This forum is closed to new posts and
responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:
had an administrator leave on bad terms? ~Rebecca Quetwelyoopsi 27.Jan.04 03:57 AM a Web browser Domino Administrator 6.0.1Windows 2000
The rename action uses the name embedded in the user's certified public key, found in the "Certificate" field of the user's person document. Under normal circumstances, this embedded name matches the first entry in the User Name field in the person doc, so when you think you're renaming Christy Opas, you really are.
If the two values don't match, then you end up renaming the person specified in the public key (Jennifer Overly in this case), not the one in the User Name field. I'm only partly joking about administrators leaving on bad terms: if you're not using public keys for encrypted mail or public key-checking during authentication, this can go undetected for some time, so it makes a nice parting shot. Even if there's an innocent explanation, there are certainly person documents in your directory whose public keys don't match their user names.
The first question you need to answer is "how many?". You can find this out in about 5 minutes (plus the time it takes the server to build an index) by creating a view to flag the mismatches. Base the new view on the People view, and limit its contents to the mismatches. I use a selection formula like this:
SELECT Type = "Person" & @Subset( FullName;1 ) != @Certificate([Subject];Certificate)
If you're comfortable with some basic view design, you can make the view more useful by displaying the User Name {try something like @Name([Abbreviate];@Subset(FullName;1)) here} in one column, and the subject of the certified public key {something like @Name([Abbreviate];@Certificate([Subject];Certificate)) here} in the other.
The second question is "how bad?" If the certificate column shows a name for every mismatch, you're in good shape: you know who the public key really belongs to, and it's not too hard to fix. For a very small number of users (<50), use the clipboard to do it manually. If there are a large number of mismatches but most of the public keys are valid, bribe a LotusScript developer to write an agent to automate the process.
From what I see in your post, the very worst case -- scrambled public keys -- is unlikely. There's no simple answer for this one; it's easy enough to extract a public key from a backup copy of a user ID, but automating the process on a large scale is beyond me.
I'll keep my fingers crossed that yours is one of the easy ones. Good luck!
Return to top
. . had an administrator leave on bad t... (~Rebecca Quetwe... 27.Jan.04) 
Print this page
