Retriving info from a external server(user authentificated via LDAP)

perevicente used Ask the Experts™
In a intranet application accesed via web a user can authenticate from the names.nsf in the Domino server (the application server) or from an external database accesed via LDAP. If the user is authenticated with the names.nsf we get some info from the person document. I need also to get some info from the "person document" in the external database. How can I do that? Should I use a Java agent and JNDI? Is there any other way (lotuscript for example)? How can I distinguish a user authenticated in Domino from one in the LDAP server?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
LDAP has mechanisms which support this.  I suspect you'd need load a java applet that does LDAP lookups to retreive the information.  

Watching thread.

"If the user is authenticated with the names.nsf we get some info from the person document. "

How do you get this extra information? Do you mean by using e.g. @UserName? Or lookups the program does by itself to the names db?
S:   He's using LDAP authentication.  That means he has no Notes/notes access to the NAB in question.  It may as well be a DB2 or Oracle LDAP server in another location.

Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.


I'm totally newvie in LDAP. As far as I know to authenticate with an external server via LDAP from Domino is, basically, a job based on the configuration of the Directory Assistance. But I need to retrieve personal data of the user authenticated. I'd like to do it implementing it in the esiest way. Which one is that? Do you know any url where I can find a detailed explanation how to implement that? Sure I'm not the first one who have to face this problem so I guess it is something developed and encapsulated previously in classes or objects (lotuscript or extended lotuscript, or java).

The users of our web application (intranet) are defined in the names.nsf of the Domino server and in another (external to Domino) database accesed via LDAP. I'm wondering how to distinguise the users indentified in the Domino server from the ones defined in the external db. I guess the personal data from the first ones can be obtained directly from the names.nsf once we know they come from the Domino server. The other ones would be necessary to get their info with those special functions/classes/objects I'm talking about. Are my guessings true? Can anyone give me more detailed information how to manage all this?

perevicente -- that's something not done 'built in' with domino's use of ldap for authentication.  Remember, the whole point of the ldap method is that its generic, and not "domino specific".

How much control, authority, or authorization to run code on the remote server do you have?


I'm still in the proposal phase of the project and I don't have still such concrete information of our client, but It is quite probable I can't not run code in the remote server just to aunthenticate and get the data of the user authenticated.

Hmmm... check this command: @NameLookup( [ flag ] ; username; itemtoreturn )

Looks like it is exactly what you are looking for.

It performs lookups to all NABs including LDAP configured NABs via Directory Assistance.
Nice catch Stitt.  I'll need to remember that one myself.  Geez, 11 years with this product and I'm still learning new things.


Thanks stitt (also AndrewJayPollak for your help). But checking the flag parameter of this @formula I can't not see with is the best value for the application I need to develop.

From the designer help I only see examples for NABs defined in Domino (without"($Users)" views defined in some cases). What value of the flag parameter is the best in my case (LDAP)?

Does it exist a similar function but in Lotusscript?

Thanks, again

Couldnt fint any LotusScript function that does similar lookups. But I'm sure you could use the @command in an Evaluate() expression.

I guess it would be most correct of you to use only the [TRUSTEDONLY] flag - and not any others.

The question is maybe what item names you can use. I would try common things first, just to se things work. Like: FirstName, LastName, Name and so on. It is probably fairly safe to assume that your LDAP server uses item names like these.

The maybe really big question is what item names you can use. As I understand it (and again, I'm on thin ice here) Domino does some schema translation on LDAP lookups. So the big question is do you need to use the original item names that the LDAP server uses, or the translated item names that Domino uses.

This is a quote from the admin help: "You can use the command tell LDAP exportschema on a server running the LDAP service to create the Domino LDAP Schema database (SCHEMA50.NSF) in the Domino data directory. This database provides information about the directory schema in a user-friendly format and can reflect any changes you make if you extend the directory schema. You can also use this command to update the Schema database after extending the schema.
Make sure the Schema database is closed before you use tell ldap exportschema to update the database. If the database is open, the export won't work. "

I guess it could be usefull to have the LDAP task make this database, then you can look at it and se how Domino handles schemas and itemnames.

Best of luck


Thanks again stitt!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial