packetdrivers
asked on
Still see old domain user/company/oldcompany info when setting up notes users
On domino 6.5, when installing a notes client and putting in a users name, it gives me the users old domain
The server used to be set up as user/company/oldcompany now it is just user/company. For example joe/widget/pacific is not just joe/widget
I am assuming that when a change of domain name was done, something was missed. I don't have this problem with newly created clients.
The last direction I was going towards was re-doing the fixname agent on the public address book.
Looking in each individual user's information, i can not see any sign of the /company/oldcompany anywhere.
The server used to be set up as user/company/oldcompany now it is just user/company. For example joe/widget/pacific is not just joe/widget
I am assuming that when a change of domain name was done, something was missed. I don't have this problem with newly created clients.
The last direction I was going towards was re-doing the fixname agent on the public address book.
Looking in each individual user's information, i can not see any sign of the /company/oldcompany anywhere.
See File/Preferences/Administr ation Prfeferences, Registration
I'm confused. Were do you see the old name? Dring client setup? When enetring an e-Mail address?
AFAIK, in the client setup, there is no place where Notes would give YOU the certifier hierarchy -- you would be the one telling Notes what the hierarchy is.
And for mail addressing, well, just because you HAVE a new certifier, and all your SERVERS use the new certifier, and NEW USERS are REGISTERED with the new certifier, does not mean you are done. Because any user registered with the old certifier still exists as he or she always did, with the old certificate and the corresponding old name.
You need to recertify those users. Don't do it using an agent in the directory, unless the users don't have Notes ID files, because doing that only fixes the directory entry, and leaves the user with a still-outdated ID file.
If I've misread you, please explain.
AFAIK, in the client setup, there is no place where Notes would give YOU the certifier hierarchy -- you would be the one telling Notes what the hierarchy is.
And for mail addressing, well, just because you HAVE a new certifier, and all your SERVERS use the new certifier, and NEW USERS are REGISTERED with the new certifier, does not mean you are done. Because any user registered with the old certifier still exists as he or she always did, with the old certificate and the corresponding old name.
You need to recertify those users. Don't do it using an agent in the directory, unless the users don't have Notes ID files, because doing that only fixes the directory entry, and leaves the user with a still-outdated ID file.
If I've misread you, please explain.
ASKER
I see the old name during client setup. I would enter the user name and server name, and during the password prompt for that user it would read user/company/oldcompany instead of user/company
Email seems to route fine
I noticed when I do a search while looking at the public address book and using the Domino Admin tool, that i get about 43 hits when I put in the "oldcompany" value. Yet when I actually look at those users I do not see the "oldcompany"
Email seems to route fine
I noticed when I do a search while looking at the public address book and using the Domino Admin tool, that i get about 43 hits when I put in the "oldcompany" value. Yet when I actually look at those users I do not see the "oldcompany"
Users (id's) that haven't connected to the server since you did the rename, will still have the OLD hierarchical name. They must connect, the server will update the data in the actual id file, and complete the 'rename' process for that user. If the next time you connect using that id, you STILL get the old org. name, it's time to start worrying.
Also (I don't know if this applies for renaming of certificates) when you rename a user, and that user doesn't connect using his notes.id within 20 days, the rename will cancel. On the other hand, if the rename is 'in process', the users that haven't connected yet will have a FullName field on their person document that contains both names (check that : it's the field with the UserName: label). So there would be
cn=joe/ou=widget/o=pacific
cn=joe/o=widget
in there (plus all other aliases you may have added)
cheers,
Tom
Also (I don't know if this applies for renaming of certificates) when you rename a user, and that user doesn't connect using his notes.id within 20 days, the rename will cancel. On the other hand, if the rename is 'in process', the users that haven't connected yet will have a FullName field on their person document that contains both names (check that : it's the field with the UserName: label). So there would be
cn=joe/ou=widget/o=pacific
cn=joe/o=widget
in there (plus all other aliases you may have added)
cheers,
Tom
ASKER
I only get this problem when I am installing a fresh Notes on a computer, I believe the id files are fine, because when I specify id files to use for the client install it shows as user/widget. However, when I tray to have the install look for the username by just adding the usernamd and the servername; it shows as user/widget/pacific instead of user/widget; and does not allow me to continue to install Notes.
I know that before me, the Domino environment used to be user/widget/pacific and then they changed it to user/widget
The username label contains 2 entries user/widget and user. But not user/widget/pacific
I played with a ldap export in the past with the public address book, and didn't see any references to /pacific.
I know that before me, the Domino environment used to be user/widget/pacific and then they changed it to user/widget
The username label contains 2 entries user/widget and user. But not user/widget/pacific
I played with a ldap export in the past with the public address book, and didn't see any references to /pacific.
So you still have id files attached in your person documents ? Get them out asap - it's bad practice to keep them there. Anyway, these id files are probably still the original ones, and are not updated with the new data. If you install a fresh Notes, copy over the id file that you a) freshly registered or b) that the user was using on his old pc.
cheers,
Tom
cheers,
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This does begin to add up.
