Creating a Directory Assistance documentAdded by IBM on November 23, 2011 | Version 1 (Original)
|The Directory Assistance database on the Sametime® server must contain a Directory Assistance document that enables the Sametime server to access the LDAP server.
The Directory Assistance database on the Sametime
® server must contain a Directory Assistance document that enables the Sametime
server to access the LDAP server.
About this task
Follow these steps to create the Directory Assistance document for the LDAP server. You can change the suggested values shown below as required by your environment.
- From the Notes® client, open the Directory Assistance database (usually named da.nsf) on the Sametime server.
- Click Add Directory Assistance.
- In the Basics tab, make these settings:
|Domain type||Select LDAP.|
|Domain name||Enter any descriptive name; the name must be different from any other in Directory Assistance. Do not use the Domino® domain name.|
|Company name||Enter the name of your company.|
|Search order||The suggested value is 1. The search order specifies the order this directory is searched relative to other directories in Directory Assistance.|
|Make this domain available to:||Both Notes clients and LDAP clients choices are checked by default.|
|Group authorization||The suggested setting is Yes. This setting enables Directory Assistance to examine the contents of groups in the LDAP directory. This capability is necessary if you enter the name of a group defined in the LDAP directory in the ACL of a database on the Sametime server.|
|Nested group expansion||The suggested setting is Yes. This setting enables Directory Assistance to examine the content of an LDAP directory group that is a member of another LDAP directory group. This capability is also used when an LDAP directory group name is entered in the ACL of a database on the Sametime server.|
|Enabled||Set to Yes to enable Directory Assistance for the LDAP Directory.|
- Select the Naming contexts (Rules) tab. Configure Rule 1 as needed for your Domino environment. The suggested values for Rule 1 are as follows:
Select the LDAP tab. The LDAP tab contains the following settings:
- The OrgUnit1, OrgUnit2, OrgUnit3, OrgUnit4, Organization, and Country fields should all contain an asterisk. Using all asterisks in this setting ensures that all entries in the LDAP directory can be searched and authenticated.
- The "Enabled" and "Trusted for Credentials" fields should both be set to "Yes."
|Hostname||The fully qualified host name for the LDAP server (for example, ldap.example.com).|
|Optional Authentication Credential:||Binding parameters to the LDAP server. |
If entries exist in the "Administrator distinguished name" and "Administrator password" fields in the LDAP Directory-Connectivity settings of the Sametime Administration Tool, the Sametime server binds to the LDAP server as an authenticated user.
If there are no entries in the "Administrator distinguished name" or "Administrator password" fields, the Sametime server binds to the LDAP server as an anonymous user.
| Username||Complete this field if you want your Sametime server to bind to the LDAP server as an authenticated user. Otherwise, leave this field empty. Suggested values for Microsoft® Active Directory server are: cn=qadmin, cn=users, dc=ubq-qa, dc=com|
| Password||Complete this field if you want your Sametime server to bind to the LDAP server as an authenticated user. Otherwise, leave this field empty. Enter the password for the Username specified above. |
|Base DN for search||Specify a search base. A search base defines where in the directory tree a search should start. Suggestions for this setting are:|
Domino directory - An example value is "O=DomainName," where "DomainName" is the Lotus Notes® domain (for example O=Example).
Microsoft Exchange 5.5 directory - An example value is "CN= recipients, OU=ServerName,O=NTDomainName," where ServerName is the Windows® server name and NTDomainName is the Windows NT® Domain (for example, CN=recipients,OU=Server1,
The Microsoft Exchange 5.5 example above assumes that the directory is using the default directory schema. If you have changed the schema of the Microsoft Exchange 5.5 directory, the entry in the Base DN for search field must reflect the new schema.
Microsoft Active Directory - An example value is "CN=users, DC=DomainName, DC=com."
Netscape LDAP directory - Use the format O= followed by the organizational unit that was specified during the Netscape server setup. If you are uncertain about this entry, use the administrative features of the Netscape server to determine the appropriate entry.
|Channel encryption||Select None. For information on using Secure Sockets Layer (SSL) to encrypt the connection between the Sametime server and the LDAP server, see Use SSL to authenticate and encrypt the connection between the Sametime server and the LDAP server. |
|Port||Enter the port number used to connect to the LDAP server. The default setting is port 389.|
|Accept expired SSL certificates||Choose the option that suits your environment.|
|SSL protocol version||Choose the option that suits your environment.|
|Verify server name with remote server's certificate||Choose the option that suits your environment.|
|Timeout||The suggested setting is 60 seconds. This setting specifies the maximum number of seconds allowed for a search of the LDAP directory.|
|Maximum number of entries returned||The suggested setting is 100. This setting specifies the maximum number of names the LDAP server will return for the name searched. If the LDAP server also has a maximum setting, the lower setting takes precedence.|
|De-reference alias on search||Choose the option that suits your environment, usually set to "Never."|
|Preferred mail format||Depends upon the directory; the options are Internet mail address and Notes mail address.|
|Attribute to be used as Notes Distinguished Name||Should always be blank.|
|Type of search filter to use||Options are standard, Active Directory or custom; depends upon your directory. Most often 'standard' is used. If you use Active Directory, choose AD, and if you want complete control over how directory assistance searches the directory, choose 'custom.' There is additional 'hover-over' help with each option: custom, AD, and standard.|
Click Save & Close. The warning message notifies you that your connection does not include SSL settings; you can ignore the warning and continue with the procedure.
Parent topic: Replacing the Domino Directory with an LDAP directory
Previous topic: Identifying the Directory Assistance database on the Sametime server
Next topic: Creating an LDAP document in the Configuration database