Customizing the LDAP service configuration

The default LDAP service configuration works without modification, but you can customize it to suit your needs. The following table describes the LDAP service configuration settings. In addition to the settings in the table, there are NOTES.INI settings you can use to configure the LDAP service.

Except where noted in the table, restarting the LDAP task or theIBM® Domino® server is unnecessary after changing a setting because the task checks for setting changes automatically, by default at three-minute intervals. You can use the NOTES.INI setting LDAPConfigUpdateInterval to change the interval at which the LDAP service checks for changes to its settings.

For more information, see the related topics.

Table 1. LDAP customization settings

Setting

Description

Port and port security settings

Note: See Note 1.

Controls the ports LDAP clients can use to connect to the LDAP service, and the authentication methods enabled for each port

Default: TCP/IP port 389 enabled for name-and-password authentication and for anonymous access

Changing requires restarting the LDAP task

Automatically Full Text Index Domino® Directory?

Note: See Note 4.

Controls whether the LDAP service creates and updates full-text indexes on the Domino® Directories it serves

Default: does not create full-text indexes

Choose fields that anonymous users can query via LDAP

Note: See Notes® 2 and 3.

If the port settings allow anonymous access, controls which attributes anonymous LDAP users can search

Changing requires restarting the server

Allow LDAP users write access

Note: See Note 3.

Controls whether LDAP users can modify a directory

Default: LDAP modifications not allowed

Changing requires restarting the server

Rules to follow when this directory.

Note: See Note 4.

Controls how the LDAP service responds when it encounters more than one entry or naming rule that applies to an LDAP add, modify, or compare operation

Default: don't carry out the operation

Timeout

Note: See Note 4.

Controls the maximum time allowed to process an LDAP search

Default: no limit

Maximum number of entries returned

Note: See Note 4.

Controls the maximum number of entries that the LDAP service can return in response to an LDAP search

Default: no limit

Minimum characters for wildcard search

Note: See Note 4.

Controls the minimum number of characters users must place before the first wildcard in a substring search filter

Default: 1

Allow Alternate Language Information processing

Note: See Note 4.

Controls whether LDAP users can do alternate language searches

Default: not allowed

Enforce schema?

Note: See Note 4.

Controls whether directory modifications through LDAP must conform to the schema

Default: schema enforced

DN Required on Bind?

Note: See Note 4.

Controls whether the LDAP service requires clients to log on with distinguished names for name-and-password authentication

Default: distinguished logon names not required

Encode results in UTF8 for LDAP-v2 clients?

Note: See Note 4.

Controls whether the LDAP service returns results in OUTFIT to LDAP v2 clients.

Default: Returns results in OUTFIT to v2 clients

Maximum number of referrals

Controls the maximum number of directory server referrals the LDAP service can return to a client

Default: 1

Activity Logging truncation size

Note: See Note 4.

Controls the size of the information Activity Logging can log for an LDAP Add or Modify operation

Default: 4096 bytes

Allow dereferencing of aliases on search requests?

Enables limited alias dereferencing for LDAP search requests

Default: not enabled

  1. Set in the Server document of each server that runs the LDAP service. To configure authentication options for the ports enabled in a Server document, you can instead use a Directory Site document.
  2. Alternatively, use the database ACL/extended ACL to specify anonymous LDAP search access.
  3. Set in the domain Configuration Settings document of each Domino® Directory and Extended Directory Catalog the LDAP service serves. Each directory can have different settings.
  4. Set in the domain Configuration Settings document of the primary Domino® Directory of the servers that run the LDAP service in a domain. Setting applies to the LDAP service running on any server in the domain.