Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)

HCL Notes/Domino 8.5 Forum (includes Notes Traveler)
Previous Next
Subject: SSO/AD/database & document security
Feedback Type: Question
Product Area: Domino Server
Technical Area: Administration
Platform: Not Applicable
Release: 8.5.3
Reproducible: Always

I apologize for the duplicate post (had inadvertently posted to Domino 8 forum)

I am a developer, not an Administrator, and have limited Admin knowledge. I need to provide database and document security for the majority of our databases and I am experiencing problems with access for our SSO AD users.

Most of our organization uses Domino and Lotus Notes mail, one business unit uses Outlook. Our "Outlook" users are listed in a separate notes address book - not in our names.nsf and are synced with Active Directory using a 3rd party product (Quest Coexistence Manager for Notes). We do have a Directory Assistance database configured.

The Active Directory users are able to authenticate (as web users) with our Notes Servers after logging into Citrix and can access databases that have default ACL of reader or above. They are not able to access any databases that have ACL Default set to No Access.

I have attempted to add our AD users to the database ACL by adding the full name listed in the FullName field of their Person Document in the directory database ("CN=Sally May/OU=CMN/O=TIA"), but the user is denied access.

The server actually sees the user as their Active Directory distinguished name. CN=Sally May/OU=TIA_Users/OU=ABCCompany/DC=trustco/DC=com. If I manually add the AD Distinguished name to the ACL or Readers Field, it seems to work, but I have no way to easily obtain the AD Distinquished name, as it is not stored in the Domino Directory. In other words, I cannot assign ACL by selecting a user from Domino Directory - the AD distinquished name is not listed in the person (contact) document. I also cannot add the AD users to groups.

I was told that the AD users cannot access the database because they have not been registered in Notes, but wouldn't that prevent them from authenticating with the server as well?

I am hoping that the issue is a configuration problem that can be resolved by changes to the Directory Assistance document, DirectorySite document, or the Domino Directory.

Any assistance would be greatly appreciated.


Feedback number WEBB96WQWN created by ~Michelle Eknusteretsi on 04/19/2013

Status: Open
Comments:

SSO/AD/database & document security... (~Michelle Eknus... 19.Apr.13)
. . Try this (~Sean Eljumigon... 19.Apr.13)
. . . . Yes, but... (~Michelle Eknus... 22.Apr.13)
. . . . . . Should resolve (~Sean Eljumigon... 22.Apr.13)
. . . . . . . . didn't work (~Michelle Eknus... 3.May.13)
. . . . . . name mapping (~Tony Zekfootex... 22.Apr.13)




Printer-friendly

Search this forum

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS