software Lotus Domino 6 Administering the Domino System, Volume 2 Disclaimer THIS DOCUMENTATION IS PROVIDED FOR REFERENCE PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS DOCUMENTATION, THIS DOCUMENTATION IS PROVIDED “AS IS” WITHOUT ANY WARRANTY WHATSOEVER AND TO THE MAXIMUM EXTENT PERMITTED, IBM DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SAME. IBM SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL DAMAGES, ARISING OUT OF THE USE OF, OR OTHERWISE RELATED TO, THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION. NOTWITHSTANDING ANYTHING TO THE CONTRARY, NOTHING CONTAINED IN THIS DOCUMENTATION OR ANY OTHER DOCUMENTATION IS INTENDED TO, NOR SHALL HAVE THE EFFECT OF, CREATING ANY WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS), OR ALTERING THE TERMS AND CONDITIONS OF THE APPLICABLE LICENSE AGREEMENT GOVERNING THE USE OF THIS SOFTWARE. Copyright Under the copyright laws, neither the documentation nor the software may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole or in part, without the prior written consent of IBM, except in the manner described in the documenta- tion or the applicable licensing agreement governing the use of the software. © Copyright IBM Corporation 1985, 2002 All rights reserved. Lotus Software IBM Software Group One Rogers Street Cambridge, MA 02142 US Government Users Restricted Rights — Use, duplication or disclosure restricted by GS ADP Schedule Contract with IBM Corp. List of Trademarks 1-2-3, cc:Mail, Domino, Domino Designer, Freelance Graphics, iNotes, Lotus, Lotus Discovery Server, Lotus Enterprise Integrator, Lotus Mobile Notes, Lotus Notes, Lotus Organizer, LotusScript, Notes, QuickPlace, Sametime, SmartSuite, and Word Pro are trademarks or registered trademarks of Lotus Development Corporation and/or IBM Corporation in the United States, other countries, or both. AIX, AS/400, DB2, IBM, iSeries, MQSeries, Netfinity, OfficeVision, OS/2, OS/390, OS/400, S/390, Tivoli, and WebSphere are registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Pentium is a trademark of Intel Corporation in the United States, other countries, or both. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. All other trademarks are the property of their respective owners. Contents Preface . . . . . . . . . . . . . . . . . . . . . . . xv Starting and shutting down the Domino server . . . . . . . . . . . . . . . . . . . . . 3-46 Volume 1 4 Setting Up Server-to-Server 1 Deploying Domino . . . . . . . . . . . . 1-1 Connections . . . . . . . . . . . . . . . . . . . 4-1 Guidepost for deploying Domino . . . . . . . . 1-1 Planning server-to-server connections . . . . . 4-1 Building the Domino environment . . . . . . 1-14 How a server connects to another server . . . 4-4 2 Setting Up the Domino Internet connections . . . . . . . . . . . . . . . 4-21 Network . . . . . . . . . . . . . . . . . . . . . . 2-1 Passthru servers and hunt groups . . . . . . 4-23 Lotus Domino and networks . . . . . . . . . . . 2-1 Planning the use of passthru servers . . . . . 4-25 Network security . . . . . . . . . . . . . . . . . . 2-6 Setting up a server as a passthru server . . . 4-27 Planning the TCP/IP network . . . . . . . . . 2-10 Setting up a server as a passthru destination . . 4-28 Planning the NetBIOS network . . . . . . . . 2-26 Planning for modem use . . . . . . . . . . . . 4-33 Planning the IPX/SPX network . . . . . . . . 2-29 Commands for acquire and connect scripts . . 4-53 Setting up Domino servers on the network. . 2-32 Connecting Notes clients to servers . . . . . . 4-55 Server setup tasks specific to TCP/IP . . . . 2-43 5 Setting Up and Managing Server setup tasks specific to NetBIOS . . . . 2-58 Notes Users . . . . . . . . . . . . . . . . . . . 5-1 Server setup tasks specific to IPX/SPX . . . . 2-61 Setting up Notes users . . . . . . . . . . . . . . . 5-1 NOTES.INI settings for networks . . . . . . . 2-64 Adding an alternate language and name to a user ID . . . . . . . . . . . . . . . . . 