MAIL AND DIRECTORY MIGRATION

Specifying an LDAP directory server
The following procedure explains how to connect to the LDAP directory server. To migrate users from a foreign LDAP directory, you must know the host name the LDAP directory server.

1. From the Domino Administrator, click the People and Groups tab.

2. From the Tools pane, choose People - Register.

3. When prompted, choose the certifier ID and enter the password.

4. In the Basics tab of the Register Person dialog box, click Registration Server, then select the Domino server that contains the Domino Directory in which you want to register the entries, then click OK.

5. (Optional) If you are importing person entries and do not want Notes IDs and mail files created for the entries, do the following:

6. Click Migrate people.

7. In the People and Groups Migration dialog box, select LDAP in the Foreign Directory Source field.

8. In the dialog box that opens, complete the fields for selecting the LDAP directory server according to the tables below.
FieldDescription
LDAP HostnameHost name of the LDAP directory server that stores the entries you want to migrate.
LDAP portPort number to use to connect to the LDAP directory server. The default 389 is the industry standard port for LDAP connections over TCP/IP. The default 636 is the industry standard port for SSL connections over TCP/IP.
Base DN for searchSearch base to specify the location in the directory tree at which to begin the import. Some LDAP directory servers require a search base, for example:

o=Acme
o=Acme, c=US

Time Out (seconds)The maximum number of seconds the client will wait for an answer from the LDAP directory server. Default is 60 seconds. If you don't want to impose a limit, enter 0.

Note The LDAP server may also impose a limit on how long it can take to answer clients, and this server limit is never exceeded, regardless of the client setting.

Bind to LDAP anonymouslyThis option connects to the LDAP directory server anonymously. Note that some LDAP directory servers do not allow anonymous connections or do not allow directory access to anonymous users.
Bind DN for authenticationIf you don't bind anonymously, enter a distinguished name, for example:

cn=Directory Administrator,o=Acme
that the server should use to authenticate you. The name must correspond to an entry in the directory and must have the necessary access to search the directory.

Bind DN passwordIf you enter a Bind DN for authentication, enter the password associated with the distinguished name.
SSL EnabledCreates a secure connection using the Secure Sockets Layer (SSL) protocol to connect to the LDAP directory server.
SSL Protocol versionDetermines which version of the SSL protocol to use:
  • "Negotiated" allows SSL to determine the handshake and protocol to use
  • "V2.0 only" uses SSL V2.0 handshake and protocol only
  • "V3.0 handshake" uses SSL V3.0 handshake and negotiated protocol
  • "V3.0 only" uses SSL V3.0 handshake and protocol only
  • "V3.0 and V2.0 handshake" users SSL V2.0 handshake with negotiated protocol
Accept SSL CertificatesAccepts a certificate from the LDAP directory server.
Verify account server name with remote server's certificateRequires that the subject line of the remote server's certificate include the LDAP directory server host name. For this option to work properly, the subject line in the remote server's certificate must include the server's DNS host name. Enable this option if you are sure the X.509 certificate of the remote directory server to which your server is connecting contains the remote server's host name in the appropriate format.
Send SSL certificates when asked (outbound only)Sends certificates to the server if the server requests them. Clear this option if you want to send certificates on request.
Attempt authentication using SSL certificates firstIf you select the option directly above, you can select this option to request the server's certificate to verify that the server's identity is the same as the server's name to which you are connecting. Clear this option if you do not want to perform this check.
9. (Optional) Select "Display status in log.nsf" to record in the Notes Log file on the local Domino Administrator client information about how the attributes of imported entries map to Domino. If you select this option, the Log file shows messages such as the following:


10. Click OK. If you selected "Bind to LDAP anonymously," a warning message appears. Click Yes to continue. Optionally, you can select "Do not show this warning again" before clicking Yes.

11. In the Filter fields of the People and Groups Migration dialog box, select a filter from the list.

12. Click Go! to display the LDAP directory entries in the Available people/groups box.

13. (Optional) If in Step 12 you selected "All users and groups," you can click "Show only groups" or "Show only people."

14. Set options for migrating users from an LDAP directory.

See Also