Detailed information for the notes.ini Keyword: 

LDAPGroupMembership


Short Description: This Variable determines how and which groups are searched by LDAP.

Description:
The LDAP service always searches Domino groups specified as "Multi-purpose," "Access Control List only," "Servers only," or "Deny List only" groups because it can do so quickly. However because searches of Domino groups specified as "Mail only" groups or of groups that do not have a value for the GroupType attribute can be slow, by default the LDAP service does not always search these types of groups. The LDAP service does not search these types of groups if a search query meets all of the following criteria, indicating a query that is typically used for authentication:

 

  •  
    •  
      • A search query uses the equality filter objectclass=value, where value is one of these object classes: groupOfNames, groupOfUniqueNames, dominoGroup, or group.
      • A search query uses an equality filter with one of these attributes: member, uniqueMember, or members.
      • The two filters above are concatenated using the AND operator.
For example, by default the LDAP service does not search Domino "Mail only" groups and groups that do not have values for the GroupType attribute if search queries such as these are specified:
  •  
    •  
      • (&(objectclass=dominoGroup)(member=cn=jack brown,o=acme))
      • (|(&(objectclass=groupOfUniqueNames)(uniqueMember=cn=jack brown,o=acme))(&(objectclass=groupOfNames)(member=cn=jack brown,o=acme)))
However, by default the LDAP service does search these groups if search queries such as these are specified:
  •  
    •  
      • (&(objectclass=dominoGroup)(member=*br*))
      • (member=cn=jack brown,o=acme)
      • (|(&(objectclass=dominoGroup)(member=cn=jack brown,o=acme))(cn=*groupname*))
To change the LDAP service default behavior for group searches, specify one of these values for this setting:

    1 - Always search all groups that meet specified search criteria. If you choose this setting, full-text indexing the directory is recommended to improve the speed of searches of Domino "Mail only" groups and groups that do not use the GroupType attribute.

    2 - Never search Domino "Mail only" groups or groups that do not use the GroupType attribute.


Note In Domino 5 the name of this setting is LDAP_MailOnlyGroupOption. The name has been changed in Domino 6 for clarity. However, you can use either setting name.

 





Default value:
None

UI equivalent:
There is no kown UI setting for this notes.ini variable. But you can specify this setting in the notes.ini settings tab of the configuration settings document.


Applies to:
Server


Documented in:
Lotus Domino Administrator 6 Help

Entry created by:
Bastian W.