5-38 3 Installing and Setting Up Setting up client installation for users . . . . 5-41 Domino Servers . . . . . . . . . . . . . . . . 3-1 Managing users . . . . . . . . . . . . . . . . . . 5-54 Installing and setting up Domino servers . . . 3-1 License Tracking . . . . . . . . . . . . . . . . . 5-85 Server installation . . . . . . . . . . . . . . . . . . 3-3 Custom welcome page deployment . . . . . 5-87 The Domino Server Setup program . . . . . . . 3-8 6 Setting Up and Managing Using Domino Off-Line Services (DOLS) and iNotes Web Access . . . . . . . . . 3-10 Groups . . . . . . . . . . . . . . . . . . . . . . . 6-1 Using the Domino Server Setup program . . 3-17 Using groups . . . . . . . . . . . . . . . . . . . . . 6-1 The Certification Log . . . . . . . . . . . . . . . 3-28 Creating and modifying groups . . . . . . . . . 6-2 Server registration . . . . . . . . . . . . . . . . 3-29 Managing groups . . . . . . . . . . . . . . . . . . 6-8 Optional tasks to perform after server setup. . 3-34 Assiging a policy to a group . . . . . . . . . . . 6-9 iii 7 Creating Replicas and Collecting detailed information from user Scheduling Replication . . . . . . . . . . 7-1 calendars . . . . . . . . . . . . . . . . . . 8-20 Replicas . . . . . . . . . . . . . . . . . . . . . . . . 7-1 9 Using Policies . . . . . . . . . . . . . . . 9-1 How server-to-server replication works . . . . 7-3 Policies . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Guidelines for setting server access to Policy hierarchy and the effective policy . . . 9-3 databases . . . . . . . . . . . . . . . . . . . 7-5 Planning and assigning policies . . . . . . . . . 9-6 Setting up a database ACL for Creating policies . . . . . . . . . . . . . . . . . . 9-7 server-to-server replication . . . . . . . . 7-6 Mail archiving and policies . . . . . . . . . . . 9-22 Table of replication settings . . . . . . . . . . 7-11 Managing policies . . . . . . . . . . . . . . . . 9-35 Specifying replication settings for one replica . . . . . . . . . . . . . . . . . . . . 7-17 Viewing policy relationships . . . . . . . . . . 9-37 Scheduling server-to-server replication . . . 7-20 10 Setting Up Domain Search . . . 10-1 Customizing server-to-server replication . . 7-22 Domain Search . . . . . . . . . . . . . . . . . . . 10-1 Specifying replication direction . . . . . . . . 7-23 Planning the Domain Index . . . . . . . . . . 10-4 Scheduling times for replication . . . . . . . . 7-24 Creating and updating the Domain Index . 10-14 Replicating only specific databases . . . . . . 7-27 Customizing Domain Search forms . . . . . 10-18 Replicating databases by priority . . . . . . . 7-28 Setting up Notes users for Domain Search . 10-19 Limiting replication time . . . . . . . . . . . . 7-29 Setting up Web users for Domain Search . 10-20 Using multiple replicators . . . . . . . . . . . 7-30 Using content maps with Domain Search . 10-21 Refusing replication requests . . . . . . . . . . 7-31 NOTES.INI settings for Domain Search . . 10-23 Forcing immediate replication . . . . . . . . . 7-31 11 Setting Up Domino Off-Line Disabling database replication . . . . . . . . . 7-32 Services . . . . . . . . . . . . . . . . . . . . . 11-1 Forcing a server database to replicate . . . . 7-33 Domino Off-Line Services . . . . . . . . . . . . 11-1 Viewing replication schedules and 12 Planning the Service topology maps . . . . . . . . . . . . . . . 7-34 Provider Environment . . . . . . . . . . 12-1 8 Setting Up Calendars and Planning the xSP server environment . . . . 12-1 Scheduling . . . . . . . . . . . . . . . . . . . . 8-1 Using Domino features in a hosted server Calendars and scheduling . . . . . . . . . . . . 8-1 environment . . . . . . . . . . . . . . . . 12-4 Setting up scheduling . . . . . . . . . . . . . . . 8-5 Example of planning a hosted environment . . . . . . . . . . . . . . . 12-16 Setting up the Resource Reservations database . . . . . . . . . . . . . . . . . . . . 8-7 13 Setting Up the Service Creating Site Profile and Resource Provider Environment . . . . . . . . . . 