Reconcile single sign-on across Lotus Domino and another LDAP directory
Domino databases must authenticate with the Domino Directory they reside on. If WebSphere Portal uses another LDAP server other than Domino to authenticate portal users, there are two options for configuring single sign-on between Domino and WebSphere Portal.
One option is to synchronize the Distinguished Name in the Domino Directory with the names that WebSphere Portal uses to authenticate a user. The second option is to use Directory Assistance so that Domino can authenticate with the external LDAP directory. Select the method that best fits the resources of site.
- To synchronize the Distinguished Name in the Domino Directory with the names that WebSphere Portal uses to authenticate a user, add the required values to the username field of the Person document for the user.
For example, if the WebSphere Portal user directory is IBM Directory Server (IDS), and a user's distinguished name from IDS is:
uid=wpsadmin,cn=users,dc=acme,dc=com
you will need to add the following to the username field of the Person document for wpsadmin in Domino:
uid=wpsadmin/cn=users/dc=acme/dc=com This should be added below the top two entries in the user name field of the Domino Person document.
- To use Directory Assistance to enable Domino to authenticate with the external LDAP user directory:
- Add the Domino Distinguished Name as an attribute for each user.
For example,
NotesDN=CN=wps admin,O=ACME
- Create a Directory Assistance database on the Domino mail server and configure it with the WebSphere Portal LDAP directory. For more information on creating and configuring Directory Assistance, see the Lotus DominoAdministrator Help on the developerWorks Lotus Domino Documentation page.
- Populate the ‘Attribute to be used as Notes Distinguished Name' field with the attribute you used in step a (NotesDN in the example above).
- Configure the Domino mail server to use the Directory Assistance database.
Parent
Use LTPA keys to configure single sign-on