We are trying to allow our users to access Notes mail db via IMAP, BUT we want them to authenticate through ACTIVE DIRECTORY.
We have set up all user/password in Active Dir, added the MailFile field and populated with mail file names, added the Inet_Authenticate_With_Secondary=1 key to notes.ini, added the Directory Assistance DB that points to Active Dir, added the IMAP and LDAP internet sites documents…
We use Thunderbird to access the Notes mail via IMAP and all IS working, BUT only for Domino Administrators.
If we try to connect with a “normal” user we get a connection error; as soon as we add this user to the LocalDomainAdmins group, it starts working.
We suspect there’s some security/access problem but could not figure out what additional authorizations are needed to make this configuration work!
-
What security rules should be given in server document?
-
what ACL to names.nsf and/or to Directory Assistance?
-
what other ACL’s or authorizations should we look for?
ALSO NOTE: if you set the internet password in the person document, then IMAP access works! But we really do NOT want to let the users configure the intranet password, but rather force them to use the Active Dir user/password.
We appreciate any suggestion…
Frank
