Mobile tag

About Me

I am the "IBM Collaboration & Productivity Advisor" for IBM Asia Pacific. I'm based in Singapore.
Reach out to me via:
Follow notessensei on Twitter
Amazon Store
Amazon Kindle


Domino Upgrade

VersionSupport end
Upgrade to 9.x now!
(see the full Lotus lifcyle) To make your upgrade a success use the Upgrade Cheat Sheet.
Contemplating to replace Notes? You have to read this! (also available on Slideshare)


Other languages on request.


Useful Tools

Get Firefox
Use OpenDNS
The support for Windows XP has come to an end . Time to consider an alternative to move on.

« Round-Trip editing experience in web browsers | Main| Identifying platform dependent code in your Domino application »

Fixing Domino's LDAP

QuickImage Domino's LDAP needs some fixing before it can be used as fully standard compliant LDAP, e.g. for Linux authentication. Alan Bell decribed the procedure long ago, but no action was taken by IBM/Lotus. So Nathan stepped forward and published a project on OpenNTF.
Unfortunately the template contained modifications of IBM copyrighted code (other than the mail and application templates the Domino Directory template never was published under an Apache 2.0 license), so the project had to be taken down. I had a look at it and used DXLMagic to run a comparison that revealed only modest changes:

XMLComparison: pubnames.ntf.dxl to DemoDirectory.nsf.dxl

Modified ( 86 changes)
form " (PublicDirectoryProfile) " 37 changes ( A57A396D2617685D852565D300812356 )
outline " (AllViews) " 30 changes ( 8BD254C7A4FBCA6B85256A450072C65D )
subform " $GroupExtensibleSchema " 4 changes ( D3095315B1612EC2852565D7005C620E )
subform " $PersonExtensibleSchema " 5 changes ( D64258C1970DE85A852565D70058B520 )
view " ($LDAPHier) " 5 changes ( E72D0DA8994BDCB08525668E007FC98E )
view " ($LDAPRDNHier) " 5 changes ( 0E315EB2B26A4532852567DD007187B4 )
Added ( 4 additions)
subform " DominoDirectoryProfileAddin " ( 1FB319E88A4DFA0C48257A320049FCA3 )
subform " LDAPGroupExtensions " ( E57DA00E4BFFE3D648257A320049FCA4 )
subform " LDAPPersonExtensions " ( C479022EFB0069E748257A320049FCA5 )
view " ($IDNumbers) " ( 9864DF762EC0FA9648257A3200499A64 )
Quite some of that changes are subtle alteration of the pardef settings - which are 100% irrelevant to our task (see the detailed report). The main challenge here are the changes inside the original IBM design elements. Altering a design is one of the DXLMagic capabilities. So without publishing IBM © code it can inject the neccessary changes.
The trick here is to find the right injection points expressed as XPath expressions and the right DXL snippet to do the job. The DXLMagic module needed here is the DesignInjector. These are the injection points:
XPathInsertion TypeFile Name
/d:database LASTCHILD view_$IDNumbers.dxl
/d:database/d:form[@alias="DirectoryProfile"]/d:body/d:richtext/d:section[position()=last()] LASTCHILD form_DirectoryProfile.dxl
/d:database/d:subform[@name="$PersonExtensibleSchema"]/d:body/d:richtext LASTCHILD subform_$PersonExtensibleSchema.dxl
/d:database/d:subform[@name="$GroupExtensibleSchema"]/d:body/d:richtext LASTCHILD subform_$GroupExtensibleSchema.dxl
/d:database/d:view[@name="($LDAPRDNHier)"]/d:column[position()=1] Attributes change itemname="$RDNRootColumn" profiledocname="DirectoryProfile" usecolumnformula="true" userdefinable="true"
/d:database/d:view[@name="($LDAPHier)"]/d:column[position()=1] Attributes change itemname="$RDNRootColumn" profiledocname="DirectoryProfile" usecolumnformula="true" userdefinable="true"
Download is coming soon.
Use it at your own risk (read: try it on a copy of pubnames.ntf and have a backup at hand).
As usual YMMV!


Gravatar Image1 - I guess it doesn't surprise me that IBM won't fix Domino's LDAP. Now that we're in the final laps, they don't want to draw attention from their "preferred" solutions.

Gravatar Image2 - Thank you very much for working round the problem of copywrited code - am happy to have the changes :o)

Gravatar Image3 - Excellent! I am looking forward to running a comparison and benchmark it. I run into issues with large Domino directories, especially when there are aallot of groups.

Post A Comment

Please note: Comments without a valid and working eMail address will be removed. This is my site, so I decide what stays here and what goes.



This site is in no way affiliated, endorsed, sanctioned, supported, nor enlightened by Lotus Software nor IBM Corporation. I may be an employee, but the opinions, theories, facts, etc. presented here are my own and are in now way given in any official capacity. In short, these are my words and this is my site, not IBM's - and don't even begin to think otherwise. (Disclaimer shamelessly plugged from Rocky Oliver)
© 2003 - 2014 Stephan H. Wissel - some rights reserved as listed here: Creative Commons License
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution/NonCommercial/ShareAlike Creative Commons License, with the exception that no rights are granted -- since they are not mine to grant -- in any logo, graphic design, trademarks or trade names of any type. Code samples and code downloads on this site are, unless otherwise labeled, made available under an Apache 2.0 license. Other license models are available on written request and written confirmation.