The OpenNTF LDAP Compatibility Directory Extensions can be added to your Domino Directory to improve overall support for LDAP compatibility from Domino servers.

 

There are 3 principle objectives for these extensions:

 

1) Provide a profile-driven mechanism to set an overall BaseDN on your LDAP directory.

 

2) Provide for hierarchical distinguished group names without interfering with existing Domino ACLs.

 

3) Prevent invalid entries from appearing in LDAP queries which break standard tools like Apache Directory Services for Eclipse.

 

Secondary objectives include:

 

Compatibility with PAM account management for Linux systems.

 

Creation of Organization and OrganizationalUnit records automatically when needed.

 

Graceful fallback when configuration erroneous or incomplete.

 

There are 4 views, 4 subforms and 1 form included with this template. Of the 4 views, one is entirely new and is used for UIDNumber assignment, while the other 3 replace the existing ($LDAPCN), ($LDAPHier) and ($LDAPRDNHier) views.

 

Of the 4 subforms, two are new, providing the PAM and DN extensions for Groups and Person records, while two demostrate implementation of those extensions in the standard Extensibility schema provided by the Domino Directory.

 

The form replaced the standard DirectoryProfile form, and adds a tab for LDAP where you can set the BaseDN and an optional DN for entries with potentially invalid characters ($, *, ~, #, etc)

 

Many thanks to Andre Guirard for his excellent documentation on User Customizable view columns, though he will discover that this template proves one statement in his post wrong. And also to Alan Bell for his equally excellent document on using Domino LDAP for authentication on Posix systems.