User registration issue – “Mail Address not unique”

Today I had the following issue at customer site ( German LP ):

The customer has embedded the AD via Directory Assistance. We created a new AD account and entered the mail address for some sync options.

01_AD-Account

Afterwards we tried to register the user in the Domino Directory and received the error message, that the Internet Address is not unique and therefore we couldn´t register the user.

02_User-Registration

Then we removed the mail address from the AD account, rebuild the XDir with a
“sh xdir r” and then we could register the new user without any problems.

So it seems, that during the registration process also via DA embedded directories are checked for duplicate Internet Addresses. I created a case @HCL – if I receive any informations I’ll update this blog entry.

UPDATE: I received the information from HCL Support that there´s an enhancement request which has been made public: https://bit.ly/30qOunW

Enforcing password change at the next time for Internet password could be a problem

Yesterday I had an issue at customer where a case at HCL ( CSCS0131265 ) has been opened. Up to the beginning:

with Domino V11.0.1 the great feature for authenticating users accessing via Web protocol like HTTP(s), LDAP,… against the ID Vault is working like a charm. Therefore I registered a lot of people without setting an HTTP password in the person document. Afterwards I enforced the users to change the password after the first login what also worked fine.

You’ll receive the information that the Password Change request has been successfully sent to the Administration Requests what still is working. Now up the problem:

If the AdminP tries to modify the HTTP password in the person document you’ll receive the following error in the server console:

[2904:0005-1378] 23.06.2020 12:55:58 Adminp Request: [Change HTTP Password in Domino Directory] on [Username]

[2904:0005-1378] 23.06.2020 12:55:58 Admin Process: Received the following error performing a Change HTTP Password in Domino Directory request on Username (Path: admin4.nsf; Name: HTTPPassword): Note item not found

So it seems that the Internet Password isn´t set during the user registration Adminp cannot finish the change of the Internet Password.

5 Myths about Domino You Need to Stop Believing Right Now

A great story told by Matt Engstrom about 5 wrong statements about HCL Domino:

Myth 1 – Domino apps don’t work on mobile devices

Myth 2 – A Notes client is required to access my apps

Myth 3 – Specialized skills are required to build Domino apps

Myth 4 – My data cannot be integrated in external systems

Myth 5 – Domino apps are ugly

Read the whole story here: https://bit.ly/2MvfDhN

Error “Operation failed” when creating reservation in resource database ( German template )

Starting with 10.0.1 you receive an error message “Operation failed” when trying to create reservations directly in the resource database with the German template.

This is caused by a forgotten bracket in the code. To get rid of this error you have to do the following:

  • Open the template of the resource reservation ( resrc10.ntf, resrc11.ntf ) in the Designer
  • Open the Script Library “SharedFunctions_de-DE”

res01

res02

  • Switch to the function “GetResourceInfo”

res03

In the second to the last “If versionNumber < 377” you have the following code where a bracket is missing in the marked “Else” statement:

res04

To correct this issue you have to replace the code with the following:

IsSpecList_Error = Evaluate(|@IsError(@ExpandNameList( @Subset(@DbName;1) ; “| + tmplist +|”;[IGNORE_FWD_ADDRESS]))|)

After this modification replace the design of your resource database(s).

How to import a wildcard SSL certificate into a Domino Key Ring

Some customers are using wildcard SSL certificates in their environments and want to use them for accessing the Domino environments via Traveler and WebMail.

What you’ll need:

To use those wildcard certificates you have to go through the following steps ( I did this on my Windows machine ):

First you have to to export the wildcard certificate from the PFX file:

c:\openssl\bin\openssl pkcs12 – in <path-to-pfx> -out <path-to-pem> -nodes -chain

convert2pem

This generates the following file:

wildcard02

You can open this file for example with NotePad++ and you will see the following content with all intermediates, root certificates and also the private key:

wildcard03

In my case you now have the private key, the certificate, the intermediate and the root certificate in the PEM file. To go on I created a new text file and copied the content from the PEM file over – with the following order:

  • Private Key
  • Certificate
  • Intermediate
  • Root

—–BEGIN PRIVATE KEY—–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGD6iM7Iy3/HiM
nycokfClcGJFyZKe4v4/IUkyk0v3QL6BYK7DD7rwhVZuw3pZR0xoWxhSRcvvIu4+

8MUpwBcupWYaenmNS7I3Cjl9
—–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
MIIGLDCCBRSgAwIBAgIQAzd7X8XQJcXgZnTANeHbkjANBgkqhkiG9w0BAQsFADBe

/vHWeVw5Nq/NMQviqIHFENIegFiZ1Yh0LVvLfhPRDNG6304UBuPsqJmgT74q4nh8
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh

vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0
TYNYQI+BXG1R1cABlold
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh

pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
—–END CERTIFICATE—–

To check if everything is fine you can check with the KyrTool by entering the following command:

C:\HCL\Notes>kyrtool.exe verify c:\wildcard\wildcard.txt

wildcard10

If you don´t receive any error >> Congrats !!

Now you´re ready to create a KYR file, import the content of the text file ( in this case it was “wildcard.txt” ), move the KYR and STH file to your Domino Server, customize the setting in the Server Document/Website, restart your HTTP server and grab a beer.

The way how to generate the KYR file, … is documented here ( starting at 5. )