Is it possible to lock out HTTP user immediately?

hcl-bot · November 30, 2009, 9:14am

Hi

Is it possible to lockout HTTP user immediately?

Putting user to denylist group listed in not access server does not do any changes immediately.

Creating document into inetlockout.nsf also does not do changes immediately because HTTP does not rereads this database, HTTP process restart is needed.

What could be the solution?

Regards

Ramunas

hcl-bot · November 30, 2009, 2:13pm

Subject: Try changing the Internet Password on the user document

Make sure you replicate immediately to the user server and to the LDAP server…

Jacques

hcl-bot · December 1, 2009, 4:50am

Subject: Changing password does not stop user that is already logged in

If user is logged in, he can read and write emails, calendar and work with other databases via http even if his password is changed during his work.

Thus changing http password does not stop user accessing the system.

hcl-bot · December 1, 2009, 4:54am

Subject: It seems that there is no easier way to stop user working via http than sending user bomb

It seems that there is no easier way to stop user working via http than sending user bomb

Password change does not help because already logged user can access databases anyway.

Adding document to inetlockout does not help because http restart is needed.

Adding to deny access only group does not help because it takes hours for server to notice this chance even if load updall -r names.nsf is done.

hcl-bot · December 1, 2009, 7:04am

Subject: http task

If you can - restarting the http task makes everyone log in again, but depends on how busy the server is and this might well upset other users of course

hcl-bot · December 3, 2009, 5:55am

Subject: This mean crashing all Traverler syncronyzation sessions

This mean crashing all Traverler syncronyzation sessions and user complains. This is not acceptable, and page not found errors and users’ complains are not acceptable.

hcl-bot · December 1, 2009, 8:48am

Subject: Add a WQO to each page that checks the black list…

This will be a penalty for every single page load, but there’s no way around that. If the black list check fails then dump out before the page is actually loaded. If it succeeds then do nothing. Domino is pretty quick about fetching data, so it shouldn’t be too terrible.

Hope this helps…

hcl-bot · December 3, 2009, 5:54am

Subject: This means redesign all existing web applications

This means redesign all existing web applications.This is not acceptable.

hcl-bot · December 3, 2009, 2:23pm

Subject: RE: Is it possible to lock out HTTP user immediately?

If the question is related to Traveler, then use the LotusTraveler.nsf application - There is a deny access option - It should be immediate. Also there is a wipe device option, which works for many devices, will actually clear e-mail from the device and in some cases also hard reset the device.

See this topic for more info:

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/topic/com.ibm.help.lnt851.doc/Administering_IBM_Lotus_Notes_Traveler_Server.html

hcl-bot · December 8, 2009, 7:15am

Subject: Thanks about Traveler. Remote Wipe is good option for Traveler. But DWA is the interest on this topic.