• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1147
  • Last Modified:

How Can I Authenticate Web Access to a Domino Database Against Active Directory

Hi Experts,

My situation is a weird one. My company has a Notes production environment that is working fine and users can authenticate using their Active Directory user accounts and passwords. ADSync is not being used nor has it been installed anywhere and the accounts do seem synchronized, i.e., when a user changed their Windows password it flows over to Notes for authentication (I do not know if it is a real-time sync or if AD is being dumped out to a Domino directory periodically).

A new Notes dev box was built by another engineer (I have absolutely no Notes experience) who then walked out before the project was completed. We have the database on the dev server and it is accessible via the Domino Designer however when trying to access it via a web browser it is using the notes ID file for authentication. I have been spinning my wheels for a month now trying to wrap my head around the Domino server architecture but have had no luck at all.

How can I get the authentication for the web portion of a Domino database to run against an MS Active Directory as opposed to the Notes ID file.

Thank you very much in advance!!!!!

1 Solution
Sjef BosmanGroupware ConsultantCommented:
Hmm, no, it's different. The heavy-weight clients (Notes, Designer and Admin) use the ID file for authentication. Web authentication doesn't. Usually, it is only username/password. The Internet password is a separate field in the user's Person document in the Domino Directory.

This might help a lot:
brwwigginsIT ManagerCommented:
They may have used directory assistance which can be configured to use a remote LDAP source such as Active Directory

brwwigginsIT ManagerCommented:
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

jimmlegsAuthor Commented:
I will review both submissions and update this post. I do not think the ADSync will fly. Management is leery of installing any 3rd parties with AD and from their standpoint if we aren't currently using it in production then we shouldn't need it in development.

Another thing is that it seems to sync specific accounts, for instance, my AD account has never been synced with Notes and I can therefore cannot log on using those credentials however any users that are in there can authenticate with their AD Credentials and when they change their password in Windows it automatically flows to domino.

I will review the above links shortly.

If your Notes password changes when changing your windows password, you must have 'Single Sign On' activated on the Notes client, so that is normal behaviour.
A couple of things to check:

1. On the server document of the Development Server compare the Security settings to the 'Live' server
2. I suspect that on the 'Live' server your have the field 'Internet Authentication' you have the setting 'More name variations with Less Security'
3. You may also have the option to 'Synch' internet password set on the Notes Client also
jimmlegsAuthor Commented:
Unfortunately none of these recommendations seemed to work and the client went ahead and imaged his production server and then went through and renamed the server and all Domino documents required. It didn't solve any problems but at least the client has what he wants.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now