How Can I Authenticate Web Access to a Domino Database Against Active Directory

Hi Experts,

My situation is a weird one. My company has a Notes production environment that is working fine and users can authenticate using their Active Directory user accounts and passwords. ADSync is not being used nor has it been installed anywhere and the accounts do seem synchronized, i.e., when a user changed their Windows password it flows over to Notes for authentication (I do not know if it is a real-time sync or if AD is being dumped out to a Domino directory periodically).

A new Notes dev box was built by another engineer (I have absolutely no Notes experience) who then walked out before the project was completed. We have the database on the dev server and it is accessible via the Domino Designer however when trying to access it via a web browser it is using the notes ID file for authentication. I have been spinning my wheels for a month now trying to wrap my head around the Domino server architecture but have had no luck at all.

How can I get the authentication for the web portion of a Domino database to run against an MS Active Directory as opposed to the Notes ID file.

Thank you very much in advance!!!!!

Jimmlegs
LVL 4
jimmlegsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sjef BosmanGroupware ConsultantCommented:
Hmm, no, it's different. The heavy-weight clients (Notes, Designer and Admin) use the ID file for authentication. Web authentication doesn't. Usually, it is only username/password. The Internet password is a separate field in the user's Person document in the Domino Directory.

This might help a lot:
http://www.ibm.com/developerworks/lotus/library/domino-adsync/index.html
0
brwwigginsIT ManagerCommented:
They may have used directory assistance which can be configured to use a remote LDAP source such as Active Directory

http://lnweb90.worldbank.org/help/help8_admin.nsf/f4b82fbb75e942a6852566ac0037f284/eb655592461d987a852572fa004e422f?OpenDocument
0
brwwigginsIT ManagerCommented:
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

jimmlegsAuthor Commented:
I will review both submissions and update this post. I do not think the ADSync will fly. Management is leery of installing any 3rd parties with AD and from their standpoint if we aren't currently using it in production then we shouldn't need it in development.

Another thing is that it seems to sync specific accounts, for instance, my AD account has never been synced with Notes and I can therefore cannot log on using those credentials however any users that are in there can authenticate with their AD Credentials and when they change their password in Windows it automatically flows to domino.

I will review the above links shortly.

Thanks,
0
rd153Commented:
If your Notes password changes when changing your windows password, you must have 'Single Sign On' activated on the Notes client, so that is normal behaviour.
A couple of things to check:

1. On the server document of the Development Server compare the Security settings to the 'Live' server
2. I suspect that on the 'Live' server your have the field 'Internet Authentication' you have the setting 'More name variations with Less Security'
3. You may also have the option to 'Synch' internet password set on the Notes Client also
0
jimmlegsAuthor Commented:
Unfortunately none of these recommendations seemed to work and the client went ahead and imaged his production server and then went through and renamed the server and all Domino documents required. It didn't solve any problems but at least the client has what he wants.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.