Please help with LDAP connection

I am needed it connect to a mail filtering service to synch users from the domino directory via LDAP. The tech I worked with does not know anything about Domino and could not help me.

From the Domino console, I get this:

tell ldap show

LDAP Server: Listening on TCP/IP port 389

LDAP Server: Anonymous access over TCP/IP is ENABLED

LDAP Server: Name/Password (simple) authentication over TCP/IP is ENABLED

LDAP Server: Enforce server access checking is DISABLED

LDAP Server: Maximum entries returned = 0

LDAP Server: Time limit for search = 0 seconds

LDAP Server: Minimum characters needed for wild card = 1

LDAP Server: Default revision (1) of Distinguished Name Parsing is enabled

LDAP Server: Return UTF8 results to LDAPv2 clients is ENABLED

LDAP Server: Maximum referral URLs returned is 1

LDAP Server: When there are multiple instances of an entry then Don’t Modify Any

LDAP Server: Schema enforcement is ENABLED

LDAP Server: Automatic FT indexing of domino directories on service startup is DISABLED

LDAP Server: Alternate language information processing is DISABLED

LDAP Server: Require distinguished name on bind is DISABLED

LDAP Server: Activity log truncates attribute values at 4096 bytes

LDAP Server: Activity logging is DISABLED

LDAP Server: Dereferencing Aliases on search requests is DISABLED

I don’t know anything about LDAP or what a BaseDN is. However I do know my way around Windows and AD. Can anyone explain in plain language what needs to be done or tell me where I can find clear step by step instructions?

I’ve downloaded a few ldap tools–ldapsearch, AdFind 1.37.00–but I don’t really know what I’m doing.

Any help greatly, GREATLY appreciated!!!

Lynne

Subject: Please help with LDAP connection

I would advise you to download a LDAP explorer ( I have softerra LDAP explorer).

Use these settings:

HOSTNAME: I use IP but DNS name will work.

PORT: 389

Protocol Version: 2

Base: o=yourcertifiername

This will then bring up your whole Domino directory as a search… Base search can then be changed to restrict access to all and minimise searches.

This should help you work out what the techie and you are after before setting anything else up.

I hope this helps…

Subject: RE: Please help with LDAP connection

Hello and thanks very much it does help. I had actually been using the softerra explorer you mentioned already. this time I was able to browse for the Base DN of DC=my, DC=domain on the Profile General Informaton page.

on the user authentication page however, I’m confused. For the principle I guess they mean the username to logon to the mail server with? I made a new account in the domino directory, but it’s not in active directory; Does it need to be?

If you can tell me what steps to take from here I’d be very grateful, sorry to be so blank

Subject: RE: Please help with LDAP connection

Ok…I was unable to connect to the mail server with a username and password. I was able to browse the server for the principle/bindDN but when I used principle=“CN=Mary User,O=Our Organization” I got an invalid credentials error. I am able to log in to lotus email with that username and password however. In fact using a username to connect via softerra ldap administrator I am not even prompted for a password.

I was able to connect anonymously with the following:

BaseDN=blank

Bind DN/principle=blank, no credentials. Actual text in the principle field was “CN=Configuration,DC=my,DC=domain.” I am then prompted for a password which I leave blank. I then get the domino directory with all the users and groups.

Turned off anonymous access at the mail server and still could not log in with a valid username and password.

We went ahead and left Anonymous access over TCP/IP is ENABLED in place, I am going to have to change the firewall to only allow specific IPs to connect over port 389 now.

I would love to hear if anyone knows why we could connect anonymously and not with a userid and pw.

Thanks for the direction and I hope this info might help somebody else, even though I am still about 50% clueless here

Lynne