Connecting to an LDAP server - Allowing Lotus Quickr to control directory servicesAdded by IBM on September 9, 2010 | Version 1 (Original)
|When you set up IBM® Lotus® Quickr™ to control directory services, you specify an LDAP directory server to connect to.
When you set up IBM® Lotus® Quickr™ to control directory services, you specify an LDAP directory server to connect to.
When you set up IBM Lotus Quickr to control directory services, you specify an LDAP directory server to connect to. The directory must be a supported LDAP product that is tested and certified with this version of Lotus Quickr. Refer to the detailed system requirements
on the IBM Support site for a complete list of supported LDAP directories.
- Make sure the LDAP directory server is running.
- Log in to the Lotus Quickr server as an administrator.
- Click Site Administration -> User Directory -> Change Directory.
- In the Type list select LDAP Server.
- In the Name field, type the fully-qualified host name of the LDAP server, for example, ldap.acme.com.
- In the Port number field, type the port number that the LDAP server uses to communicate with other servers. The default is 389, the port typically used.
- Optional: Select Check for SSL connection with LDAP user directory. If you select this option and SSL is configured on the Lotus Quickr server and the LDAP server, the Lotus Quickr server will initiate all requests to the LDAP user directory as SSL encrypted requests.
- Optional: In the Search base field type a distinguished name that represents the location in the directory name hierarchy at which to begin searches, for example, o=acme, ou=sales,o=acme, or dc=acme,dc=com.
By default the Search base you specify applies to both user and group searches. However, you can use the qpconfig.xml file to specify a different search base for group searches.
- Optional: Click Narrow searches to the place name to confine searches launched from a place to user directory names that include the name of that place. For example, with this option checked, if a user does a directory search from a place called Sales Support, the search looks only for users who have Sales Support in their user names.
Important: Do not select this setting if your organization uses only three organizational units in names, because it will restrict you to a maximum of three places.
- If a user name and password are required to access directory information on the LDAP server, perform the following steps:
- Click Check to use credentials specified below when searching the directory.
- Type the user name, an LDAP distinguished name, for example cn=admin,o=acme.
- Type the password.
Note: If the password has an expiration date, make a note of it, because you will need to update this field with a new password then.
- Optional: In the Authentication Timeout and Search Timeout fields, change the maximum amount of time, in seconds, the server can take to authenticate a user from the user directory or to perform a search. The default value for both time-out settings is 120 seconds and is adequate in most environments. If connections to the LDAP server are very slow, consider increasing the time-out values. If connections are very fast, consider reducing the values. If you leave the fields blank, the default settings are used. The LDAP server might also have time-out limits configured. In this case, the effective time-out limits are whichever are lowest between the Lotus Quickr server and the LDAP server.
Note: Specifying 0, which allows the Lotus Quickr server to take an unlimited amount of time for user authentication and searches, is not recommended.
- Select one of the following options:
Click Next. Make sure to compete this step so your changes take effect.
- To allow place managers to create local members, select Allow managers to create new users in each place.
- To prevent place managers from creating local members and require them to select members from a user directory, click Disallow new users.
If in the future you want to change the LDAP directory that Lotus Quickr uses, repeat these steps. If there are distinguished names in the new directory that are different from the names in the original directory, use the qptool changehierarchy
command to update the names in places.
The distinguished names of users and groups should be unique. If there are two identical distinguished names in the directory, only one of the names can be added to a place as a member. If two distinguished names are identical, add a middle initial or other distinguishing character to one of the names to make each name unique.
Parent topic: Connecting to a user directory: qd85