Planning directory assistance

Servers use directory assistance to look up information in a secondary directory -- a secondaryIBM® Domino® Directory, an extended directory catalog, or a remote LDAP directory.

About this task

Directory assistance provides these services:

  • Client authentication using credentials in a secondary directory
  • ACL group lookups for database authorization using one secondary directory
  • IBM® Notes® mail addressing using a secondary directory
  • LDAP service searches of a secondary Domino® Directory or extended directory catalog
  • LDAP service referrals to a remote LDAP directory

Some of the questions to ask when planning directory assistance include:

  • Which services do you want to enable for each secondary directory?
  • If you use a server-based directory catalog, how does it relate to directory assistance? The answer depends on the type of directory catalog you use. An extended directory catalog has its own Directory Assistance document and the source directories that are aggregated in the directory catalog should not also have separate Directory Assistance documents.
  • Do you plan to use a secondary directory, Domino® or LDAP, for client authentication? If so, you must specify in the Directory Assistance document for the directory the user names in the directory that are allowed to be authenticated (trusted for authentication). If clients use name-and-password security, configure it in the Server document of the server to which the clients connect the types of name formats that clients can provide for authentication.
  • Do you plan to use a secondary directory to look up groups listed in database ACLs to verify database access? You can enable one secondary directory only -- Domino® or LDAP -- for this purpose.
  • How many directory assistance databases should you use? You can create more than one and set of groups of servers to use specific ones.

In addition, if you are setting up directory assistance for a remote LDAP directory:

  • Does the directory server require a search base? If so, enter the search base in the Directory Assistance document.
  • Do you plan to use the LDAP directory for client authentication or for ACL group authorization? If so, for tighter security, in the Directory Assistance document, enable SSL and require the remote directory server to present X.509 certificate.
  • Is the remote LDAP directory Active Directory? If so, in the Directory Assistance document for the directory select LDAP search filters that work specifically with Active Directory.