By default the LDAP task listens for LDAP client requests over TCP/IP port 389, but the LDAP service can also listen for requests over an SSL port, usually port 636.
Run directory tree verification manually
You Can run directory tree verification manually, for example if you've added document to a directory since you last started the LDAP service.
Tell Ldap VerifyDIT
Note:
If you organization uses more than one Global Domain document, you must select "Yes" in the Use as default Global domain" field of the Global Domain document you want to use LADP service forms.
A DNS domain name retrieved from the OS of the machine on which the LDAP service runs.
The syntax is: user's hierarchical name%notesdomain@hostname
For example Randin Boweker/Marketing/East/Acme%Acme@acme.com
Prevent the LDAP service on the administration server
DA->Configuration->All server documents->select server->edit server->Ports->Internet Ports->Directory
Disable "SSL port status"
Disable "TCP/IP port status"
Save & Close
run restark task LDAP
Disable LDAP service
Add Notes.ini setting "DisableLDAPOnAdmin=1"
Remove LDAP from the Server Tasks on Notes.ini setting
Change LDAP service port and security configuration
DA->Configuration->All server documents->select server->edit server->Ports->Internet Ports->Directory
Enforce server access settings:
Yes to apply the "Access server" and "Not access server" settings set in the server access section on the security tab of this server document to authenticated LDAP clients connecting to the LDAP service over the TCP/IP port.
No (Default) to specify that the LDAP service ignore the Server Access settings.
Save & Close
Run restart task LDAP
Full-text index directories serverd by LDAP
DA->Configuration->LDAP->Settings (If you see the prompt "Unable to locate a server configuration document for this domain. Would you like to create one now?" Click Yes->LDAP tab->Edit LDAP settings->"Automatically FUll Text Index Domino Directory?"
Yes to enable the LDAP service to create and update full-text indexes automatically.
No (default) to prevent the LDAP service from creating and updating full-text indexes automaticlly.
Click Save&Close
Note: If you select No to disable this feature, you must delete manually any full text index(s) which you want to remove.
Choose which method to use
When you use the Domain Configuration Settings document to allow or deny access to an attribute, the access applies to all entries that contain the attribute. However, when you use the database ACL/Extended ACL, you can deny access to an attribute contained in entries at a particular branch of the directory tree.
Use the Domain Configuration settings document to customize anonymous LDAP search access to a directory
DA->Configuration->LDAP->Settings (If you see the prompt "Unable to locate a server configuration document for this domain. Would you like to create one now?" Click Yes->LDAP tab->Edit LDAP settings->"Choose fields that anonymous users can query via LDAP "Select Attribute Types"
Add/Remove attributes on the field.
Click OK ->Save & Close
Enable/Disable LDAP write access
DA->Configuration->LDAP->Settings (If you see the prompt "Unable to locate a server configuration document for this domain. Would you like to create one now?" Click Yes->LDAP tab->Edit LDAP settings->"Allow LDAP user write access"
Yes to allow directory change
No (default) to prevent directory changes via LDAP
Save & Close
Restart Domino server
Rules to follow when this directory is the primary directory and there are multiple matches on the distinguished name being compared/modified
″Don’t modify any″ (default):
Prevents the operation from occurring. The LDAP service returns an error, and you can investigate the duplicate names/naming rules.
″Modify first match″:
v Carries out the LDAP modify, delete, or compare operation on the first entry encountered in a directory enabled for LDAP write operations that matches the distinguished name specified in the operation.
v Carries out the LDAP add operation in the Domino Directory configured in directory assistance database that is enabled for LDAP write operations and has the most specific matching rule and the lowest search order
″Modify all matches″
v Carries out the LDAP modify, delete, or compare operation on all the entries encountered that match the distinguished name specified in the operation.
v Carries out the LDAP add operation in all the Domino Directories configured in the directory assistance database with a matching rule that most specifically matches the distinguished name specified in the add operation, and that are enabled for LDAP write operations.
Timeout
The maximum time, in seconds, allowed for LDAP client searches; default is 0.
Maximum number of entries returned
The maximum number of directory entries the LDAP service returns to LDAP clients as search results; default is 0, meaning that there is no limit. For example, specify 100.
Minimum characters for wildcard search
The minimum number of characters that must precede the first wildcard in a search filter when the wildcard is combined with a substring; default is 1.
Enable LDAP alternate language search
Allow Alternate Language Information documents Yes
DN Required on Bind
Yes to require distinguished names as LDAP client logon names for name-and-password security
No (default) to not require distinguished names for client logon names.
Configuring character encoding for LDAP V2 clients
To support LDAP V2 clients that don’t use UTF-8, you can change the default encoding to prevent the LDAP service from using UTF-8 character encoding for V2 clients. If you prevent the use of UTF-8 character encoding for LDAP V2 clients, then the LDAP service may sometimes be unable to return results containing international characters to V2 clients that use UTF-8.
Note: The LDAP service always uses UTF-8 character encoding when returning results with international characters to LDAP V3 clients, for example, Microsoft Outlook Express clients and Notes clients.
Encode results in UTF8 for LDAPV2 clients
Yes (default) to use UTF-8 character encoding for LDAP V2 clients.
v No to prevent the use of UTF-8 character encoding for LDAP V2 clients.
Add Alternative language for users
DA->People & Groups->Open select people->edit person->Action->Add Alternate Language
Use desktop policy to automate setup of LDAP account for the LDAP service.
DA->People & Groups->Policy->New policy->Desktop Policy->Account
Inherit Default Accounts Settings from Parent
Select to inherit default account settings from parent
Enforce Default Accounts Settings in Children
Select to enforce default account settings in children
Account Names
A descriptive name for the LDAP service account; users see this name in the list of directories the client can search. If you specify more than one account -- for example, an account for another Internet service -- separate account names with commas (,).
Server Addresses
The host name of the server running the LDAP service -- for example, ldap.acme.com.
Protocols
LDAP
Use SSL Connection
Yes to use SSL; otherwise, No.
Show current LDAP service configuration
Tell ldap showconfig
To show the status of LDAP service configuration as well as the status of the LDAP service settings controlled through the NOTES.INI file,
Tell ldap showconfig debug
没有评论:
发表评论