DIRECTORY SERVICES

Requiring distinguished logon names for LDAP name-and-password security
To conform to RFCs 2251 through 2254, you can use the LDAP service option "DN Required on Bind?" to require that an LDAP client that binds using name-and-password security to any LDAP service running in the domain use their fully qualified LDAP distinguished name as their LDAP client logon name. In a Person document in the IBMŸ LotusŸ DominoŸ Directory, the distinguished name is the first value in the FullName field, labeled User Name. By default, the LDAP service doesn't require an LDAP client to use the distinguished name as a logon name.

If you don't require distinguished names as logon names for name-and-password security, the "Internet authentication" field on the Security tab of a Server document for a server that runs the LDAP service controls which client logon names are allowed for name-and-password security.

To enable or disable the requirement that LDAP users use their distinguished names as log on names when using name-and-password security when binding to the LDAP service:

1. From the Domino Administrator, open a server that runs the LDAP service, or a server in the same domain as a server that runs the LDAP service.

2. Click the Configuration tab.

3. In the left pane, expand Directory, then LDAP, and then select Settings.

4. Do one of the following:

5. Next to "DN Required on Bind?" choose one: 6. Click Save & Close.

Related topics