We are having two domains (different servers) say X (ver 7) and Y(ver 8.5.1). Notes user is having two mail boxes one in X server and the other in Y server.
Both the servers are cross certified.
Now the problem is,
when the user is trying to access his mailbox in X server with his notes mailId in Y it is throwing an error message “You are not authorized to access the database”.
If we added the user’s Y server emailId in the X server mail box’s ACL he is able to access tha db. But this is a big problem when we have handle groups in ACL.
Can anybody know how to handle this cross domain database access with a single user Id with out touching the ACL? This is very urgent.
Subject: You cannot add a second Notes cert chain into an ID file, but you don’t need to
You can just add a cross-cert from server Y to the user. If you have more than one user and/or more than one server, just raise the level of the cross-cert to cover all of the relevant entities on each side.
It sounds like you are talking about Notes Organizations and not Notes Domains. Organizations are defined by certificates on ID files. Domains are defined by users and servers being defined (person doc/server doc)in the same replica of the public directory, names.nsf.
Since you’re taking about cross certificates I’ll assume your users are in two different organizations,e.g. Joe Smith/Acme and Joe Smith/IBM. If this is the case then the two users are considered totally different so when Joe Smith/Acme tries to Access Joe Smith/IBM’s mail file it is expected that he will be denied unless he is listed in the ACL as Joe Smith/Acme.
The cross certificate you created only allows “authentication” to occur between two different organizations and has no relation to the ACL. One way or the other you will need to get Joe Smith/Acme in the ACL, either explicitly or as a member of a group. I don’t know your defined groups but there is no problem adding Joe Smith/Acme to a group that is residing on the other server, e.g. Server1/IBM.