Active Directory Authentication and IMAP

hcl-bot · June 18, 2014, 4:59am

I’ve changed the ‘Domino Internet Password’ from the person document to AD Authentication (clearing Internet_password, adding Directory Assistance-LDAP)

It works from a browser, even my Android can connect through the Exchange-Protocoll to Traveler

IMAP is unable to connect (SMTP works) neighter from a PC-programm nor from various android phones (works with the Domino Internet Password)

Anyone else experienced this problem???

hcl-bot · June 18, 2014, 9:18am

Subject: need mail attributes accessible over ldap

either need to be able to query the domino mail information from the AD ldap server, or name map the AD user to a domino person so that the mail internet protocols can perform the necessary lookups to determine a user’s
MailFile, MailServer and MailDomain,

heres a technote describing issue further:

Title: Authenticate POP3 or IMAP clients when Domino server is configured to authenticate users against an LDAP
Doc #: 1668377
URL: http://www.ibm.com/support/docview.wss?uid=swg21668377 http://www.ibm.com/support/docview.wss?uid=swg21668377

hcl-bot · June 18, 2014, 11:07am

Subject: tnx. will try. eom

hcl-bot · June 19, 2014, 2:58am

Subject: did not work

I’ve added the attirbutes to ldap & entered them as in the person document

But they are still not found and I’m constantly asked for the password. Is it possbile that the lookup is case sensitive and “mailserver” and “MailServer” are not the same (I persumed because mail is small maildomain and mailserver should be too)???
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local

Anybody knows how to change those attributes? Or does anybody know how to ‘remap’ the fields?

