How Can I Authenticate Web Access to a Domino Database Against Active Directory

Posted on 2008-11-10
Medium Priority
Last Modified: 2013-12-19
Hi Experts,

My situation is a weird one. My company has a Notes production environment that is working fine and users can authenticate using their Active Directory user accounts and passwords. ADSync is not being used nor has it been installed anywhere and the accounts do seem synchronized, i.e., when a user changed their Windows password it flows over to Notes for authentication (I do not know if it is a real-time sync or if AD is being dumped out to a Domino directory periodically).

A new Notes dev box was built by another engineer (I have absolutely no Notes experience) who then walked out before the project was completed. We have the database on the dev server and it is accessible via the Domino Designer however when trying to access it via a web browser it is using the notes ID file for authentication. I have been spinning my wheels for a month now trying to wrap my head around the Domino server architecture but have had no luck at all.

How can I get the authentication for the web portion of a Domino database to run against an MS Active Directory as opposed to the Notes ID file.

Thank you very much in advance!!!!!

Question by:jimmlegs
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22923739
Hmm, no, it's different. The heavy-weight clients (Notes, Designer and Admin) use the ID file for authentication. Web authentication doesn't. Usually, it is only username/password. The Internet password is a separate field in the user's Person document in the Domino Directory.

This might help a lot:
LVL 20

Expert Comment

ID: 22925612
They may have used directory assistance which can be configured to use a remote LDAP source such as Active Directory

LVL 20

Expert Comment

ID: 22925620
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.


Author Comment

ID: 22925943
I will review both submissions and update this post. I do not think the ADSync will fly. Management is leery of installing any 3rd parties with AD and from their standpoint if we aren't currently using it in production then we shouldn't need it in development.

Another thing is that it seems to sync specific accounts, for instance, my AD account has never been synced with Notes and I can therefore cannot log on using those credentials however any users that are in there can authenticate with their AD Credentials and when they change their password in Windows it automatically flows to domino.

I will review the above links shortly.


Expert Comment

ID: 22937793
If your Notes password changes when changing your windows password, you must have 'Single Sign On' activated on the Notes client, so that is normal behaviour.
A couple of things to check:

1. On the server document of the Development Server compare the Security settings to the 'Live' server
2. I suspect that on the 'Live' server your have the field 'Internet Authentication' you have the setting 'More name variations with Less Security'
3. You may also have the option to 'Synch' internet password set on the Notes Client also

Accepted Solution

jimmlegs earned 0 total points
ID: 23177561
Unfortunately none of these recommendations seemed to work and the client went ahead and imaged his production server and then went through and renamed the server and all Domino documents required. It didn't solve any problems but at least the client has what he wants.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Creating a Cordova application which allow user to save to/load from his Dropbox account the application database.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question