Interaction with LDAP on Domino 6.0 for iSeries

As an alternative to iSeries™ Directory Server (LDAP), you can use LDAP on Domino^® 6.0 for iSeries (Domino Directory services).

Existing directory entries may be searched, viewed, and managed if they are based on the standard inetOrgPerson object class. This object class is an industry standard class that is commonly used to represent and store information about people, such as first and last name, telephone numbers, and email addresses. This requirement is the same one imposed on LDAP servers provided by iSeries Directory Server (LDAP). Also, directory entries modified by the application have an ibm-itdPerson auxiliary object class added to them. For details on the inetOrgPerson and the ibm-itdPerson classes, see Interaction with iSeries Directory Server (LDAP).

The application interacts with a Domino LDAP server the same way it interacts with an iSeries LDAP server. However, directory entries are set up and maintained differently using a Domino LDAP server. The difference involves Domino's use of the dominoPerson object class. In order for entries to be visible by all versions of Domino, entries must include the dominoPerson object class. Otherwise Domino ignores them. The IBM^® Telephone Directory V5.2 application must be configured specifically to use a Domino LDAP server.

In the process of setting up Directory Services, a suffix and base DN is established for the Domino LDAP server. This DN must be known and provided through the Parent DN field in the setup wizard. You need to use the Parent DN field in the setup wizard to specify the correct base DN that establishes your Domino LDAP server. Typically, the base DN is generated using the Domino domain name. Examples are as follows:

Example 1: If the administrator's Lotus^® Notes^® ID is DomAdmin/IBM, then DomAdmin is the administrator's name, and IBM is the domain. The base DN used by Domino Directory Services is likely to be o=IBM and the administrator's full DN is cn=DomAdmin,o=IBM.
Example 2: If the administrator's Lotus Notes^® ID is DomAdmin/Rochester/IBM, then DomAdmin is the administrator's name, and Rochester/IBM is the domain. The base DN used by Domino Directory Services is likely to be ou=Rochester,o=IBM and the administrator's full DN is cn=DomAdmin,ou=Rochester,o=IBM.

Note: To use a Domino Directory server, you must use Lotus Notes to set the server's LDAP schema to be extended to support the ibm-itdPerson object class. The access control list settings must also be properly set. Settings vary depending on whether you want open enrollment or closed enrollment.

For detailed information on how to set up a Domino LDAP server for use with the IBM Telephone Directory application, see the Redpaper WebSphere^® Application Server Express on iSeries. Link outside Information Center

For detailed information on how to set up and use LDAP servers on Domino 6.0, see the Lotus Domino on iSeries Web site: http://www.ibm.com/servers/eserver/iseries/domino. Link outside Information Center