13-1 documents . . . . . . . . . . . . . . . . . . 8-9 Setting up the service provider environment. . 13-1 Editing and deleting Resource documents . . 8-13 Installing the first server or additional Creating Holiday documents . . . . . . . . . . 8-17 servers for hosted environments . . . 13-2 Setting up a hosted organization . . . . . . . 13-3 iv Administering the Domino System, Volume 2 Setting up the Domino certificate 15 Setting Up the authority for hosted organizations . . 13-3 Administration Process . . . . . . . . 15-1 Using policies in a hosted environment . . . 13-4 The Administration Process . . . . . . . . . . 15-1 What happens when you register a hosted Setting up the Administration Process . . . . 15-5 organization? . . . . . . . . . . . . . . . . 13-5 Administration Process support of Example of registering a hosted organization. . 13-8 secondary Domino Directories . . . . . 15-7 Registering a hosted organization . . . . . 13-11 Processing administration requests across Using Internet and Web Site documents in domains . . . . . . . . . . . . . . . . . . . 15-8 a hosted environment . . . . . . . . . 13-18 Setting up ACLs for the Administration Global Web Settings documents and the Process . . . . . . . . . . . . . . . . . . . 15-13 service provider environment . . . . 13-21 The Administration Requests database . . 15-19 Configuring activity logging for billing Customizing the Administration Process . 15-29 hosted organizations . . . . . . . . . . 13-23 Adminstration Process Statistics . . . . . . . 15-35 14 Managing a Hosted Administration request messages . . . . . . 15-36 Environment . . . . . . . . . . . . . . . . . 14-1 16 Setting Up and Using Maintaining hosted organizations . . . . . . 14-1 Domino Administration Tools . . . 16-1 Adding a hosted organization to an additional server to provide new The Domino Administrator . . . . . . . . . . . 16-1 Web applications . . . . . . . . . . . . . 14-2 Installing the Domino Administrator . . . . 16-1 Deleting a hosted organization . . . . . . . . 14-3 Setting up the Domino Administrator . . . . 16-2 Temporarily disabling services for a Starting the Domino Administrator . . . . . 16-2 hosted organization . . . . . . . . . . . . 14-4 Navigating Domino Administrator . . . . . . 16-3 Enabling anonymous access to a hosted organization’s database . . . . . . . . . 14-4 Selecting a server to administer in the Domino Administrator . . . . . . . . . . 16-4 Moving a hosted organization to another server . . . . . . . . . . . . . . . . . . . . . 14-5 Setting Domino Administration preferences. . 16-5 Domino Administrator tabs . . . . . . . . . 16-13 Removing a hosted organization from a backup or load-balancing server . . . 14-10 Web Administrator . . . . . . . . . . . . . . . 16-17 Restoring a hosted environment after a Setting up the Web Administrator . . . . . 16-17 server crash . . . . . . . . . . . . . . . . 14-11 Starting the Web Administrator . . . . . . . 16-22 Using a browser to access a hosted organization’s Web site . . . . . . . . 14-12 Using the Web Administrator . . . . . . . . 16-23 The Server Controller and the Domino Using the Resource Reservations database in a hosted environment . . . . . . . . 14-12 Console . . . . . . . . . . . . . . . . . . 16-28 Viewing hosted organizations . . . . . . . . 14-14 17 Using Domino with Managing users at a hosted organization . 14-14 Windows Synchronization Tools. . 17-1 Setting up Windows NT User Manager . . . 17-1 Using the Web Administrator to manage users at a hosted organization . . . . 14-15 Setting policy-based registration options for use with Notes synchronization . . 17-6 Contents v Using the Windows NT Performance Customizing the Directory Profile . . . . . 19-16 Monitor to view Domino . . . . . . . 17-23 Scheduling replication of the Domino Setting up Domino Active Directory Directory . . . . . . . . . . . . . . . . . 19-17 synchronization . . . . . . . . . . . . . 17-25 20 Setting Up the LDAP Service. . 20-1 18 Planning Directory Services . . 