We have a situation here where I work that involves Identity Management. We currently utilize Novell for our File/Print sharing as well as main network authentication. We are currently deploying a back end identity management solution to sync all directory based passwords, eDirectory, VPN/RAS, AS400, iNotes(HTTP). The one thing that can not be done easily is the Notes client password.
As I am sure a lot of you fight as well, we are trying to hold Exchange and Groupwise at bay in our organization and I’m very concerned that this “issue” could give these other systems a much desired foothold.
Has ANYONE done anything with Server TO Client based password sync for Lotus Notes? Any implementations of Notes ID identity management that you can offer would be greatly appreciated.
My wish is that Lotus would redesign Notes client authentication to allow for centralized management of the local user id file. Enabling ‘Password Recovery’ and ‘Client Single Logon’ has helped, but much of our time is still devoted to user password issues. Users don’t understand or care about why they have a user id file and really hate it when it fails. They expect a centralized password (AD) type of experience.
Today we use P-Synch from M-Tech to manage most of our ids. The product can manage the Notes client user id. They suggest several methods for performing this feat. However, we have had trouble using this integration because it depends on a standardized client environment to design a consistent method for managing the user id file. I have seen promise in using a hybrid solution that combines using some of their Id-Synch solution, but we have not been able to test or install this yet. This unique approach would place a small piece of code on the client that will push/pull the user id file (and password) to a central repository. Having the id file in a repository allows the user to manage password changes from a web interface, and ensures that the Notes password gets changed. It also would handle users that have multiple workstation installations.
Something you might want to check into is a solution from PistolStar called ‘Password Power’ which promises to “Manage all Facets of Notes & Domino Authentication through Active Directory” (replace the id file altogether!) I’m not sure how it handles certificates and encryption, but it sounds promising.
You might want to look at the Roaming Feature of the Lotus Notes. Wherein a roaming user logs on from a different Notes client, it automatically retrieves the user’s ID file, Personal Address Book, bookmarks, and journal from the roaming user server.
The Notes password is NOT directory-based. There is nowhere in the system where the user password, or even a hash of that password, is stored. The only entity that is “aware” of the Notes password (unless the user has Windows password synch turned on – and that is driven by changing the Notes password, not the Windows password) is the Notes ID file, and that “awareness” is based on the fact that the private parts of the ID file are encrypted with a key generated from the username and password – it’s the fact that the file is decrypted that causes the password to be “recognised”.