Directory configuration

Directory authentication allows you to map anonymous AOL screen names to real authenticated user names as defined in your corporate Directory. You can configure to block and disconnected users using AOL screen names not registed/stored in your Directory, if you want to allow them to pass thru as "Anonymous" user entities. By default, Directory authentication is disabled.

Directory authentication requires LDAP access to your directory. IMtegrity does not provide its own directory implementation, it only supports LDAP lookups in existing Directories.

Note: If you configured your existing IBM Lotus Sametime server to use an LDAP directory, use that same LDAP directory. If you are using a IBM Lotus Domino directory, make sure that this Domino server runs the LDAP server task.

Note: Directory configuration changes are dynamic and automatically take effect within 1 minute.

Authenticate internal AOL AIM clients in LDAP Directory:
Select this option to map AOL AIM clients to real authenticated user names as defined in your corporate directory. If enabled, directory authentication lookups occur every time an AOL AIM client connects/logs in to the IMtegrity Proxy Server for the first time (The lookup is done only once per connecting user at initial connection time). By default this option is disabled.

Authentication:

Directory Server:

LDAP Directory Server address:
The IP address or DNS name of the LDAP server.

Port Number:
The port number of the LDAP server. The default port number for LDAP is 389.

Name and Password:
If the LDAP server does not allow anonymous binds, provide the Name and Password allowed to query the LDAP server.

LDAP Search base:
To narrow the search scope and decrease directory lookup time, provide an LDAP search base, if possible. For example, if you have multiple organizational units in your directory (for example, OU=Sales in O=IBM and OU=Development in O=IBM), but the "OU=Sales" organization never uses AOL AIM, you can restrict the lookup to the OU=Development subtree only by entering providing the following search base: OU=Development, O=IBM

LDAP Search scope:
To limit the depth of the scope, you can change the default from "Subtree" to "One Level" or even to "Base" only.

• Base: Searches only the search base specified under "LDAP Search base". This is the fastest lookup but the most restrictive, as all users would need to be found in the single hierarchy provided by the search base.

• One Level: Searches only the immediate children specified under the search base but not the search base itself. Not as fast as a Base only search, but more flexible.

• Subtree: Searches the search base and all of its decendants. This is the default behaviour, which ensures that an AOL screen name can be found in a default configuration.

Test LDAP Directory:
Click the "Test LDAP Directory..." button to perform a live LDAP lookup against your configured directory to verify your configuration settings. This is a convinient feature if you need to test various settings, as you can verify the configuration results immediately, without actually having to use an AOL AIM client.

Note: If you made any configuration changes, make sure to click the "Apply" button first before you perform the test.

If the Directory lookup files, then:

In case the lookup fails, either because the AOL screen name or network name cannot be found in the Directory or the there was a transient problem accessing the LDAP server (network connection unavailable, etc.), you can specify what should happen:

• Allow the user to log in anonymously:
  Select this option to allow the user to log in with the authenticated user name set to "Anonymous". This is the default.

• Prohibit the user from logging in (User will be disconnected):
  Select this option to disconnect the user immediately.