Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Letting other Notes userids have access 1

Status
Not open for further replies.

deros68

Programmer
Oct 28, 2005
12
US
We have our individual mailboxes/userid and a shared mailbox which our individual userids can read . We all have appropriate access to the shared mailbox. I had to reply "yes trust the signer" to the shared mail box when I used it for the first time (while logged into my individual email id). The actual ecl property that was granted to the shared mailbox was "Allow access to the current database".
No other boxes are checked on that userid's access

Does that mean that the shared mail userid has access to read my individual email file ? or what ?

thanks for any clarification
 
Don't worry, it has nothing to do with access. What the trust message means is that the person who set up the shared database is not certified to do development on the server, therefor the server is asking you if you really trust that person and the code that is in the database.
To remove the prompt, the database should be resigned by the administrator.
Access to a database is determined by the ACL of that database. There is no way in the world that the ACL of one database give access to another one, nor is it possible to programmatically be granted access to a db if that db's ACL does not allow you access in the first place.
The ECL controls execution rights, not access rights. By default, everything that runs on a server should be signed either by the server ID itself, or by a recognized authority (recognized by the server, that is). The administrator is essentially the person telling the server who is recognized.
Anyone doing stuff on the server that is not a recognized authority (creating a shared view, a database, an agent) will be allowed to share the code, but anyone else accessing the design element will be warned that there is code from an un-recognized source.

That is what the message boils down to.

Pascal.
 
Hello Pascal,

I was impressed with your answer and wanted to reach out to you with a similar question if I may?

I have a similar situation with a db (let's call it mycompany.nsf) in which has a shared mailbox that various business teams were promised the usage of this mailbox.

My question is, how can I manage/change the permissions (ACLS) of this .nsf file? I am new to this company and am not the admin of the Notes server. the admin quit. Honestly, it looks like an older version of Notes.. All I see is a dos like black windows with MANY SMTP/MAPI email transactions scrolling upward multiple times every other second.. (this is just to give you a mental picture of what I'm seeing when logged onto the server). I know where the .nsf resides but don't know how to change it's permissions. The mailbox seems to be working though, when I send a test email to it -I don't get a delivery failed message or anything.. Also, do I need some type of Notes admin client or something in order to see Lotus Notes in it's GUI form on this server.. as mentioned before, all I see running is the black DOS shell-like window showing mail transcations scroll up..

Any support would be greatly appreciated
hb101
 
Sorry for the delay in responding, but I'm just back from holidays :).

Anyway, you have most definitely put the finger on the issue : you need a client installation of Notes - including the Notes Administrator client - to properly manage the server.

I have no doubt that you will find the proper install disk, but in addition to that you will absolutely need the password to the cert.id file (which should be in the server directory), as well as the notes.id file of the Admin account and its password.

Failure to retrieve any one of these items means that you will either have to scratch the current installation completely when it falls over, or you will have to tender for some expensive server forensics in order to recover said passwords (if that is at all possible).

Once in possession of the proper id files, you can initiate the installation of the client applications on a desktop that you will dedicate to administering the Notes server. You will need the proper form of the server name, or at least its IP address. You will also need the correct name of the admin ID during the logon process, along with its password.

When everything is installed and working in the Notes client proper, you can then launch the Admin client and let it configure itself to the server. Only then can you correctly manage the server and its files.

I will not deny that you are in for some frustrating times, especially if the previous admin was not forthcoming in his critical documentation. You would greatly benefit from having someone on-site to help you with your troubles - remote aid from the Web is going to delay the resolution of this issue more than anything else.

Pascal.
 
Pascal-

I truly appreciate your elaborate explanation.. really I do!
I also have great news... I was able to recover the password of the cert.id and the notes.id of the Admin. YEAH!
I logged onto the Lotus Notes server from the server room and just to clarify, this is the older server (I believe it's a 4.3 but don't know how to check for this info, perhaps there is a command line entry you could share with me that supplies this information) that is running this dos-shell based window with multiple SMTP email transactions scrolling towards the top of the screen, every 30 seconds or so..

Due to my discovery process, I found another Lotus Notes server running 6.5 (I definately can manage this one via the GUI -awesome!) and since both servers are part of the same domain, I can see .nsf, people.. everything that pertains to the older server from the 6.5 server.. The 6.5 server seems to just be forwarding email to the 4.3 server.. there is a setting on 6.5 that clarified this but I think the 6.5 box might me an "active" mail server too since there are mailboxes on it -I suppose I could drill down into the mailboxes and see whether or not anything is in them..

We have Microsoft domain overall and with Terminal Services I remote control to the 6.5 server and then within there the 4.3 server can be managed because both of them belong to the same child domain.. So, would I still need to have the Administration client installed on my pc? I have the IP and hostname of the older box but I guess I'm wondering if it would supply me with any additional functionality? I suppose it would but just wanted to here back from you and your valuable opinion :)

If so, is there a website in which I might be able to download this Administration client or based on the info I stated above, do I have all the functionalty of the 4.3 box via the 6.5 server?
I apologize for the verbose response, but I felt that my provision for detail was needed here..

thanks for your support Pascal!
hb101
 
Now it's getting tricky for me. I am not an administrator, only a developer, so although there are some things I have learned over the years, your questions are unfortunately out of my league and experience.

