Problems authenticating user with a "@" in username if in a secondary addressbook

Domino/Notes Version: 1.4.5FP1
Add-on Product (if appropriate, e.g. Verse / Traveler / Nomad / Domino REST API):
Its Version:
Operating System: Linux
Client (Notes, Nomad Web, Nomad Mobile, Android/iOS, browser version): browser any version

Problem/Query:

Hi,

we are experiencing a strange behaviour in the web authentication process.

We have some web persons that use their email address as username (LastName and FullName field in Person document).

If we keep them in a secondary addressbook with a DA and in a group in the main addressbook, using that group in the ACL of a database the user cannot authenticate.

The problem seems to be the at (“@”) char in the username field.

Id est:

let pocop@co be a user in the secondary addressbook and in a group (GROUP_A) in the main AB with User name:

pocop@co

cannot authenticate in a DB where GROUP_A has editor access

while if we change the User name with:

pocopoco
pocop@co

it authenticates with both the name versions.

On the contrary, the authentication is successfull if the person with only pocop@co in the username field:

• is in the ACL as a person
• OR is in the principal addressbook and in the GROUP_A

any suggestion will be very appreciated

tommaso

Hi Tommaso,

This behavior is caused by the fact that Domino treats a username containing only an “@” (for example: pocop@co) as an InternetAddress rather than a real name that can be used for group resolution. When the Person document is in a secondary NAB through Directory Assistance, the user can authenticate, but Domino cannot match that address to any groups, so ACL access fails.

To fix this, add a non-email alias to the Person document, such as a ShortName (pocopoco) or an additional FullName entry. After adding this alias, Domino will authenticate with pocop@co and correctly resolve the user’s group membership.