Policy Server Guides › Policy Server Configuration Guide › User Directories › How to Configure a Domino User Directory as a User Store

How to Configure a Domino User Directory as a User Store

Configuring a Domino user directory as a user store is a three-step process:

1. Verify that a Domino User Directory Meets Policy Server Requirements
2. Ping the User Store System
3. Configure a Connection from the Policy Server to a Domino User Store

Verify that a Domino User Directory Meets Policy Server Requirements

A Domino user directory is an LDAP directory. Be sure that the Domino user directory meets the following prerequisites before you configure it as a user store:

• The Domino user groups must share the root DN that you specify when configuring the connection from the Policy Server to the Domino user store.

  Example: When adding the group marketing/myorg.org to the address book (names.nsf) in Lotus Notes, type o=myorg.org in the Root field on the User Directory screen.

• Each new user must have both a user name entry and an internet password entry in the Domino user directory.

  Note: We recommend that you register users when you add them to a Domino user directory. This additional step prevents multiple user name entries in the Domino user directory. When there are multiple entries in the directory, the Policy Server uses the first one. Attempts to log in with other user names fail.

Ping the User Store System

Pinging the user store system verifies that a network connection exists between the Policy Server and the user directory or database.

Note: Some user store systems may require the Policy Server to present credentials.

Configure Domino Directory Connections

You can configure a user directory connection that lets the Policy Server communicate with a Domino user store.

Follow these steps:

1. Click Infrastructure, Directory.

   Objects related to user directories appear on the left.

2. Click User Directories.

   The User Directories screen appears.

3. Click Create User Directory.

   The Create User Directory screen appears and displays the required settings to configure an LDAP connection.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

4. Complete the required connection information in the General and Directory Setup areas.

   Note: If the Policy Server is operating in FIPS mode and the directory connection is to use a secure SSL connection when communicating with the Policy Server, the certificates used by the Policy Server and the directory store must be FIPS compliant.

5. Configure the LDAP search and LDAP user DN lookup settings in the LDAP Settings area.

   Note: The value that you specify in Root must match the organization name that you assigned in Lotus Notes. The Root must also include a country, if you specified a country in Lotus Notes.

   Example: You have an organization called "myorg", which is located in the United States. The Search Root is specified as o=myorg,c=us.

   Note: The search strings that you specify in the User DN Lookup Start and End fields must adhere to proper LDAP notation, not the Lotus Notes shorthand notation. More information about search strings exists in LDAP Search Filters.

6. (Optional) Click Configure to configure load balancing and failover.

   Note: More information about load balancing and failover, see LDAP Load Balancing and Failover.

7. (Optional) Do the following in the Administrator Credentials area:
   1. Select the Require Credentials option.
   2. Enter the credentials of an administrator account.
8. (Optional) Specify the user directory profile attributes that are reserved for CA SiteMinder® use in the User Attributes area.
9. (Optional) Click Create in the Attribute Mapping List area to configure user attribute mapping.
10. Click Submit.

    The user directory connection is created.