Can you manage a 4.x server from a 6.x admin client ? I should suppose so, since even though Lotus has always only guaranteed one level of backwards compatibility, I have found that, for the most part, Lotus does not tear out functionality for no reason. Of course, you will not have all the nice 6.x options for your 4.x server since the server itself cannot implement them.

On the other hand, I am quite surprised that there are two Domino servers both doing mail - and in the same domain, no less. Strikes me as a bit peculiar to maintain such vastly different versions. There must be an application on the old server that requires that version to run and has never been upgraded. But that does not necessarily mean that mail has to be on the old server. I would find out whether or not it is necessary to keep the mail function. If not, move the mail files to the newer server - you have more managing power there.

I would encourage you to install the Admin client on your PC. It is on the client install disk, but I do not know of any place it can be downloaded and I doubt that such an application has been made available to download. On the other hand, it is entirely possible to manage the 6.x box with a browser - but for that you'll have to have the HTTP task running and that might entail some security issues if you cannot configure it correctly.

In any case, you most certainly need to be very careful before doing anything on either box until you know exactly what can break and with what risk.

Pascal.
 
Hi Pascal,

All is well my friend and appreciate your response. I received and installed the Admin client on my pc and all is well.. One question though. I want to create my own cert.id for myself and from there create an id for myself i.e - hb101.id...

Both servers are 6.5 one is the Lotus Notes mail server and the other is a Lotus Notes Sametime server..

Do you know how I can create my own cert.id and user.id - the main thing is that I want to become the Admin of the box and delete the existing one out since he no longer works here anymore. Or could I re-use his old cert.id create an admin user.id with my name as an alternate option.

Please give me your wisdom sir!
thanks and have a great night
hb101
 
As far as I know, the cert.id is created along with the server, so if you want your own, you have to install a new server.
Unless you create an Organizational Unit, in which case you are, in effect, creating a sub-cert for that OU. That way, you could create your own OU in the domain and create any number of user IDs along with it. But to create the sub-cert, you still need to use the Notes Admin ID and the top-level cert.id file (and passwords !).
I don't know much more about cert ids, but I am pretty sure that the top-level cert.id and the Notes Admin ID are not files that you want to lose.
As for being admin with your ID, all you need to do is edit the server document in the NAB with the Admin ID and put your name in the appropriate fields. Be sure to restart the server to ensure that the change is taken into account at all levels.

Pascal.
 
hi pascal,

that is perfect! that's what I'll do.. can you walk me thru it alittle further in editing my credentials into the admin account in the NAB?

thanks hb101
 
That'll be easy. All you need to do is open the server doc in the NAB, go to the Security tab and add your name to the Administrators field. Of course, that's on the R6 server, but for R4 it must not be all that different.
You might want to make a group, put the names in there and put the group name in the field, but I'll leave that to you.

Pascal.
 
That's great Pascal and it worked fine! thanks so much

I am going to post this other inquiry I have in MS Exchange too because it might cross reference over to it.

My company has two domains, one domain is for Lotus Notes email and other nsf databases and the other is a Windows 2003 Active Directory domain with Exchange 2003 email users..

Well, I'm trying to implement a test with afew Lotus Notes users where I could create an Exchange 2003/Outlook client email mailbox for them thinking that it would not disrupt their existing SMTP email to Lotus Notes. So essentially, they would have two disparate and functioning email sytems they could use fully.. Well, I see a few problems here as far as what the users are telling me. It seems it can't be done.. Everything I send them ultimately passes thru to their Lotus Notes mail via the Lotus notes domain...

These users have a Microsoft User account in Active Directory and a valid Exchange 2003 mailbox.. but they also originally had a Lotus Notes mailbox to start off with so I suppose this is why it assumingly defaults to their Lotus Notes mailbox before it ever goes to their Outlook client..

Can it be possible to have both Outlook and Lotus Notes accounts functioning simultaneoulsy? In Exchange Advanced settings, these users have SMTP addresses.. one is an x400 record, the other is a SMTP using firstinitial_for_frstname and full lastname@company.com.. plus I created another that uses fullfirst and fulllastname@company.com smtp address but it doesn't matter which one I use from my outlook client.. when I send a test email EVERYTHING goes thru their Lotus Notes email.. how can I send it to Outlook while also having Notes work for company employees who used to sending this user email to their Notes address to continue doing so until my test has succeeded...

Any ideas? Please let me here them... In Lotus Notes, when I look at a users detail page, there is an area on the right side of their detail page that says Internet address, that address has the Exchange smtp address but it doesn't matter because these users continue getting email to their Notes email.

Thanks for any suggestions or guidance..
hb101
 
Sorry, but I'm out of my league there. You need a real admin to answer that kind of question. On top of that, I've never used Exchange, much less administered a server. I just type code, that's all I know.

I think you could post this in the Domino forum, you'll stand a much better chance of getting an admin to answer.

Pascal.
 
pmonett-

Thats no problem. I was wondering about this.. I need to create 4 mail accounts for 4 users. how do I essentially do that? where do I create the ids for these users? is it as simple as saying, that if I just create the mailboxes then the id is internally created? I have no idea and am shooting bullets at the wind. don't know.. can you give some pointers on this?

thanks so much
hb101
 
That's easy : Admin client, right-hand menu. You should have a People option that launches the certification screen. There, you can declare all users in one go.
I believe that information is in the Admin Help.

Pascal.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top