Notes.ini Entry


Name:
    LDAPGroupMembership

Syntax
    LDAPGroupMembership=Number

Applies to:
    Servers

Add-on:

    First Release:
      6.0

    Obsolete since:

      Category:
        Ldap

      Default:
        None

      UI equivalent:
        None

      Description:
      This Variable determines how and which groups are searched by LDAP.

      Valid values are:
      1 - Always search all groups that meet specified search criteria
      2 - Never search Domino "Mail only" groups or groups that do not use the GroupTypefield.

      If you choose setting 1, full-text indexing the directory is recommended to improve the speed of searches of Domino "Mail only" groups and groups that do not use the GroupType attribute.

      The LDAP service always searches Domino groups specified as "Multi-purpose," "Access Control List only," "Servers only," or "Deny List only" groups because it can do so quickly.

      However because searches of Domino groups specified as "Mail only" groups or of groups that do not have a value for the GroupType attribute can be slow, by default the LDAP service does not always search these types of groups. The LDAP service does not search these types of groups if a search query meets all of the following criteria, indicating a query that is typically used for authentication:

      - A search query uses the equality filter objectclass=value, where value is one of these object classes: groupOfNames, groupOfUniqueNames, dominoGroup, or group.

      - A search query uses an equality filter with one of these attributes: member, uniqueMember, or members.

      The two filters above are concatenated using the AND operator.

      For example, by default the LDAP service does not search Domino "Mail only" groups and groups that do not have values for the GroupType attribute if search queries such as these are specified:

      (&(objectclass=dominoGroup)(member=cn=jack brown,o=acme))

      (|(&(objectclass=groupOfUniqueNames)(uniqueMember=cn=jack brown,o=acme))(&(objectclass=groupOfNames)(member=cn=jack brown,o=acme)))

      However, by default the LDAP service does search these groups if search queries such as these are specified:

      (&(objectclass=dominoGroup)(member=*br*))

      (member=cn=jack brown,o=acme)

      (|(&(objectclass=dominoGroup)(member=cn=jack brown,o=acme))(cn=*groupname*))

      To change the LDAP service default behavior for group searches, specify one of these values for this setting.

      This Variable is new in ND6

      Note: in R5 this parameter was known as LDAP_MailOnlyGroupOption. The name has been changed in Domino 6 for clarity. However, you can use either setting name.