Databases used for directory lookups
Domino can look up directory information in three databases:
1. The Domino Directory database
2. A directory assistance database
3. A directory catalog
1. The Domino Directory database (NAMES.NSF) from the PUBNAMES.NTF template is automatically created when the first Domino server installed in a Notes domain. A replica of the Domino Directory is automatically created on each additional server added to the domain. NAMES.NSF stores information about users and groups in the domain and about Domino configuration. When looking up directory entries, a server always searches its NAMES.NSF database before searching the other databases.
2. A directory assistance database is created manually from the DA50.NTF template. A directory assistance database acts as a directory of secondary directories — directories other than a server’s primary Domino Directory (NAMES.NSF). Directory assistance can point to secondary Domino Directories, for example Domino Directories from other Notes domains, stored locally or on remote Domino servers. Directory assistance can also point to LDAP directories on remote LDAP servers, for example, third-party LDAP directories. A server locates its directory assistance database by looking up the directory assistance database file name in NAMES.NSF.
3. A directory catalog is a database created manually from the template DIRCAT5.NTF and populated by the Directory Cataloger (Dircat) server task. A directory catalog contains abbreviated user, group, mail-in database, and resource directory entries from one or multiple Domino Directories in a single, lightweight, quick-access directory. A directory catalog is small enough for mobile Notes users to store locally so they can address mail to anyone in an organization when disconnected from the network. A directory catalog also makes it easy to do directory lookups in organizations that use multiple Notes domains. A server can locate its directory catalog by looking up the directory catalog file name in NAMES.NSF
A directory catalog is generally 80 to 100 times smaller than the combined size of the secondary Domino Directories represented in the directory catalog. For example, if the combined size of all the individual secondary Domino Directories is 3GB, the size of a directory catalog that aggregates those directories is likely to be only 30MB.
Typically an organization uses two directory catalogs,
1. Mobile directory catalog is replicated to Notes clients and it is used by Notes users to quickly address mail to anyone in an organization even when disconnected from the network
2. Server directory catalog is a directory catalog set up for use by servers so that servers in multiple-domain organizations can search for names and addresses in a single database, rather than in multiple secondary Domino Directories.
To minimize the size of a directory catalog, entries in the directory catalog include only the fields required to resolve mail addresses, although administrators can add fields. A directory catalog supplements rather than replaces the Domino Directory and the Personal Address Book.
The mobile directory catalog
Notes users that have a mobile directory catalog set up gain these benefits:
1. Users who do not have a server connection can quickly look up the address of anyone in an organization.
2. Laptop users can send encrypted mail. User entries in a directory catalog contain a flag indicating whether users have certificates. When a laptop user encrypts a memo, the memo is marked in the local MAIL.BOX file for “just-in-time encryption.” When the user later connects to the network and sends the mail, the client looks up the public key on a server and encrypts the mail.
The server directory catalog
If an organization uses multiple Domino Directories — for example, if it has multiple Notes domains — servers can use the server directory catalog to look up names from these directories rather than search each full directory individually.
After searching its primary Domino Directory, a server can search a server directory catalog to:
1. Look up the names of users in secondary Domino Directories on behalf of Notes users who don’t use mobile directory catalogs.
2. Process LDAP client search requests, if the server runs the LDAP service.
3. Quickly authenticate Web browser clients who are registered in secondary Domino Directories if the server is a Domino Web server and if directory assistance is set up on the server to allow the authentication.
Although directory assistance alone can provide all of these services, typically a server uses both directory assistance and the directory catalog. A server directory catalog is not useful in organizations that use only a primary Domino Directory because the primary Domino Directory is always searched before a server directory catalog.
How a directory catalog works
Administrators create a directory catalog database manually from the Directory Catalog template (DIRCAT5.NTF) and create a configuration document in it to indicate, among other things, which secondary Domino Directories to build into the directory catalog. The Directory Cataloger (the Dircat server task) populates a directory catalog and keeps the entries in a directory catalog synchronized with the corresponding entries in the full secondary Domino Directories. When the task runs, it replicates a limited number of fields from Person, Group, Mail-in Database, and Resource documents from each secondary Domino Directory and then combines on average 200 of these abbreviated documents into a single directory catalog aggregate document. Consequently, the directory catalog uses approximately 1,000 aggregate documents to store 200,000 entries. Since the directory catalog stores fewer documents than the Domino Directory, Notes performs operations against the directory catalog very efficiently.
A directory catalog has three small hidden views.
There is one visible view called Configuration that shows the document used to configure the directory catalog.
There is also a “virtual” view called Users that users can open and programs can access to see the names included in the directory catalog. This view is not stored on disk but is instead created as needed.
Programmatic access to a directory catalog
Developers can use these methods to access a directory catalog programmatically:
1. NAMELookup calls, without any modification required
2. NAMEGetAddressBooks calls, if you use the NOTES.INI setting Name_Include_Ed=1.
3. NIFFindByKey, NIFReadEntries, and NIFOpenNote calls.* You can’t use NSFNoteOpen to open notes passed back from NIFReadEntries; you must call NIFOpenNote instead.
4. LotusScript methods*
5. @NameLookup function*
*Can access the Users view but not the $Users view.
Index “LDAP service” # “directory catalog”In addition, LDAP operations work against a directory catalog located on a server that runs the LDAP service
Comparison of directory catalogs and directory assistance
The mobile directory catalog, server directory catalog, and directory assistance provide similar
functionality. This table compares the features that each directory supports.