I’m facing a problem, where web users cannot change their HTTP password through the ?ChangePassword URL command, because adminp fails to update the person document.
We’re running a server mostly for web-only users. No IDs, just a person document in the one and only Directory. All of them have a (flat) FullName, LastName and MailAddress. Many have a FirstName, too. The security setting “Internet authentication” is set to “Fewer name variations with higher security”.
The problem occurs, when a user’s FullName is identical to any one FirstName or LastName of a different user. The password change seems to be effective (users can log out and log in using the new password successfully), but when the administration process tries to update the person document, it generates the following error:
Title: ORGANIZATION’s Directory File name: SERVER/OU/ORGANIZATION!!names.nsf; Error: Person documents for the ‘Name(s) acted upon’ were found in multiple trusted directories for which this server is the Administration Server.
Apart from the fact, that the message looks very misleading to me (there’s only one directory, no other trusted directories), I would assume that this should not happen. Since FullName values are unique amongst all users, adminp should be able to clearly identify the correct person document to act upon. If the server was set up to allow more name variations (who in his right mind uses that setting anyway?), I could understand this behavior as a security measure, but not the way it is.
Any ideas? Any dependencies I did not check? Do I really have to check user names against first names and last names as well?
Subject: Change Password: Person doc for ‘Name(s) acted upon’ found in multiple trusted directories
Have a look at this
http://www-1.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&context=SSKTWP&q1="multiple+trusted+directories"&uid=swg21249482&loc=en_US&cs=utf-8&lang=en
Sorry quick post I will see if there is something else
Subject: RE: Change Password: Person doc for ‘Name(s) acted upon’ found in multiple trusted directories
Nathan, thanks for the hint, but I don’t think that it applies here.
I triple checked, that there is no other directory, neither a secondary directory, nor an extended, nor condensed directory catalog. Also, the directory cataloger task does not run.
I wonder, if this problem is somehow related to running Domino on Linux. Which reminds me on the unpleasant fact, that the remote debugger does not work on Linux for databases that reside in subdirectories …
Subject: Change Password: Action comment
Plus one more thing: I forgot to include the “action comment” along with the error message in the adminp log document. It says:
“Person documents for FULLNAME were found in two trusted directories used by SERVER/ORGANIZATION: DOMAIN’s Directory and DOMAIN’s Directory.”
I just cannot of any kind of misconfiguration, that would make Domino see two trusted directories, when there is only one (and no Directory Assistance at all …).
Subject: RE: Change Password: Action comment
Sorry I have not replied sooner…
Have you tried to test this ona Windows system to see if this is Operating system issue?
A long shot but worth a try.
Subject: RE: Change Password: Action comment
Thanks for taking the time. Until now, I have tried to stay away from that, but it might indeed be required. At least, this could make it very clear, if there is any OS dependency or not.
Luckily, we have just set up a brand new VMware server running Windows Server 2003 EE VMs. Since the system this is intended for will not be installed before a week or two, I might be able to abuse this …