Configuring Lotus Domino Trusted Servers to validate user credentials

To enforce security for documents that were crawled by a Notes crawler that uses the Notes® remote procedure call (NRPC) protocol, the Domino® servers to be crawled must be configured to be Lotus® Domino Trusted Servers.

Before you begin

This procedure is required if you want to enforce document-level security when searching remote databases. To search databases that are local to the crawler server, this procedure is not necessary.

To configure Trusted Servers, a Domino server must be installed on the crawler. This Domino server must be a member of your Domino domain.

About this task

When you configure document-level security options for a Notes crawler, you specify whether you want to enforce access controls by validating the user's current credentials when the user submits a query. To enforce this type of security, the Domino servers to be crawled must be Lotus Domino Trusted Servers.

When users search a domain that requires their current credentials to be validated, the Trusted Server enables the Domino server ID to switch context to the current user ID. The Domino database is opened as if the current user had opened it, and all of the database access control list information for that user is enforced.

The ability to switch contexts in this manner is typically available only for databases that are stored in the data directory of the local Domino server. Beginning with Lotus Domino version 6.5.1, this ability is provided through the Trusted Server. To configure the Trusted Server, a Domino administrator specifies which Domino servers are to be trusted to perform sensitive operations, such as acting as another user when a database is accessed from a remote computer.

To configure a Trusted Server, complete the following steps on all Domino servers that are crawled by a Notes crawler:

1. On a Domino server, use the Domino domain administrator ID file to open the Lotus Domino Administrator client.
2. Click File and then select Open server.
3. Type the name of the Domino server for which you want to enable Trusted Server capabilities.
4. Select the Configuration tab.
5. Expand the Server object, select the Current® Server document, and click Edit Server.
6. Select the Security tab, scroll to the bottom of the document, locate the Trusted Servers entry, and click the down arrow.
7. Specify one of the following options:

   LocalDomainServers

   Select this option if all servers in the Domino domain are to be considered Trusted Servers.

   server_name

   Specify the name of a Domino server that you want to be able to crawl and search as a Trusted Server.

   If the Domino server to be crawled is in a different Domino domain, then you must specify the server name or select the OtherDomainServers group. You must also follow the Domino procedures for cross-certification of the Domino server ID file with the other Domino domain. See the Domino server documentation for information about these procedures.

8. Click Save and Close to save your changes.
9. Stop and restart the remote Domino servers that you enabled to act as Trusted Servers.