Submitted originally by: katie.shakman
Sometimes users have heard of LDAP and have questions about what it is or how we use it.
- LDAP stands for Lightweight Directory Access Protocol.
- LDAP is used to interact with AD, which stands for Active Directory.
- AD is a service for keeping track of e.g. user identities (usually these identities are shared across a set of services that a company uses).
How is it used in Domino?
- Domino can be set up to use LDAP. The decision to enable LDAP rests with the Admin and/or IT department.
- In Domino, information about the collection of users can be populated by manually creating a new user each time someone wants a Domino account, or by connecting to another service that looks up identities and creates users automatically.
- Configuring Domino to use LDAP to create users is one way to automatically create users on-demand without needing an admin in the loop.
- If LDAP is enabled, then when a new user tries to log into Domino for the first time, they should use their LDAP credentials (provided by their company) and Domino will look up those credentials via their LDAP service. If the user is found and is a member of the Domino group in their LDAP system (if such a group exists), then an account will be automatically created for the new user and they will be logged into Domino with that account.