18-1 The LDAP service . . . . . . . . . . . . . . . . . 20-1 Overview of Domino directory services . . . 18-1 How the LDAP service works . . . . . . . . . 20-2 Using directory servers in a Domino Setting up the LDAP service . . . . . . . . . . 20-7 domain . . . . . . . . . . . . . . . . . . . . 18-1 Starting and stopping the LDAP service . . . 20-8 Planning LDAP features . . . . . . . . . . . . . 18-3 Customizing the LDAP service Planning directory access control . . . . . . . 18-7 configuration . . . . . . . . . . . . . . . . 20-9 Planning new entries in the Domino Setting up clients to use the LDAP service . 20-34 Directory . . . . . . . . . . . . . . . . . . 18-7 Using LDAP to search a Domain index . . 20-36 Planning the management of entries in the Domino Directory . . . . . . . . . . . . . 18-9 Monitoring the LDAP service . . . . . . . . 20-37 Planning directory services for Notes NOTES.INI settings for the LDAP service . 20-41 clients . . . . . . . . . . . . . . . . . . . 18-10 RFCs supported by the LDAP service . . . 20-42 Plannimngu ldtiiprelec-tdorirye csteorrvyic eens vinir oanment . . . 18-12 21 Managing the LDAP Schema . . 21-1 Directory search order . . . . . . . . . . . . . 18-15 LDAP schema . . . . . . . . . . . . . . . . . . . 21-1 The Domino LDAP schema . . . . . . . . . . . 21-2 Planning internationalized directory services . . . . . . . . . . . . . . . . . . 18-18 The schema daemon . . . . . . . . . . . . . . . 21-5 Planning directory customization . . . . . . 18-19 Domino LDAP Schema database . . . . . . . 21-7 Directory services terms . . . . . . . . . . . . 18-20 Methods for extending the schema . . . . . 21-10 19 Setting Up the Domino Extending the schema using the Schema Directory . . . . . . . . . . . . . . . . . . . . . 19-1 database . . . . . . . . . . . . . . . . . . 21-13 The Domino Directory . . . . . . . . . . . . . . 19-1 Schema-checking . . . . . . . . . . . . . . . . 21-18 Searching the root DSE and schema entry . 21-19 Setting up the Domino Directory for a domain . . . . . . . . . . . . . . . . . . . . 19-2 NOTES.INI settings related to the schema daemon . . . . . . . . . . . . . . . . . . 21-21 Using a central directory architecture in a Domino domain . . . . . . . . . . . . . . 19-2 22 Using the ldapsearch Utility . . 22-1 Managing Domino Directories in a central Using the ldapsearch utility to search directory architecture . . . . . . . . . . 19-5 LDAP directories . . . . . . . . . . . . . 22-1 Controlling access to the Domino Table of ldapsearch parameters . . . . . . . . 22-2 Directory . . . . . . . . . . . . . . . . . . 19-9 Using search filters with ldapsearch . . . . . 22-4 Corporate hierarchies . . . . . . . . . . . . . 19-13 Using ldapsearch to return operational Setting up Notes clients to use a directory attributes . . . . . . . . . . . . . . . . . . 22-5 server . . . . . . . . . . . . . . . . . . . . 19-15 Examples of using ldapsearch . . . . . . . . . 22-6 vi Administering the Domino System, Volume 2 23 Setting Up Directory Specifying the Domino Directories for the Assistance . . . . . . . . . . . . . . . . . . . 23-1 Dircat task to aggregate . . . . . . . . 24-15 Directory assistance . . . . . . . . . . . . . . . 23-1 Controlling which information is aggregated into a directory catalog . 24-16 How directory assistance works . . . . . . . . 23-2 Full-text indexing directory catalogs . . . . 24-25 Directory assistance services . . . . . . . . . . 23-3 Planning issues specific to Extended Directory assistance concepts . . . . . . . . 23-12 Directory Catalogs . . . . . . . . . . . 24-26 Directory assistance and naming rules . . . 23-12 Planning issues specific to condensed Directory assistance and domain names . . 23-18 Directory Catalogs . . . . . . . . . . . 24-29 Directory assistance and failover for a Multiple directory catalogs . . . . . . . . . . 24-33 directory . . . . . . . . . . . . . . . . . . 23-19 Overview of setting up a condensed Directory assistance for an Extended Directory Catalog . . . . . . . . . . . . 