Log:
[17B8:000A-1114] 19.06.2014 14:30:16.77 WebAuth> GroupCache: Cached for User DN=‘first.name@domain.com’
[09C4:0069-02D8] 19.06.2014 14:30:18.10 LDAPChange(WindowsServer.DOMAIN.LOCAL:389): detection type=Active Directory
[09C4:0069-02D8] 19.06.2014 14:30:18.10 LDAPChange(WindowsServer.DOMAIN.LOCAL:389): new change time is 19.06.2014 14:30:18.
[09C4:0069-02D8] 19.06.2014 14:30:18.10 LDAPChange(WindowsServer.DOMAIN.LOCAL:389): highestCommittedUSN=->335911; Changed=TRUE
[17B8:0008-0B94] 19.06.2014 14:30:22.93 WebAuth> LOOKUP in view $Users (user=‘first.name@domain.com’ org=‘’)
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Searching for name=‘first.name@domain.com’ in LDAP server=‘WindowsServer.DOMAIN.LOCAL’
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Attr: mail (mapped from Item=$$NotesDN)
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Attr: objectClass
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Attr: member (mapped from Item=Members)
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Attr: uniqueMember (mapped from Item=Members)
[17B8:000A-0B94] 19.06.2014 14:30:22.93 Attr: MailDomain (mapped from Item=MailAddress)
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Attr: modifyTimestamp (mapped from Item=$$ModifiedTime)
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Attr: MailAddress
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Attr: CN
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Base: DC=DOMAIN,DC=local
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Scope: 2
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Filter: (|(cn=first.name@domain.com)(sAMAccountName=first.name@domain.com)(uid=first.name@domain.com)(mail=first.name@domain.com))
[17B8:000A-0B94] 19.06.2014 14:30:22.94 Timeout: 60 secs
[17B8:000A-0B94] 19.06.2014 14:30:23.00 SEARCH returned ‘1’ match(es).
[17B8:000A-0B94] 19.06.2014 14:30:23.00 ldap_search returned matched DN=‘CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local’
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute AltFullName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute AltFullNameLanguage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute $AdminpOldWebName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MessageStorage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute ListName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attributes member and uniqueMember not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 mail=‘first.name@domain.com’
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute uid not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute Location not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute EncryptIncomingMail not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute CalendarDomain not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute NetUserName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute CertificateThumbprint not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute NewMailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute NewMailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute AltFullName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MessageStorage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute ServerName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute AltFullNameLanguage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute $QuickPlace not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute SametimeServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute MailSystem not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute $AdminpOldwebName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute HTTPPasswordChangeDate not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute HTTPPasswordForceChange not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute Policy not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute LTPA-UsrNm not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute DB2UserName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute $$NoteID not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.00 Attribute $$IsMatchFromCache not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.02 Attribute $$Readers not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.02 Attribute $$LDAPAccessGroups not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.02 Return buffer was added ok.
[17B8:000A-0B94] 19.06.2014 14:30:23.02 NAMELookup::> Informational: verify LDAP msgid =‘6’
[17B8:000A-0B94] 19.06.2014 14:30:23.05 NAMELookup::> BIND LDAP host=‘WindowsServer.DOMAIN.LOCAL:389’ failed for user ‘CN=WINDOWSUSER,CN=Users,DC=DOMAIN,DC=local’ error:‘Invalid credentials’
[17B8:000A-0B94] 19.06.2014 14:30:23.05 NAMELookup::> Informational: Restore LDAP msgid =‘7’
[17B8:000A-0B94] 19.06.2014 14:30:23.05 NAMELookup::> Restoring LDAP Connection for host=‘WindowsServer.DOMAIN.LOCAL:389’ w/ user=‘LDAP-AD-USER@DOMAIN.local’
[17B8:000A-0B94] 19.06.2014 14:30:23.05 NAMELookup::> Received error ‘Error looking up name on LDAP Server; See server log for further details.’ trying to verify LDAP credentials!
[17B8:0008-0B94] 19.06.2014 14:30:23.05 WebAuth> Unsuccessful LDAP BIND for user=‘first.name@domain.com’
[17B8:0008-0B94] 19.06.2014 14:30:23.05 WebAuth> No unambiguous match for user=‘first.name@domain.com’ org=‘’
[17B8:0008-0B94] 19.06.2014 14:30:23.05 WebAuth> LOOKUP in view ($HIGH_SECURITY_AUTH) (user=‘first.name@domain.com’ org=‘’)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Searching for name=‘first.name@domain.com’ in LDAP server=‘WindowsServer.DOMAIN.LOCAL’
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: mail (mapped from Item=$$NotesDN)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: objectClass
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: member (mapped from Item=Members)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: uniqueMember (mapped from Item=Members)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: MailDomain (mapped from Item=MailAddress)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: modifyTimestamp (mapped from Item=$$ModifiedTime)
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: MailAddress
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Attr: CN
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Base: DC=DOMAIN,DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Scope: 2
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Filter: (|(cn=first.name@domain.com)(sAMAccountName=first.name@domain.com)(uid=first.name@domain.com)(mail=first.name@domain.com))
[17B8:000A-0B94] 19.06.2014 14:30:23.07 Timeout: 60 secs
[17B8:000A-0B94] 19.06.2014 14:30:23.21 SEARCH returned ‘1’ match(es).
[17B8:000A-0B94] 19.06.2014 14:30:23.21 ldap_search returned matched DN=‘CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local’
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute AltFullName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute AltFullNameLanguage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute $AdminpOldWebName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MessageStorage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute ListName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attributes member and uniqueMember not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 mail=‘first.name@domain.com’
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute uid not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute Location not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute EncryptIncomingMail not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute CalendarDomain not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute NetUserName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute CertificateThumbprint not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute NewMailServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute NewMailFile not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute AltFullName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MessageStorage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute ServerName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute AltFullNameLanguage not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute $QuickPlace not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute SametimeServer not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute MailSystem not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute $AdminpOldwebName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute HTTPPasswordChangeDate not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute HTTPPasswordForceChange not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute Policy not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute LTPA-UsrNm not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute DB2UserName not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute $$NoteID not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.21 Attribute $$IsMatchFromCache not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.22 Attribute $$Readers not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.22 Attribute $$LDAPAccessGroups not found for entry CN=WINDOWSUSER/CN=Users/DC=DOMAIN/DC=local
[17B8:000A-0B94] 19.06.2014 14:30:23.22 Return buffer was added ok.
[17B8:000A-0B94] 19.06.2014 14:30:23.22 NAMELookup::> Informational: verify LDAP msgid =‘9’
[17B8:000A-0B94] 19.06.2014 14:30:23.25 NAMELookup::> BIND LDAP host=‘WindowsServer.DOMAIN.LOCAL:389’ failed for user ‘CN=WINDOWSUSER,CN=Users,DC=DOMAIN,DC=local’ error:‘Invalid credentials’
[17B8:000A-0B94] 19.06.2014 14:30:23.25 NAMELookup::> Informational: Restore LDAP msgid =‘10’
[17B8:000A-0B94] 19.06.2014 14:30:23.25 NAMELookup::> Restoring LDAP Connection for host=‘WindowsServer.DOMAIN.LOCAL:389’ w/ user=‘LDAP-AD-USER@DOMAIN.local’
[17B8:000A-0B94] 19.06.2014 14:30:23.25 NAMELookup::> Received error ‘Error looking up name on LDAP Server; See server log for further details.’ trying to verify LDAP credentials!
[17B8:0008-0B94] 19.06.2014 14:30:23.25 WebAuth> Unsuccessful LDAP BIND for user=‘first.name@domain.com’
[17B8:0008-0B94] 19.06.2014 14:30:23.25 WebAuth> No unambiguous match for user=‘first.name@domain.com’ org=‘’

hcl-bot · October 16, 2014, 4:55pm

Subject: Did you find a solution?

Hi,

after upgrading from Domino 8.5.3 to 9.0.1 FP2 IMAP Active Directory Authentication is not working anymore.MailFile attribute exists in AD.
We get similar messages like you. Did you find a solution for this?

hcl-bot · July 3, 2015, 7:11am

Subject: Check the “logon workstations” feature

We got the authentication failed issue because the windows profile for users used the " “logon workstations” feature and the AD Domian Controller was not listed.

It seems that the Domain Controller needs to be the “trusted broker”. After Domino establishes the users Distinguished Nmae in AD using the account credentials stored in Directory Assistance it then “unbinds” and rebinds using the users name and password to see if the password is correct.

If the user profile prevents them accessing the domain controller then the authentication fails.