Workplace 2.6 : Domino LDAP Configuration
Sunday, February 12, 2006 12:20 PM
After completing the install of the Workplace server I then proceeded to configure the LDAP service.
As I'm running Domino 7 I didn't need to add the DominoUNID attribute to the Domino LDAP schema so I could skip over that step. I decided that I was going to use my own username as the portal admin and use the LocalDomainAdmins group as the portal's admin group so I quickly checked the ACL of the NAB to make sure that the entries for these had the correct rights.
The next stage was editing a small file that would tell the Workplace server that I had granted write access to the Domino LDAP server. This will allow users to use the 'Sign Up' and 'Edit Profile' options within Workplace. If you don't want users to use these options you just have to skip this step.
The next stage was to edit the helper file with my usersnames and passwords and then run the configuration wizard.
The configuration wizard has not changed that much from the previous versions, there are a few extra options for moving the Workplace and Portal databases to different sources and the disable/enable LDAP security option is still there. Disabling the security took about 15 minutes to run on my test server and then enabling it took another 25 minutes.
One thing to watch out for here is making sure you have the correct servers up and running when you are runing the wizard. For the disable security to work correctly you must have the couldscape server and the appliction server up and running ( but not the portal server or mail server ) and for the enable security you must only have the cloudscape server running. It would be nice if the wizard could start/stop these for you or failing that could give a better error message when the required servers are not detected.
A Domino specific gotcha is the LDAP administrators group name. As Domino groups are not hierarchical you need to remove the CN= bit from the front of the group name you enter into the helper file or the enable security option will fail.
The next stage will be setting up SSO.