SECURING


Using TLS when setting up directory assistance for LDAP directories

Directory assistance allows you to extend directory services from a server's primary Domino® Directory to other Notes® directories, such as secondary Domino Directories, and to remote LDAP directories. To set up directory assistance, you create a directory assistance database from the DA.NTF template, and then create Directory Assistance documents in the database to configure services for specific directories.

When setting up directory assistance for an LDAP directory, you can instruct a Domino server to use TLS when connecting to the LDAP directory server. This helps secure communications between the Domino server and the LDAP server. You should use TLS if a Domino server uses the remote LDAP directory to authenticate Internet clients, or to look up groups for database authorization.

When a Domino server uses TLS to connect to an LDAP directory server, both servers must have certificates trusted by the other. If this is not the case, you must add a trusted root certificate to the server's key ring file before your server can connect to the LDAP server.

Parent topic: TLS and S/MIME for clients

Related concepts
TLS and S/MIME for clients

Related tasks
Creating a Directory Assistance document for a remote LDAP directory