24-34 Directory Catalog . . . . . . . . . . . . 23-22 The Dircat task . . . . . . . . . . . . . . . . . . 24-45 Directory assistance in conjunction with a Opening the configuration document for a condensed Directory Catalog . . . . . 23-24 directory catalog . . . . . . . . . . . . . 24-48 Directory assistance for the primary Monitoring directory catalogs . . . . . . . . 24-49 Domino Directory . . . . . . . . . . . . 23-26 25 Setting Up Extended ACLs . . . 25-1 Number of directory assistance databases . 23-29 Extended ACL . . . . . . . . . . . . . . . . . . . 25-1 Setting up directory assistance . . . . . . . . 23-29 How other database security features Directory assistance examples . . . . . . . . 23-51 restrict extended ACL access Monitoring directory assistance . . . . . . . 23-60 settings . . . . . . . . . . . . . . . . . . . . 25-2 24 Setting Up Directory Elements of an extended ACL . . . . . . . . . 25-3 Catalogs . . . . . . . . . . . . . . . . . . . . . 24-1 Extended ACL access settings . . . . . . . . . 25-3 Directory catalogs . . . . . . . . . . . . . . . . . 24-1 Extended ACL subject . . . . . . . . . . . . . . 25-9 Condensed Directory Catalogs . . . . . . . . 24-2 Extended ACL target . . . . . . . . . . . . . . 25-12 Directory catalogs on servers compared to Extended ACL examples . . . . . . . . . . . 25-19 directory assistance for individual Extended ACL guidelines . . . . . . . . . . . 25-22 Domino Directories . . . . . . . . . . . . 24-4 Setting up and managing an extended Extended Directory Catalogs . . . . . . . . . . 24-5 ACL . . . . . . . . . . . . . . . . . . . . 25-22 Overview of directory catalog setup . . . . . 24-8 26 Overview of the Domino Mail Planning directory catalogs . . . . . . . . . . . 24-9 System . . . . . . . . . . . . . . . . . . . . . . 26-1 Directory catalogs and client Messaging overview . . . . . . . . . . . . . . . 26-1 authentication . . . . . . . . . . . . . . . 24-9 Supported routing, format, and access Directory catalogs and Notes mail protocols . . . . . . . . . . . . . . . . . . . 26-2 encryption . . . . . . . . . . . . . . . . 24-14 The Domino mail server and mail routing . . 26-5 Picking the server(s) to run the Dircat task. 24-14 Overview of routing mail using Notes routing . . . . . . . . . . . . . . . . . . . 26-17 Contents vii Overview of routing mail using SMTP . . . 26-21 Restricting outbound mail routing . . . . . 28-98 The Domain Name System (DNS) and Mail journaling . . . . . . . . . . . . . . . . . 28-105 SMTP mail routing . . . . . . . . . . . 26-25 Setting inbound and outbound MIME and 27 Setting Up Mail Routing . . . . . 27-1 character set options . . . . . . . . . . 28-115 The Domino mail router . . . . . . . . . . . . . 27-1 29 Setting Up Shared Mail . . . . . . 29-1 Planning a mail routing topology . . . . . . . 27-2 Shared mail overview . . . . . . . . . . . . . . 29-1 Sample mail routing configurations . . . . . 27-9 Setting up shared mail databases . . . . . . . 29-5 Creating a Configuration Settings Managing a shared mail database . . . . . 29-11 document . . . . . . . . . . . . . . . . . 27-18 Disabling shared mail . . . . . . . . . . . . . 29-25 Setting up Notes routing . . . . . . . . . . . 27-20 30 Setting Up the POP3 Service . . 30-1 Configuring Domino to send and receive mail over SMTP . . . . . . . . . . . . . 27-37 The POP3 service . . . . . . . . . . . . . . . . . 30-1 Setting up the POP3 service . . . . . . . . . . 30-2 Setting up how addresses are resolved on inbound and outbound mail . . . . . 27-42 Setting up POP3 users . . . . . . . . . . . . . . 30-7 Configuring Domino to send mail to a 31 Setting Up the IMAP Service . . 31-1 relay host or firewall . . . . . . . . . . 27-58 The IMAP service . . . . . . . . . . . . . . . . . 31-1 Routing mail over transient connections . 27-59 Setting up the IMAP service . . . . . . . . . . 31-4 28 Customizing the Domino Customizing the IMAP service . . . . . . . . 31-5 Mail System . . . . . . . . . . . . . . . . . . 