up Domino® Active Directory synchronization (Deprecated)
      When the Domino® server is installed on a Microsoft™ Windows™ 2003 server, as an administrator, you typically need to maintain two separate directories for the same set of people and groups. Maintaining user and group information involves adding entries to both directories, deleting entries, ensuring that passwords are the same when users use Notes® Single Logon, coordinating group membership in both directories, and ensuring that user or group settings, such as email addresses and telephone numbers, are identical.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
  - Configuring iNotes®
    HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.
  - Configuring Web servers
    This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
  - Configuring Widgets and Live Text
    Widgets and Live Text enables end users to see and act on Live Text in supported documents, including HCL Notes® mail, using XML extensions (widgets) created specifically for their use.
  - Domain Search
    Notes® client and Web users can use Domain Search to search an entire Domino® domain for database documents, files, and attachments that match a search query.

Extended directory catalogs and group lookups for database authorization

You can use the groups in one directory configured in a Directory Assistance database, in addition to the primary Domino® Directory, to authorize database access for Internet and Notes® clients. When group authorization is enabled for a directory, if a server finds groups in a database ACL, it can look up the members of the groups to verify a user's access to a database. The one directory enabled for group authorization can be an extended directory catalog, which effectively allows servers to use groups from any of the source Domino® directories for database access control.

About this task

Select the option Group authorization in the Directory Assistance document for the extended directory catalog to enable this feature. If you enable group authorization for an extended directory catalog, you cannot enable it for any other directory, Notes® or LDAP, configured in the directory assistance database.

If you enable Group authorizationfor an extended directory catalog, and groups used for database access control in the directory catalog contain groups as members -- nested groups -- a server looks up names in the nested groups only if the nested groups are located in the extended directory catalog.

Note: A server cannot use groups aggregated in a condensed directory catalog for database authorization.