Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum


  

PreviousPrevious NextNext

had an administrator leave on bad terms?
~Rebecca Quetwelyoopsi 27.Jan.04 03:57 AM a Web browser
Domino Administrator 6.0.1 Windows 2000


The rename action uses the name embedded in the user's certified public key, found in the "Certificate" field of the user's person document. Under normal circumstances, this embedded name matches the first entry in the User Name field in the person doc, so when you think you're renaming Christy Opas, you really are.

If the two values don't match, then you end up renaming the person specified in the public key (Jennifer Overly in this case), not the one in the User Name field. I'm only partly joking about administrators leaving on bad terms: if you're not using public keys for encrypted mail or public key-checking during authentication, this can go undetected for some time, so it makes a nice parting shot. Even if there's an innocent explanation, there are certainly person documents in your directory whose public keys don't match their user names.

The first question you need to answer is "how many?". You can find this out in about 5 minutes (plus the time it takes the server to build an index) by creating a view to flag the mismatches. Base the new view on the People view, and limit its contents to the mismatches. I use a selection formula like this:

SELECT Type = "Person" & @Subset( FullName;1 ) != @Certificate([Subject];Certificate)

If you're comfortable with some basic view design, you can make the view more useful by displaying the User Name {try something like @Name([Abbreviate];@Subset(FullName;1)) here} in one column, and the subject of the certified public key {something like @Name([Abbreviate];@Certificate([Subject];Certificate)) here} in the other.

The second question is "how bad?" If the certificate column shows a name for every mismatch, you're in good shape: you know who the public key really belongs to, and it's not too hard to fix. For a very small number of users (<50), use the clipboard to do it manually. If there are a large number of mismatches but most of the public keys are valid, bribe a LotusScript developer to write an agent to automate the process.

From what I see in your post, the very worst case -- scrambled public keys -- is unlikely. There's no simple answer for this one; it's easy enough to extract a public key from a backup copy of a user ID, but automating the process on a large scale is beyond me.

I'll keep my fingers crossed that yours is one of the easy ones. Good luck!




Rename Problem! I Choose one person... (~Lily Kihipison... 26.Jan.04)
. . had an administrator leave on bad t... (~Rebecca Quetwe... 27.Jan.04)
. . . . RE: had an administrator leave on b... (~Lily Kihipison... 27.Jan.04)


Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS