CONFIGURING
When you configure directory assistance for a directory, you define at least one naming rule that corresponds to the names of users in the directory. Naming rules are based on the X.500 distinguished name model. This model uses a directory tree name hierarchy of country (c), organization (o), and organizational unit (ou) to divide names into parts that together represent unique locations in the directory tree. This is also the naming model Domino® and Notes® have traditionally used.
Each directory assistance naming rule includes six parts, with each part containing one of the following:
For example, assume Directory A and Directory B are both configured in a directory assistance database. Names in Directory A fall under o=renovations, c=us so you specify the rule, */ */ */ */ renovations/us for it, and the names in Directory B fall under o=renovations,c=fr so you specify the rule */ */ */ */ renovations/fr for it. To find the name cn=jack brown,o=renovations,c=fr, a server searches only Directory B, and not Directory A, and to find the name cn=joan brown,o=renovations,c=us, a server searches only Directory A and not Directory B.
This type of targeted directory search can occur when:
To find a flat name, a name without distinguishing parts, or to process an LDAP search request that doesn't specify a search base, a server ignores naming rules and searches directories according to search orders specified for the directories in the Directory Assistance documents.
Note: Some LDAP directories do not use the country (c), organization (o), and organizational unit (ou) naming model. If you set up directory assistance for an LDAP directory such as this, use an all-asterisk naming rule for the directory.
Trusted naming rules
When an Internet client passes a logon name to a server to initiate authentication, the server looks for the name in a directory configured in the directory assistance database only if the directory has at least one configured naming rule that is Trusted for Credentials -- known as a trusted rule. If the client logon name is hierarchical, the server looks for the name only in directories with a trusted rule that matches the client logon name, in addition to the primary Domino Directory. If the client logon name is flat, for example John Smith, then the server looks for the name in all directories with a trusted rule.
When a server finds the client logon name in a user entry in a directory, the server compares the distinguished name assigned to the user entry to the trusted rule(s) defined for the directory. The server only authenticates the client if the distinguished name matches a trusted rule. If you use a remote LDAP directory for client authentication and add Notes distinguished names to the directory, the Notes distinguished names, not the original LDAP distinguished names, must match a trusted rule for the directory.
Examples of naming rules
The following list of example names are either included or excluded depending on the naming rules. The table shows how each rule includes or excludes these sample names.
Table 1. Examples of how naming rules include or exclude sample names
Randi Bowker/Marketing/East/Renovations/US
Cheryl Lordan/IS/West/Renovations/US
Derek Malone/Accounting/West/Renovations/US
Deborah Jones/West/Renovations/US
Karen Lessing/West/Renovations/DE
Alan Jones/Sales/East/Renovations/US
Related tasks How naming rules relate to directory search orders Naming rules and the LDAP service Directory assistance and client authentication