I have a user whose ID expired. Because the original OU certifier has gotten corrupted (long story, can’t re-cert the OU cert), I can’t re-certify the original ID. I have issued the user a new ID with a parallel OU cert. I want to give the new ID access rights to everything the old ID had access to. How do I cross-certify the new ID with the old ID?
Subject: Cross-certifying user account
OK I take it the certificate used to create the new OU is the same cert that created the old.
ie ou/cert (old) is the same as ou/cert (new).
If this is the case you have to make sure that the Domino Directory has all the updated certicates stored and that they are correct.
Now for that should cover the authentication to the server. ie I trust you because we share a common cert. Now once you have access to the server the rest of the access is real just down to the text in the ACL. ie name/ou/cert
This is not the best way of doing all this as you should have move to new cert etc this would allow the ADMINP to check all the relevent fields and data for you (if needed).
Subject: RE: Cross-certifying user account
If I understand you correctly, what you’re saying is that I’d have to mod the ACLs to add the new user to the same groups/roles as the old user?
Unfortunately, our server was never properly configured (and I don’t have permission to rebuild it) so ADMINP doesn’t run.
Subject: RE: Cross-certifying user account
The adminp does not run, wow.
What I am saying is this…
if you took your Databases (secure at the momment) and took them off your site without any ID’s or certs. You could build a different Domino environment with the same cert / OU names. This would mean you full name ie name/ou/cert would match that in the ACL. This allowing you to access the DB.
The paralel OU is a different FULL name. This means the ACL’s are all wrong. You will need to change all the ACL’s etc. This will incrude DB owners / readers and authors / blah blah blah. No adminp is a huge deal and you should make this a priority to fix.
Renaming users must be a huge issue there 