Local Access to Domino Directory

hcl-bot · May 27, 2003, 10:41am

Strange behaviour with client ND 6.0.1 CF 1:- Server Lotus Domino 5.0.11

Client Lotus Notes 6.0.1 CF 1
Access to the names.nsf with manager access (granted by group)
ACL is the same locally and on the server.
Enforced ACL is not activated.
names.nsf is replicated to a ND 6 server in an other domain
names.nsf design is R 5 on the server
names.nsf design is ND 6 on the client

Server grants manger access, if I open the address book on the server.

Neverless, locally I have only reader access!

It looks like enforced ACL is activated (Entry -Default- has reader access to the names.nsf).

Can somebody explain this to me?

Thanks in advance

Heinz

hcl-bot · May 27, 2003, 12:20pm

Subject: that is the way 6.x works now

If you have a replica copy locally the acl will be enforced (regardless of enforce ACL setting). Normally the group access works but I am not sure in your case since you have a R5 server and R5 NAB design.

Howard

hcl-bot · May 28, 2003, 2:09am

Subject: Local incarnation of Access Group?

do you have your ACL Manager Group added to your local directory (Groups are only searched in first NAB in path)?- as said before by Ernest, you can enable Enforce Consistent ACL as a remedy.

P.

hcl-bot · May 27, 2003, 11:16am

Subject: Local Access to Domino Directory

No, you have got manager access through a group, and that doesn’t work locally.

You’ll need to add yourself (as person) to the acl.

cheers,

Tom

hcl-bot · May 27, 2003, 12:12pm

Subject: Unless you enable Enforce Consistant ACL, then your group access will work locally.

hcl-bot · May 28, 2003, 4:43am

Subject: RE: Unless you enable Enforce Consistant ACL, then your group access will work locally.

It won’t work if you are not connected to the domain and don’t have a local group, or access to the domain directory (mobile dircat or something).

cheers,

Tom

hcl-bot · May 28, 2003, 12:40pm

Subject: Actually it will. When you make your Replica, your “Rights” are cached in the Db according to the server you replicated it from…

From the help…It should be noted that local replicas with “Enforce a consistent access control list” enabled attempt to honor the information in the ACL and determine who can do what accordingly. However, they have some limitations. One limitation is that group information is generated on the server, not at the local replica. When a database is replicated locally, information about the group membership of the person doing the replication is stored in the database for use in ACL checking. If a person/identity other than the one doing the replication accesses the local replica, there will be no group membership information available for that person, and the ACL can use only the person’s identity, not group membership, to check access.