28-1 Setting up IMAP users . . . . . . . . . . . . . 31-22 Customizing mail . . . . . . . . . . . . . . . . . 28-1 IMAP settings in the server NOTES.INI Controlling messaging . . . . . . . . . . . . . . 28-1 file . . . . . . . . . . . . . . . . . . . . . . 31-39 Improving mail performance . . . . . . . . . . 28-2 32 Setting Up iNotes Web Controlling message delivery . . . . . . . . . 28-8 Access . . . . . . . . . . . . . . . . . . . . . . 32-1 Setting server mail rules . . . . . . . . . . . . 28-20 iNotes Web Access . . . . . . . . . . . . . . . . 32-1 Customizing message transfer . . . . . . . . 28-26 iNotes Access for Microsoft Outlook . . . . 32-11 Setting transfer limits . . . . . . . . . . . . . 28-33 33 Monitoring Mail . . . . . . . . . . . . 33-1 Setting advanced transfer and delivery Tools for mail monitoring . . . . . . . . . . . . 33-1 controls . . . . . . . . . . . . . . . . . . 28-39 Setting up mail monitoring . . . . . . . . . . . 33-3 Customizing Notes routing . . . . . . . . . . 28-50 Viewing mail usage reports . . . . . . . . . 33-16 Customizing SMTP Routing . . . . . . . . . 28-57 34 Setting Up the Domino Web Changing SMTP port settings . . . . . . . . 28-58 Server . . . . . . . . . . . . . . . . . . . . . . . 34-1 Restricting SMTP inbound routing . . . . . 28-70 The Domino Web server . . . . . . . . . . . . . 34-1 Preventing unauthorized SMTP hosts from using Domino as a relay . . . . 28-75 Setting up a Domino server as a Web server . . . . . . . . . . . . . . . . . . . . . 34-4 Enabling DNS blacklist filters for SMTP connections . . . . . . . . . . . . . . . . 28-86 Setting up WebDAV . . . . . . . . . . . . . . 34-15 viii Administering the Domino System, Volume 2 Hosting Web sites . . . . . . . . . . . . . . . . 34-17 Certificates . . . . . . . . . . . . . . . . . . . . . 39-2 Web Site rules and global Web settings . . 34-34 Password-protection for Notes and Custom Web server messages . . . . . . . . 34-48 Domino IDs . . . . . . . . . . . . . . . . . 39-4 Improving Web server performance . . . . 34-52 Verifying user passwords during authentication . . . . . . . . . . . . . . . 39-8 35 Setting Up Domino to Work ID recovery . . . . . . . . . . . . . . . . . . . . 39-14 with Other Web Servers . . . . . . . . 35-1 Public key security . . . . . . . . . . . . . . . 39-22 Setting up Domino to work with other Web servers . . . . . . . . . . . . . . . . . 35-1 Using cross-certificates to access servers and send secure S/MIME messages . 39-27 36 Setting Up the Web Adding cross-certificates to the Domino Navigator . . . . . . . . . . . . . . . . . . . . 36-1 Directory or Personal Address Book . 39-29 The Web Navigator . . . . . . . . . . . . . . . . 36-1 40 Controlling User Access to Setting up a Web Navigator server . . . . . . 36-2 Domino Databases . . . . . . . . . . . . 40-1 Customizing the Web Navigator . . . . . . . 36-6 The database access control list . . . . . . . . 40-1 The Web Navigator database . . . . . . . . . 36-10 Default ACL entries . . . . . . . . . . . . . . . 40-2 Customizing the Web Navigator database . 36-11 Acceptable entries in the ACL . . . . . . . . . 40-4 Configuring a database ACL . . . . . . . . . 40-11 Volume 2 Access levels in the ACL . . . . . . . . . . . 40-13 37 Planning Security . . . . . . . . . . 37-1 Access level privileges in the ACL . . . . . 40-16 Overview of Domino security . . . . . . . . . 37-1 User types in the ACL . . . . . . . . . . . . . 40-19 The Domino security model . . . . . . . . . . 37-5 Roles in the ACL . . . . . . . . . . . . . . . . 40-20 The Domino security team . . . . . . . . . . . 37-8 Managing database ACLs . . . . . . . . . . . 40-22 Security planning checklists . . . . . . . . . 37-11 Using the Administration Process to 38 Controlling Access to update ACLs . . . . . . . . . . . . . . . 40-23 Domino Servers . . . . . . . . . . . . . . . 38-1 Setting up the Administration Process for Validation and authentication for Notes database ACLs . . . . . . . . . . . . . . 40-24 and Domino . . . . . . . . . . . . . . . . 