HCL Notes and Domino 9.0 Social Edition Forum - Directory Assistance - User with same password in AD LDAP and Domino Directory doesn't works

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼

~Ben Opfooverader

Sep 25, 2013, 2:23 AM

1 Posts

Directory Assistance - User with same password in AD LDAP and Domino Directory doesn't works

Category: Domino Server
Platform: All Platforms
Release: 9.0
Role: Administrator,End User
Tags: Directory Assitance,DA,LDAP
Replies: 2

Scenario

- External LDAP (Active Directory)
- Domino Directory (names.nsf)
- User with the same password into external LDAP and HTTPPassword into the names.nsf
- Directory Assistance Database configurated to validate user via LDAP

Problem

I try to validate a user who has the same password in LDAP and Domino Directory.
The search find the LDAP user with a password but also find this user in Domino DIrectory with the same password and it returns "Unambiguous name" and it fails.
If I change the password in domino directory and I try to validate with LDAP password it works

Any idea will be highly appreciated.

~Karl Nonfooster

Sep 26, 2013, 9:56 AM

3 Posts

same problem, found two workarounds

Hi,

I'm facing the same problem, and I found two ways to solve it.

1) Populate a field in your Active Directory person documents with the Notes Distinguished name of your people, and configure your LDAP document in Directory Assistance to get this field by enabling name mapping.

2) You must install your Traveler server in a domain different from that where your users are registered. In this way you can configure an LDAP document in your Directory Assistance for your Active Directory and set "Yes" to "Trusted for Credentials" parameters, and create another document in your directory assistance for lotus notes lookup on the domain where your users are registered and set to "No" the "Trusted for Credentials" parameter.

Best Regards

Matteo

~Tony Zekfootexikle

Sep 26, 2013, 1:06 PM

9 Posts

working as designed

It is by design that Domino works this way. If Domino is confused about which distinguished name belongs to the user, Domino cannot login the user. Therefore if there are multiple matches where the password can be validated, and if it is the case that these matches have different distinguished names, then Domino provides an error that the names are ambiguous.

Usually the best approach is to blank out the Domino Internet password, and only use the Active Directory record. See this wiki article for more information on the setup:
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Streamlining_passwords_and_achieving_SSO_for_users_on_Windows_platforms

Jane Marcus

Share ▼
Subscribe ▼