I would like to integrate an LDAP enabled application with my Domino server. We are able to query Domino LDAP to retrieve the UserNames. But we cannot see groups. This application requires that a Base DN be specified prior to performing the lookup. It turns out that our groups only appear at the root level of our Domino Server’s LDAP tree, not under the O= branch where our users are certified.
Does anyone know if there’s a way to make Domino show the groups under O= when doing LDAP lookups?
Alternatively, if there is a Base DN that can be specified which would allow our application to see the root level objects in the Domino Directory, that would work as well.
There is a Group containing members that I am interested in, but the Application using the Domino LDAP needs to be feed to retreive users’ information who are in various Search DN.
I can configure the search of a DN , can retreive all users of an OU but then I don’t know how to filter to retreive a group membership Otherwise I can search the CN=GroupName but application can not extra all member CN it seems.
Thanks Erik and Peter, I have played with group names and was able to use GroupName/OrgName when naming the group to make them show up. This would work but we’re looking for a way to utilize existing groups.
I also tried the Notes.ini variable that Peter suggested, but it didn’t seem to change where the groups live. It seems like no matter what, groups with simple names live in the root of the LDAP hierarchy.
What version of Domino server are you running? LDAP became “stricter” from 7.02 FP1 onwards. You may need to add the entry LdapPre55Outlook=1 to notes.ini on you server, then restart the LDAP task, to get your query working.
I would like to integrate an LDAP enabled application with my Domino server. We are able to query Domino LDAP to retrieve the UserNames. But we cannot see groups. This application requires that a Base DN be specified prior to performing the lookup. It turns out that our groups only appear at the root level of our Domino Server’s LDAP tree, not under the O= branch where our users are certified.
Does anyone know if there’s a way to make Domino show the groups under O= when doing LDAP lookups?
Alternatively, if there is a Base DN that can be specified which would allow our application to see the root level objects in the Domino Directory, that would work as well.
Thanks for any feedback you are willing to share.
BTW, your Domino directory’s naming tree is the norm - group names are traditionally “flat”, i.e., live at the root.
In your LDAP enabled application’s configuration, specify the empty string as the search base. In LDAP, this signifies the root. If the app refuses to accept an empty search base, contact the vendor to get it changed, or reveal the app here and maybe other readers know of a workaround.
If the app requires a Base DN, maybe try to fool it by simply using a space.
If that doesn’t work, you can name your groups like “GroupName/OrgName” (as opposed to “GroupName”) so that they will appear in an LDAP search using O=OrgName as the base DN