SECURITY

Using SSL when setting up directory assistance for LDAP directories
Directory assistance allows you to extend directory services from a server's primary Domino Directory to other Notes directories, such as secondary Domino Directories, and to remote LDAP directories. To set up directory assistance, you create a directory assistance database from the DA50.NTF template, and then create Directory Assistance documents in the database to configure services for specific directories.

When setting up directory assistance for an LDAP directory, you can instruct a Domino server to use SSL when connecting to the LDAP directory server. This helps secure communications between the Domino server and the LDAP server. You should use SSL if a Domino server uses the remote LDAP directory to authenticate Internet clients, or to look up groups for database authorization.

When a Domino server uses SSL to connect to an LDAP directory server, both servers must have certificates trusted by the other. If this is not the case, you must add a trusted root certificate to the server's key ring file before your server can connect to the LDAP server.

For more information on adding a trusted root certificate, see the topic Merging a CA certificate as a trusted root.

See Also