CONFIGURING
If an HCL Domino® server uses a remote LDAP directory to look up credentials during Internet client authentication, or to look up the members of groups during database authorization, specify that the server use TLS to connect to the LDAP directory server. Specify TLS so there are secure communications between the Domino server and the LDAP server, and so that the Domino server can use an X.509 certificate to verify the remote LDAP directory server's identity.
About this task
To use TLS, select TLS in the Channel encryption field on the LDAP tab of the Directory Assistance document for the remote LDAP directory. When you select TLS, you must also make selections for these associated fields:
1. In the Accept expired TLS certificates field choose one:
The Domino CA and some other CAs provide a dialog box into which users enter the subject line when requesting a certificate. For example, the Domino CA prompts each user to enter the remote server's information -- such as, the common name, organizational unit name, organization name, state (or province), and country name. The Domino CA places this information in the subject line and adds the appropriate prefix (cn=, ou=, o=, and so on) to each field. If you used a Domino CA to create the remote server's certificate, enter the remote server's host name in the common name field when using the Verify server name with remote server's certificate option. For example, the Domino CA allows users to enter the following valid subject lines (mailserver.renovations.com is the server's DNS host name):
cn=mailserver.renovations.com, ou=sales, ou=marketing, o=renovations, st=mass, c=us
cn=mailserver, ou=sales - mailserver.renovations.com o=renovations, st=mass, c=us
To ensure that users enter the DNS host name properly, recommend that they enter it as the common name (cn=) when they request a certificate from the Domino CA. Other CAs may have different dialog boxes for entering the subject line; users must follow these dialog boxes to enter the remote server's DNS host name.
Related tasks Creating a Directory Assistance document for a remote LDAP directory