Is it possible to move an ID to a certifier where the person document already believes that the move has happened?

HCL Domino Domino Forum
1

I have a strange issue with a user account and right now the only viable option seems to be to delete and re-create the account, but I only wish to do that as a last resort. Here’s the scenario:

A few months back, our Domino administrator retired an old OU certifier and applied a new OU certifier to those accounts. However, one of the accounts changed the person doc to reflect the change, but not the user’s ID. We believe that this is because the user had not been installed yet at the time of the OU migration, so when the change was pushed out, this user’s person doc changed certs, but the ID did not.

Is there any way to force Domino to apply the new OU? This is causing some issues for our user, but I am not sure how I can fix it, because I have tried everything I can think of.

Thanks for any advice you may have.

brandt

2

Subject: Is it possible to move an ID to a certifier where the person document already believes that the move has happened?

Recertify the user ID with the new OU certifier.

3

Subject: RE: Is it possible to move an ID to a certifier where the person document already believes that the move has happened?

We tried that–administrator would not accept it–it would only allow us to create a cross certificate.

Any other suggestions?

brandt

4

Subject: SOLUTION! was Is it possible to move an ID to a certifier where the person document already believes that the move has happened?

I pulled a rabbit out of my hat from my 4.6 days. Here’s how you do it:

To apply the new certifier to the ID with the old certifier, do the following.

  1. Note the spelling of the fully qualified user name in the backup .id file. (this should be the same as the alternate name in the person document in the UserName field)

  2. Switch to the user’s .id file.

  3. Open the user.id file by going to File-Security-User Security

  4. Enter the password.

  5. Click the Your Identity link in the left of the pop up window.

  6. When the Your Identity link expands, click the Your Certificates link.

  7. Click the Other Actions button on the right and select Mail, Copy Certificate (Public Key) from the dropdown list of choices.

  8. Click the Copy Certficate button in the new pop-up window. This will copy the public key to the clipboard.

  9. Click the Close button to close the Mail, Copy Certificate dialog.

  10. Click the Close button to close the User Security dialog.

  11. Switch to the administrator’s ID file and log into Lotus Notes.

  12. Open the person document for the user having the issue in the Domino Directory.

  13. Edit the person document, removing any references to the correct fully qualified user name in the person document. (all tabs)

  14. Click the Certificates tab, select the Notes Certified Public Key field and use ctrl-V to copy the certificate copied in step 8 into the field (note: be sure to clear the current certificate out first.)

  15. Save and Close the person document.

  16. Using Domino Administrator, issue the OU Certifier change to the user.

  17. Once AdminP processes the request, go into the Administration Requests database. Select the Name Move Requests view.

  18. Select the name to be processed and click the Complete Move for selected entries button.

  19. On the machine with the user.id, remove this line from the notes.ini file: ECLSetup=X (where X is an integer value)

  20. Have the user quit and restart their Notes client. When they log in, the user.id file should reflect the newly applied OU certifier.