I do see the .id files when I look at a person's document. I"ll look at removing them.
Yes we have been saving the .id's to a directory, and then using the id's to install notes. A problem is I would type in the person's name and i wouldn't get the option to locate the .id file because it would prompt with the person/widget/pacific and ask for a password. I can put in a bogus name and then point to the .id file, which woud give me the corret person/widget.
So then you're saying my problem is there are old .id files attached to the person documents of those users, and I should "unattach" them or update them. I suppose the bad practice part is allowing a user to try to hack a users password if the id is attached; wheras if the id is not attached they would have to know where to locate that .id file.
I do see the .id files when I look at a person's document. I"ll look at removing them.
Yes we have been saving the .id's to a directory, and then using the id's to install notes. A problem is I would type in the person's name and i wouldn't get the option to locate the .id file because it would prompt with the person/widget/pacific and ask for a password. I can put in a bogus name and then point to the .id file, which woud give me the corret person/widget.
So then you're saying my problem is there are old .id files attached to the person documents of those users, and I should "unattach" them or update them. I suppose the bad practice part is allowing a user to try to hack a users password if the id is attached; wheras if the id is not attached they would have to know where to locate that .id file.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(code snippet, some declarations are missing !)
Set reg = New notesregistration
reg.RegistrationServer = db.server
If continue Then
Set personview = pab.GetView( PAB_PERSONVIEW )
Set persondoc = personview.getfirstdocumen t
Do While Not persondoc Is Nothing
hasid = False
hasADefaultPassword = False
Print "Processing " + persondoc.FullName(0) + " " + personHashedPassword
'THIS CREATES A LOG DOCUMENT IN A DATABASE, WHERE YOU CAN STORE THE ID FILE
Set doc = db.CreateDocument
doc.form ="fLOG"
doc.FullName = persondoc.FullName
' extra information for mailing
doc.EmployeeID = persondoc.EmployeeID
doc.Location = persondoc.Location
doc.Department = persondoc.Department
doc.Manager = persondoc.Manager
If persondoc.HasEmbedded Then
'Forall anobject In persondoc.EmbeddedObjects
'Just load the first one
%REM
doesn't work very well this way (doesn't work at all, really :-) )
Set attachedId = persondoc.GetAttachment( "UserID" )
If Isnull( attachedId ) Then
Msgbox "error"
Else
attachedId.ExtractFile( TEMP_DRIVE + "\" + persondoc.ShortName(0)+".i d")
End If
%ENDREM
Call reg.GetIDFromServer( persondoc.FullName(0),TEMP _DRIVE + "\" + persondoc.ShortName(0)+".i d", False )
Call reg.DeleteIDOnServer( persondoc.FullName(0), False )
hasID = True
End If
loop
end if
Set reg = New notesregistration
reg.RegistrationServer = db.server
If continue Then
Set personview = pab.GetView( PAB_PERSONVIEW )
Set persondoc = personview.getfirstdocumen
Do While Not persondoc Is Nothing
hasid = False
hasADefaultPassword = False
Print "Processing " + persondoc.FullName(0) + " " + personHashedPassword
'THIS CREATES A LOG DOCUMENT IN A DATABASE, WHERE YOU CAN STORE THE ID FILE
Set doc = db.CreateDocument
doc.form ="fLOG"
doc.FullName = persondoc.FullName
' extra information for mailing
doc.EmployeeID = persondoc.EmployeeID
doc.Location = persondoc.Location
doc.Department = persondoc.Department
doc.Manager = persondoc.Manager
If persondoc.HasEmbedded Then
'Forall anobject In persondoc.EmbeddedObjects
'Just load the first one
%REM
doesn't work very well this way (doesn't work at all, really :-) )
Set attachedId = persondoc.GetAttachment( "UserID" )
If Isnull( attachedId ) Then
Msgbox "error"
Else
attachedId.ExtractFile( TEMP_DRIVE + "\" + persondoc.ShortName(0)+".i
End If
%ENDREM
Call reg.GetIDFromServer( persondoc.FullName(0),TEMP
Call reg.DeleteIDOnServer( persondoc.FullName(0), False )
hasID = True
End If
loop
end if
ASKER
I've been trying to find out how to paste the code in; do I need to be in Domino designer to be able to do that. Tried pasting it in @function view of agent.
You need designer installed to eb able to create a script agent. You have to change the agent code type from Formula or Simple Actions to Lotusscript, then click on the INITIALIZE section, and paste in the middle of that.
If you have been recertifying to a different certifier, then hopefully you know where you placed the resulting files, and didn't just allow them to be sent off by e-Mail without retinaing a copy. If I may be so bold, I would check that you have ID recovery set up, including
1) the password recovery mechanism enabled
2) a mail address (leading to a protected mailbox) to store the recertified copies.
If you have been recertifying to a different certifier, then hopefully you know where you placed the resulting files, and didn't just allow them to be sent off by e-Mail without retinaing a copy. If I may be so bold, I would check that you have ID recovery set up, including
1) the password recovery mechanism enabled
2) a mail address (leading to a protected mailbox) to store the recertified copies.