38-1 Managing database ACLs with the Web Server access for Notes users, Internet Administrator . . . . . . . . . . . . . . 40-24 users, and Domino servers . . . . . . . 38-2 Editing entries in multiple ACLs . . . . . . 40-25 Setting up Notes user, Domino server, Enforcing a consistent access control list . 40-28 and Internet user access to a Domino server . . . . . . . . . . . . . . . 38-4 Setting up database access for Internet users. 40-30 Customizing access to a Domino server . . . 38-7 Maximum Internet name-and-password access . . . . . . . . . . . . . . . . . . . . 40-30 Physically securing the Domino server . . 38-23 41 Protecting User Workstations 39 Protecting and Managing with Execution Control Lists . . . . . 41-1 Notes IDs . . . . . . . . . . . . . . . . . . . . 39-1 The execution control list . . . . . . . . . . . . 41-1 Domino server and Notes user IDs . . . . . . 39-1 Contents ix The administration ECL . . . . . . . . . . . . . 41-6 Default Domino SSL trusted roots . . . . . 46-11 42 Setting Up SSL port configuration . . . . . . . . . . . . . 46-14 Name-and-Password and Managing server certificates and Anonymous Access to Domino certificate requests . . . . . . . . . . . 46-20 Servers . . . . . . . . . . . . . . . . . . . . . . 42-1 Authenticating Web SSL clients in secondary Domino and LDAP Name-and-password authentication for Internet/intranet clients . . . . . . . . . 42-1 directories . . . . . . . . . . . . . . . . . 46-25 47 Setting Up Clients for Session-based name-and-password authentication for Web clients . . . . . 42-6 S/MIME and SSL . . . . . . . . . . . . . . 47-1 Multi-server session-based SSL and S/MIME for clients . . . . . . . . . . 47-1 name-and-password authentication for Web users (single sign-on) . . . . 42-12 SettingS SuLp aNuothteesn taincadt iIonntern.et. c.li.en.t.s .fo.r. . . . 47-3 Managing Internet passwords . . . . . . . . 42-24 Internet certificates for SSL and S/MIME . . 47-5 Anonymous Internet/intranet access . . . 42-25 Setting up Notes clients for S/MIME . . . . 47-13 Validation and authentication for Internet/intranet clients . . . . . . . . 42-27 Dual Ienntecrrnyeptt icoenr taifnicda tseigs nfoartu Sr/eMs IM.E. . . . . 47-17 43 Encryption and Electronic Setting up Notes and Internet clients for Signatures . . . . . . . . . . . . . . . . . . . 43-1 SSL client authentication . . . . . . . 47-18 Encryption . . . . . . . . . . . . . . . . . . . . . 43-1 Using SSL when setting up directory Mail encryption . . . . . . . . . . . . . . . . . . 43-4 assistance for LDAP directories . . . 47-23 Electronic signatures . . . . . . . . . . . . . . . 43-9 48 Rolling Out Databases . . . . . . 48-1 44 Setting Up a Domino Database design, management, and administration . . . . . . . . . . . . . . . 48-1 Server-Based Certification Authority . . . . . . . . . . . . . . . . . . . . 44-1 Rolling out a database . . . . . . . . . . . . . . 48-1 Domino server-based certification Copying a new database to a server . . . . . 48-4 authority . . . . . . . . . . . . . . . . . . 44-1 Creating a Mail-In Database document for Setting up a server-based Domino a new database . . . . . . . . . . . . . . . 48-5 certification authority . . . . . . . . . . 44-5 Adding a database to the Domain Index . . 48-7 45 Setting Up a Domino 5 Signing a database or template . . . . . . . . 48-7 Certificate Authority . . . . . . . . . . . 45-1 49 Organizing Databases on a Using a Domino 5 certificate authority . . . . 45-1 Server . . . . . . . . . . . . . . . . . . . . . . . 49-1 Setting up a Domino 5 certificate authority. . 45-1 Organizing databases on a server . . . . . . . 49-1 46 Setting Up SSL on a Domino 50 Setting Up and Managing Server . . . . . . . . . . . . . . . . . . . . . . . 46-1 Full-text Indexes . . . . . . . . . . . . . . 50-1 SSL security . . . . . . . . . . . . . . . . . . . . . 46-1 Full-text indexes for single databases . . . . 50-1 Setting up SSL on a Domino server . . . . . . 46-2 x Administering the Domino System, Volume 2