Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum


  

PreviousPrevious NextNext


~Samuel Frogerosongon 28.Jan.04 01:18 AM a Web browser
Domino Server 6.0.3 Windows 2000


I'm working on setting our web server to authenticate our employees via LDAP provided by Active Directory. So far it's working great - I can log in with my AD user ID and password, and AD passes back the name in AD that matches what I have in Domino.

Therein lies the problem. Everyone's name in Domino is composed of their preferred first name (e.g., Greg instead of Gregory), their middle initial, and their last name. This is how our 'name' is in Domino and in our HR system, but not in Active Directory. I got around this by having our AD admin add my 'HR name' to an additional field in AD, extensionAttribute2. AD returns this name just fine, as it is set up in Directory Assistance. However, if I use this field in a custom authentication filter, the web site is incredibly slow. If I don't use this in the authentication filter, but still have it as the 'Attribute to be used as Notes Distinguished Name', the web site loads at normal speed. In order to accomodate the different names, and the way people typically log in, I have the following Custom authentication formula:

(|(cn=%*)(extensionAttribute2=%*)(sAMAccountName=%*))

If I leave out extensionAttribute2, it runs great, if I leave it in, even if it's the only item in that formula (e.g., (extensionAttribute2=%*) ), the site runs incredibly slow.

In SQL parlance, I would have them index that field on the AD side, but I don't think there's any way to do that directly. Is there some other setting for AD to 'speed up' that attribute?








  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

 RSS feedsRSS
All forum posts RSS
All main topics RSS