The IBM Lotus Domino team will host an Open Mic Question and Answer session regarding the “Lotus Domino ID Vault” on Thursday October 22nd 2009, 10 am eastern US time.
Dial-in information is available here: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21407232 Questions can be pre-submitted as response documents to this posting. We will also answer live questions on the call without pre-submission. You will need a touch tone phone to be able to ask a question.
a V7 or v8.0.x environment with Domino Roaming-User and Multi-User Client setup, and ID files on workstations, how upgrade this to 8.5 with ID vault.And can users still go to an other workstation with the old release after upgrade.
There’s really no set upgrade path beyond ensuring that you have configured an ID Vault and have assigned users to it via a policy.
Your vaulted users can use non-8.5 clients, but any ID operations performed on those clients will not be synchronized with the vault, nor will any ID operations performed on the users’ 8.5 clients be synchronized to the pre-8.5 client.
Subject: id download for x-days in policy setting document
Hello, there is the field “Allow ID download for … days” in the security-policy-settings-document under ID Vault. What is the point in time, when this duration starts? Is it when the ID is created?
We use a third party software to create notes accounts. A copy of the ID file is mailed to helpdesk staff as well as stored in a notes database on a server.
Question is will there be a way to copy the notes ID file directly into the ID Vault using some sort of API. I was told that there’s no registration class available to the developers to copy the ID into the vault. Currently the only way to to copy the ID into the vault is by applying a policy to an existing user which will force the upload of the ID into the vault and when registering a new user via 85.x admin client.
We would like to continue using our account creation utility but would like to avoid giving a copy of the ID file to helpdesk staff.
There is currently no API for what you describe. However, assigning the user to a policy that specifies the vault accomplishes the same end. I’m not clear what you mean when you say you don’t want the helpdesk staff to have a copy of the ID. They do not have to be made vault auditors.
Subject: ID Vault Instead of ID in Mail file for DWA
ID file in Mail file allows encryption and other functionality in DWA. Does ID Vault provide that same functionality? And is there a batch type process to import existing ID files into the Vault?
what was the functionallty to set IDs to inactive designed for? These Ids can not be used from the users, but a new ID with the same name (for a new user with the same name) can not be created until they exist inactive in the ID Vault.
Why is the inactive view not sortable on e.g. “creation date of id” or “expiration date of id” etc. to purge manually or with an agent IDs which should be deleted?
Yes! They are designed to work together. Note that there are some steps specific to the shared login case that you need to take if the user has lost the local ID file.
After I enabled the ID Vault I found that the Domino Domain Monitoring was logging everytime that the ID file was uploaded. It appears that the ID is uploaded several times through the day and caused about 7K entries to be added to the ddm.nsf file in one day. This caused the event correlation pool size errors on the domino server for the event task, and almost caused a server crash? Can you explain how often the ID files are updated in the ID vault and if there is any default settings in the monitoring that should be turned off?
There were several questions on the call regarding http pwd sync with id vault with Shared Login turned on. With this case, it seems to me that the logical answer is to enable SPNEGO so that the browser side of things is authenticated using windows credentials as well, just like shared login.
Subject: Best Practices involved in Deploying ID Vault based on Real Time Deployments
A lot of my customers who are on the verge of upgrading to Domino 8.5 are keen to know the best practices involved in Deploying ID Vault based on Real Time Deployments.
Ideally, we should cover the best practices on the following
Planning, setting up, configuring, and managing Domino ID Vault
We are running Domino 8.0.2 on our production servers, with a test server in the domain running 8.5. Is it possible to use ID vault in this environment?