Using the domain Configuration Settings document to customize anonymous LDAP search access to a directory

You can use the domain Configuration Settings document to customize anonymous LDAP search access to a specific Domino® Directory or Extended Directory Catalog served by the LDAP service.

Opening the domain Configuration Settings document in the primary Domino® Directory

Procedure

  1. From the Domino® Administrator, open a server within the domain that runs the LDAP service.
  2. Click the Configuration tab.
  3. In the first pane, select Directory > LDAP > Settings.
  4. Do one of the following:
    • If you see the message Unable to locate a Server Configuration document for this domain. Would you like to create one now? click Yes, then click the LDAP tab on the document.
    • If you do not see the message, click Edit LDAP Settings.

What to do next

Continue to the procedure for customizing anonymous LDAP search access in this topic.

Opening the domain Configuration Settings document for a secondary Domino® Directory or an extended directory catalog

Procedure

  1. From the Domino® Administrator, open the directory.
  2. Select the Servers > Configurations view.
  3. If you do not see a domain Configuration Settings document in the view, a document named * - [All Servers], skip to the next step. If you do see this document, do the following:
    1. Open the document
    2. Click the LDAP tab.
    3. Click Edit Server Configuration.
  4. If you do not see a domain Configuration Settings document in the view, create one by doing the following:
    1. Click Add Configuration.
    2. On the Basics tab select Yes next to Use these settings as the default settings for all servers.
    3. Click the LDAP tab.

What to do next

Continue to the procedure for customizing anonymous LDAP search access.

Customizing anonymous LDAP search access to the directory

Procedure

  1. Next to Choose fields that anonymous users can query via LDAP, select Select Attribute Types to open the LDAP Attribute Type Selection dialog box.

    The Queriable Attribute Types box in the dialog box shows the attributes anonymous LDAP users can access.

  2. To add an attribute to the Queriable Attribute Typesbox:
    1. In the Object Classes box, select an object class that contains the attribute.
    2. Click Display Attributes This shows all the attributes defined for the selected object class(es).
    3. Select the attribute in the Selectable Attribute Types box that you want to allow anonymous LDAP users to access, and click Add to add the attribute to the Queriable Attribute Types box. You can select more than one attribute.

    When you allow anonymous access to an attribute, the access applies to all object classes for which that attribute is defined.

  3. To remove an attribute from the Queriable Attribute Types box to prevent anonymous LDAP users from accessing the attribute, select the attribute and click Remove. Or, to remove all attributes, click Remove All.
    Tip: To revert the Queriable Attribute Types box to the attributes the LDAP service allows for anonymous LDAP access by default, click Use Default Values.
  4. Click OK to close the LDAP Attribute Type Selection dialog box.
  5. Click Save & Close to save the changes in the Configuration Settings document.
  6. Do the following for each server in the domain that runs the LDAP service:
    1. If you made the changes to a Domino® Directory replica on a different server, replicate the changes to the server.
    2. Enter the Restart Server command on the server to put the changes into effect