Overview
This idea is related to the way in which multiple directories in Domino can be used.
Currently, Domino supports multiple Directories in the form of Directory Assistance, which allows to add multiple directories to the whole server. All services running on Domino will then be able to use all of the additional Directories.
This idea suggests to introduce a more nuanced way to deal with multiple directories.
Idea
( see screenshot attached below )
This idea suggests:
Allow administrators to use Website Documents to enable selective use of Directories, or (if disabled) to use the global list of directories, as defined in Directory Assistance.
Allow administrators to use Website Documents to select which Directories (as defined in Directory Assistance) can be used for authentication.
Allow administrators to use Website Documents to select which Directories (as defined in Directory Assistance) can be used for address lookups by users.
Allow administrators to disable the local Domino Directory and instead, provide only one or more additional Directories.
Allow administrators to maintain an order, in which multiple Directories will be used for lookups on a per-Website Document basis.
Extend "show xdir" command to display a precise list of all directory configurations.
Why
Fix Issues
In some configurations, where administrators want to authenticate against a remote directory, but users exist in both the remote and the local Domino Directory, authentication may be ambiguous or may even fail. A typical workaround is to clear the "HTTPPassword" to fix the issue. Selecting Directories (or deselecting the local DDIR) solves the issue in a clear and concise way.
Improve and Simplify
The traditional use of Directory Assistance is more suitable for small or simple configurations (e.g. Domino/Docker).
The selective use of Directory Assistance may be useful to further consolidate Domino servers, as providing or concealing Directories is security relevant. The lack of control restricts server consolidation.
Domino servers running services like Traveler, HTMO, IMAP/SMTP may benefit from this change, but also HTTP applications (e.g. in combination with separate Website Documents and SNI).
This feature provides better ROI for Domino, and a more flexible/agile deployment, leveraging existing servers, and it provides more control over privacy/security.
[ Toni Feric, Belsoft Collaboration ]