IBM i > Administrator > Domino

Directory Assistance

Many Internet solutions use directories as safe, structured ways to share information between platforms and applications. Directories support lightweight directory access protocol (LDAP) to enable information sharing. The importance of LDAP directories as data repositories in enterprise computing is illustrated by LDAPs use to control the security of Internet applications and data in middleware products such as WebSphere* Application Server (WAS) and IBM HTTP Server.

IBM provides two notable directory offerings with similar functions: the IBM Directory Server, which ships with OS/400*, and Domino* 6, which was recently released on iSeries. While Domino has its own directory structure, it provides LDAP client and server services. Most Domino customers use the built-in LDAP service for storing information about their e-mail client users.

In some cases, the Domino LDAP server or Internet applications may require additional data from other LDAP directories (running on iSeries or other platforms). These directories might store iSeries user or system information.

Domino and IBM directories can interoperate several ways to provide clients and applications the necessary data. This provides flexibility for managing and accessing user data. User data can be successfully managed across separate directories using built-in APIs and referrals. User information also can be shared between servers by migrating users to Domino. When you understand where user information exists today and where it needs to be, you can map out your directory server environment to provide a streamlined client solution.

Coexisting Peacefully
Peaceful coexistence is the key to the relationship between the Domino Directory and IBM Directory Server. Running both of them on the same iSeries system or within the same partition can cause problems in some environments because, by default, both servers listen on the same port and bind to all IP addresses defined on the system. (Note: The industry-defined LDAP port values of 389 and 636 are used for non-secure and secure connections, respectively.) The server that's started first successfully binds to the IP interfaces using the default ports. Attempting to start the second server results in an error stating the port is already in use.

In OS/400* V5R2, the IBM Directory Server allows you to configure one or more specific IP addresses. (Note: This enhancement is also available in V5R1 via PTF SI03067.) To configure a specific IP address, use iSeries Navigator Directory Properties. On the Network tab, you'll see the Port and SSL Port fields. When the IP Addresses ... button in Figure 1 is pressed, a new window appears showing a choice between binding to all IP interfaces on the system or specific addresses as shown in Figure 2.

 

In a world of heterogeneous data, the flexibility offered by the interoperability of these directory servers is key to creating an environment where user information is easily accessible and maintainable.

Tweet