How Can I Authenticate Web Access to a Domino Database Against Active Directory

Posted on 2008-11-10
Last Modified: 2013-12-19
Hi Experts,

My situation is a weird one. My company has a Notes production environment that is working fine and users can authenticate using their Active Directory user accounts and passwords. ADSync is not being used nor has it been installed anywhere and the accounts do seem synchronized, i.e., when a user changed their Windows password it flows over to Notes for authentication (I do not know if it is a real-time sync or if AD is being dumped out to a Domino directory periodically).

A new Notes dev box was built by another engineer (I have absolutely no Notes experience) who then walked out before the project was completed. We have the database on the dev server and it is accessible via the Domino Designer however when trying to access it via a web browser it is using the notes ID file for authentication. I have been spinning my wheels for a month now trying to wrap my head around the Domino server architecture but have had no luck at all.

How can I get the authentication for the web portion of a Domino database to run against an MS Active Directory as opposed to the Notes ID file.

Thank you very much in advance!!!!!

Question by:jimmlegs
    LVL 46

    Expert Comment

    by:Sjef Bosman
    Hmm, no, it's different. The heavy-weight clients (Notes, Designer and Admin) use the ID file for authentication. Web authentication doesn't. Usually, it is only username/password. The Internet password is a separate field in the user's Person document in the Domino Directory.

    This might help a lot:
    LVL 20

    Expert Comment

    They may have used directory assistance which can be configured to use a remote LDAP source such as Active Directory
    LVL 20

    Expert Comment

    LVL 4

    Author Comment

    I will review both submissions and update this post. I do not think the ADSync will fly. Management is leery of installing any 3rd parties with AD and from their standpoint if we aren't currently using it in production then we shouldn't need it in development.

    Another thing is that it seems to sync specific accounts, for instance, my AD account has never been synced with Notes and I can therefore cannot log on using those credentials however any users that are in there can authenticate with their AD Credentials and when they change their password in Windows it automatically flows to domino.

    I will review the above links shortly.

    LVL 3

    Expert Comment

    If your Notes password changes when changing your windows password, you must have 'Single Sign On' activated on the Notes client, so that is normal behaviour.
    A couple of things to check:

    1. On the server document of the Development Server compare the Security settings to the 'Live' server
    2. I suspect that on the 'Live' server your have the field 'Internet Authentication' you have the setting 'More name variations with Less Security'
    3. You may also have the option to 'Synch' internet password set on the Notes Client also
    LVL 4

    Accepted Solution

    Unfortunately none of these recommendations seemed to work and the client went ahead and imaged his production server and then went through and renamed the server and all Domino documents required. It didn't solve any problems but at least the client has what he wants.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
    Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now