Policy Server Guides › Policy Server Configuration Guide › User Directories › How to Configure a Domino User Directory as a User Store

How to Configure a Domino User Directory as a User Store

Configuring a Domino user directory as a user store is a two-step process:

1. Verify that a Domino User Directory Meets Policy Server Requirements.
2. Configure a Connection from the Policy Server to a Domino User Store

Verify that a Domino User Directory Meets Policy Server Requirements

A Domino user directory is an LDAP directory. Be sure that the Domino user directory meets the following prerequisites before you configure it as a user store:

• The Domino user groups share the root DN that you specify when configuring the connection from the Policy Server to the Domino user store.

  Example: When adding the group marketing/myorg.org to the address book (names.nsf) in Lotus Notes, type o=myorg.org in the Root field on the User Directory screen.

• Each new user has a user name entry and an internet password entry in the Domino user directory.

  Note: We recommend that you register users when you add them to a Domino user directory. This additional step prevents multiple user name entries in the Domino user directory. When there are multiple entries in the directory, the Policy Server uses the first one. Attempts to log in with other user names fail.

Ping the User Store System

Be sure to ping your user store system before configuring to verify that a network connection exists between the Policy Server and the user directory or database.

Note: Some user store systems may require the Policy Server to present credentials.

Configure Domino Directory Connections

You configure a connection that lets the Policy Server communicate with a Domino user store.

Follow these steps:

1. Click Infrastructure, Directory.
2. Select User Directories.
3. Click Create User Directory..
4. Complete the required connection information in the General and Directory Setup areas.
5. Configure the LDAP search and LDAP user DN lookup settings in the LDAP Settings area.

   Note: The value that you specify in Root matches the organization name that you assigned in Lotus Notes.

   Example: You have an organization called "myorg", which is located in the United States. The Search Root is specified as o=myorg,c=us.

   Note: The search strings that you specify in the User DN Lookup Start and End fields adhere to proper LDAP notation, not the Lotus Notes shorthand notation.

6. (Optional) Click Configure to configure load balancing and failover.
7. (Optional) Do the following in the Administrator Credentials area:
   1. Select the Require Credentials option.
   2. Enter the credentials of an administrator account.
8. (Optional) Specify the user directory profile attributes that are reserved for CA SiteMinder® use in the User Attributes area.
9. (Optional) Click Create in the Attribute Mapping List area to configure user attribute mapping.
10. Click Submit.

    The user directory connection is created.

More information:

LDAP Load Balancing and Failover

Directory Attributes Overview

User Disambiguation in an LDAP Directory

Define an Attribute Mapping