I’m authenticating http requests to the domino server pointed at active directory, this is working. However, IMAP client connections still use the domino name and address book internet password.
Does anyone know how to point domino IMAP at active directory? I have created and internet site document for IMAP and I’m loading it from the server document.
I’m anticipating having to extend the AD schema with a mailfile attribute. Does this have to be done first in order for the domino IMAP server to use the AD password?
While it’s probably necessary to have that ini variable set I didn’t get this to start working until I modified the active directory schema with the mailFile attribute and populated the attribute with the value “mail\mailfilename.nsf”
We are trying to allow our users to access Notes mail db via IMAP, BUT we want them to authenticate through ACTIVE DIRECTORY.
We have set up all user/password in Active Dir, added the MailFile field and populated with mail file names, added the Inet_Authenticate_With_Secondary=1 key to notes.ini, added the Directory Assistance DB that points to Active Dir, added the IMAP and LDAP internet sites documents…
We use Thunderbird to access the Notes mail via IMAP and all IS working, BUT only for Domino Administrators.
If we try to connect with a “normal” user we get a connection error; as soon as we add this user to the LocalDomainAdmins group, it starts working.
We suspect there’s some security/access problem but could not figure out what additional authorizations are needed to make this configuration work!
What security rules should be given in server document?
what ACL to names.nsf and/or to Directory Assistance?
what other ACL’s or authorizations should we look for?
ALSO NOTE: if you set the internet password in the person document, then IMAP access works! But we really do NOT want to let the users configure the intranet password, but rather force them to use the Active Dir user/password.