SECURING


Authenticating Internet name-and-password clients in secondary Domino and LDAP directories

When an Internet client authenticates with a server, by default the server checks the primary HCL Domino® Directory to see if it can find a Person document with a name and password that match those entered by the Internet client. If your organization uses a secondary Domino Directory and/or an LDAP directory to verify Internet clients who use name-and-password authentication, you can set up Domino to check those additional directories. To do so, you set up the secondary Domino Directories and LDAP directories as trusted domains in the Directory Assistance database.

When you mark domains as trusted, Domino first searches the primary Domino Directory for the user name and password and then searches the trusted secondary Domino Directories and LDAP directories. When you set up directory assistance, you specify the order in which Domino searches the secondary directories.

The hierarchical name returned by the Domino Directory or LDAP directory is checked against the trusted rule in the Directory Assistance database to verify that the organization and organizational units match the specified rule. For example, if the user name returned is Dave Lawson/Renovations, the Directory Assistance document must include the rule */Renovations.

Searching multiple directories is also available for authenticating users with TLS client authentication.

For clients in secondary LDAP directories, it is also possible to map the name in an LDAP directory to a Domino name, using the field Attribute to be used as Notes distinguished name. In this case, the user may log in by specifying a valid LDAP name and password, and as a result of successful authentication is known within Domino as the corresponding HCL Notes® distinguished name.

Parent topic: Controlling the level of authentication for Internet clients

Related concepts
Name-and-password authentication for Internet/intranet clients

Related tasks
Using Notes distinguished names in a remote LDAP directory
Directory assistance and client authentication
Directory assistance for the LDAP service