Signing Databases Using AdminP

What isn't working? Nothing happens? Error messages? Info in log.nsf??

You checked the return value in noteID$ ? Where did you put your code? If in an agent, did you use the debugger?

WHy work so hard ? Use the Notes Admin client to sign the database with the Server ID that you need, on one Server, and it will replicate to al the others.

I hope this helps !

I assumed a repeated task...

sjef you assumed correct that it is a repeated task.  Plus the people who will need to use this code do not have access to use the admin client to sign the database with the server id.

Want to set it up as a scheduled agent so that the users can create a document with the dataabase details and it will sign the database.

With regards to it not working - Nothing seems to happen.  I first tried it as a manual agent using debugger and nothing was set for noteID$???  Tried it as a scheduled agent and the log.nsf shows that it ran with no errors.  Both as a manual agent and scheduled the agent was signed by the server.

I am not sure that AdminpP can sign using any ID but the server it is running on.

For anything else, it needs access to the ID itself, probably.

You may need to schedule your agent accordingly.

I hope this helps !

And another question: is the call to CreateAdministrationProcess successful?

About
According to the Help documentation, adminp will have a non-Nothing value when an AdminP document has successfully been created. I assume Author-access is required to the adminp-database:
    "The parameter to CreateAdministrationProcess must be the name of the server
    containing the Administration Requests database (ADMIN4.NSF). An empty string
    means the local computer. The server must contain a replica of the Certification
    Log. You must have access privileges to the Domino Directory on the server for
    Administration Process requests that use it."

The SignDatabaseWithServerID method will return the NoteID of the document created in the AdminP-database. If it returns the empty string, no document is created.

Questions are:
- is there a replica of the Certification Log on the server?
- do you have sufficient access rights to the Domino Directory (NAB)?

Hi androgyny7,
Forgive, but I have a slight problem with automatically signing anything with any id.  If people are making changes to databases that are not tested, signing with the server ID will make it possible for people to create invasive agents and run them without recourse.  Causing much damage... :)

Instead, create a few signing ID's.. some with restricted ability to run agents, some with full unrestricted rights, and add those to the setup profiles.  Once you configure the setup profiles and change them, the ECL's will update on the clients.

Then invest in Signez from ytria.com, there you can store your "signing" id's and decide WHO can use WHICH id to sign databases, and they won't need or know the password for the id.  If someone misuses the signing, then remove them from the list.  If they sign invasive stuff, easy enough to know who did it, because ytria doesn't remove the last updated by values like adminp does, it just signs, and you'll always know who made the last update.

If they are competent enough to make design changes, then they need to take on the responsibility of signing without you compromising the ECL security of Notes.

In my opinion, it's a mistake to pursue any automatic signing.  



Regards!

marilyng we are not "automatically" signinng databases.  When developers make changes the get tested on our development servers.  When they are ready to be moved to production that is when they need signing.

What I want to happen is that these developers log a request in the database and then a scheduled agent will pick up that request and sign the database with a server id.

sjef

- there is a replica of the Certfication Log on the server - however I don't have access to that.
- I have author access to the NAB.

The call to CreateAdministrationProcess returns the following:

AdminP     [False, "", "", "", False]
UserCertificateAuthority - False
CertificateAuthorityOrg - ""
CertifierFile - ""
CertifierPassword - ""
CertificateExpiration - ["24/03/2008 08:43:39 GMT",...]
IsCertifcateAuthorityAvailable - False



As the noteID$ is returning an empty string then no document is being created in the AdminP db.

I suppose you need Author access to the AdminP db as well. By the way, I never tried these calls myself...

First time for everything :)

I have checked the AdminP database and I have depositor access.

Might not be possible to do what I want then to sign a database using AdminP.  AdminP uses server "A" and I want to sign the databases on server "B"

Normally, AFAIK, admin.nsf is replicated to all servers in the same domain.

Thanks for all your help guys.

I have now managed to get the agent to sign a database.  The only negative I can see at the moment is that if I want the database to be signed with Server A's ID, the database itself has to have a replica on Server A.  Which isn't always the case in our organisation.

When I try and sign a database with Server A's ID I get returned a NoteID however the database is never signed.

That's pretty much what I said in my 2nd comment.

Which agent?  If you are running adminp with an administration server, then you send the request to the adminp server but request that ServerA sign serverA's database.   Adminp should route the request to the server, I think  :)

Glad it worked..!

Thanks for you help - it didn't work as I hoped.  To sign DB1 with ServerA's ID then DB1 has to be on Server A.  Which is a shame.  Would have liked to have DB1 be signed with Server A's ID when the DB was only on Server B.

Ah, yes,
The only way that could have happened is, MAYBE if Server A was listed as the administration server for the database sitting on server B.
 Or a replica of the database sat on Server A.

Server can only sign stuff on it's server