Special considerations for change detection

Some subsystems in the Domino® server perform searches against LDAP servers. Directory Assistance, for instance, uses and retains LDAP search results for a period of time, eliminating the need to obtain refreshed information from the LDAP servers. Domino® allows these subsystems to quickly detect if entries in certain LDAP directories have changed, allowing Domino® subsystems to flush stale search results and conduct another search for current LDAP information.

Domino® automatically senses the LDAP server's change detection mechanism, so configuration user interfaces are not necessary to enable this feature. However, there may be requirements for the existing Directory Assistance LDAP or (target) LDAP server settings.

Table 1. LDAP server change detection mechanisms
Change Detection Mechanism Tested Products Settings Notes®

Microsoft Active Directory

Windows 2000 Server

  • The Directory Assistance LDAP document should specify a user who is a member of the Active Directory's "Administrators" group.
  • Cannot detect renames of Active Directory objects
  • Change detection is limited to the Directory Assistance LDAP document's search base setting, hence this setting must be specified.

Windows 2003 Server

Windows 2000 Server

LDAP Change Log

IBM® Tivoli® Directory Server 5.1

  • If the IBM® Directory Server does not have Change Log enabled, see the IBM® Directory Server Administration Guide for more information about enabling it. If change log is not enabled, the default change detection mechanism takes effect.
  • The Directory Assistance LDAP document should specify a user on the LDAP server who has read access to its "cn=changelog" container.

Sun ONE Directory Server

  • The Sun ONE Directory Server supports change log through its Retro Change Log Plug-in. See the Sun ONE Directory Server Administration Guide for information on enabling the plug-in. If change log is not enabled, the default change detection mechanism takes effect.
  • The Directory Assistance LDAP document should specify a user on the LDAP server who has read access to the "cn=changelog" container.

Default (Domino® 6)

*

Reports hourly change of the LDAP directory whether the directory has changed or not. No interchange with the LDAP server is performed at all. This is the only "change detection" supplied in Domino® 6.