I am trying to do an LDAP lookup into a secondary Domino Directory. I have set up DA and a show xdir shows both the primary and the secondary DDs. However, when I use an LDAP client to do a lookup, I can only see the info from the primary directory. What am I doing wrong? When I set up DA, I did use a unique domain name for the secondary directory. I am using LDAP Browser to see what can be seen via LDAP and only see info from primary directory. Thank you.
Subject: LDAP lookup into Domino Directories
In your directory assistance document, if you’ve specified the domain type as Notes, and you’ve ticked ‘Make this domain available to LDAP clients’, and it is enabled, then it should work.
In your primary DD, do you have an LDAP Internet Site document? Do you allow anonymous access?
Subject: RE: LDAP lookup into Domino Directories
Peter,
Thank you for your response.
The domain type is set as Notes and “Make this domain available to LDAP clients” is checked.
We do not have an LDAP Internet Site document. Should we have one? What would that buy us?
I am assuming that the secondary domain should show up as an O in the LDAP browser. Is that correct?
Subject: RE: LDAP lookup into Domino Directories
The LDAP internet site document specifies security settings, IP address and hosting server. The Notes Admin Help describes them in detail. I was asking in case you had some specific restrictions on who could browse LDAP.
The secondary domain may not necessarily show up a a new O - I think it depends more on the structure of the entities in the secondary directory. For example, if you created a “flat” entry, like a group, it should show up in the LDAP browser along with all the groups in the primary. This is a good test to see whether the secondary is being loaded or not.
However, if you created a hierarchical entry, like a person (John Smith/ACME), then it may or may not show up under the O=ACME container - I’ve had entries not show up because I’ve been missing the equivalent organization schema documents in the directory. ie. the browser was not able to “drill down” to the person entries, because the schema was missing.
hope this helps