In order to re-configure the existing HCL Domino Directory Assistance document for accessing the user data over encrypted LDAP connection or LDAPs you have to do the following:
- Create a Domino keyring file for the source Domino server.
Generally there are many good guides on the internet for doing this, personally, I like the following articles:
Personally, I advise you to always use an official certificate, any well known third party CA or Let’s Encrypt certificates, which by the way are free, will do. This will save you some pain in the long run.
2. Add the personal certificate and/or CA certificate to the Domino keyring file of the Active Directory server you want to access.
You can do this in the same manner as adding the Domino root or personal certificate in the guides mentioned above. If possible, I would always add the personal and the root certificate of the AD target server, just to be sure that the trust will be established successfully. Just make sure to set a reminder to change the certificates mentioned before they expire. 🙂
3. Add the newly created Domino keyring file to the Domino Server document
Copy the Domino keyring file, including the stash file (.sth) to the Domino Data folder and reference it in the Domino server document.
4. Import the root and personal certificate of the Active Directory server to the Domino Directory
Export the Active Directory root and personal certificates as “.cert”, Base-64 encoded, and import them to the Domino Directory.
5. Activate encryption in the Domino Directory Assistance document.
Set the “Channel encryption” to “SSL”, I advise you to set the other settings to be “less restrictive”, you can fine tune those after you made sure that basics are working.
Do not worry if clicking the “Verify” button returns an error. I think that there is a bug in the Domino 11 DA Template. I was always getting the following error “Connection to host ‘<hostname>:636’ failed”.
6. Restart the Domino Server and verify.
After the Domino Server restart you can verify that the Microsoft Active Directory user data can be accessed via HCL Domino Directory Assistance by issuing the command “show xdir“, the result should be something like the following:
This is everything you have to do to access the user data over encrypted LDAP connection using HCL Domino Directory Assistance. I hope this helps.