Configuring Lotus Domino Trusted Servers to validate user credentials
To enforce security for documents that were crawled by a Notes crawler that uses the Notes® remote procedure call (NRPC) protocol, the Domino® servers to be crawled must be configured to be Lotus® Domino Trusted Servers.
Before you begin
This procedure is required if you want to enforce document-level security when searching remote databases. To search databases that are local to the crawler server, this procedure is not necessary.
To configure Trusted Servers, a Domino server must be installed on the crawler. This Domino server must be a member of your Domino domain.
About this task
When you configure document-level security options for a Notes crawler, you specify whether you want to enforce access controls by validating the user's current credentials when the user submits a query. To enforce this type of security, the Domino servers to be crawled must be Lotus Domino Trusted Servers.
When users search a domain that requires their current credentials to be validated, the Trusted Server enables the Domino server ID to switch context to the current user ID. The Domino database is opened as if the current user had opened it, and all of the database access control list information for that user is enforced.
The ability to switch contexts in this manner is typically available only for databases that are stored in the data directory of the local Domino server. Beginning with Lotus Domino version 6.5.1, this ability is provided through the Trusted Server. To configure the Trusted Server, a Domino administrator specifies which Domino servers are to be trusted to perform sensitive operations, such as acting as another user when a database is accessed from a remote computer.
Procedure
To configure a Trusted Server, complete the following steps on all Domino servers that are crawled by a Notes crawler: