Hello Friends,
let me this base question, we have more organization unit for example root certificate "organization" and more "oragnization/01" . Person has been certified by register with cert "organization/01", may i recertify this user with cert "organization" or i have to use original cert for "organization/01"?
Thanks for help and best regards,
JP
Hi Jan,
You can recertify the user with "organization/01" if you just want to extend the date of expiry.
However you want to move the OU of the user and want to bring it under your main "organization" then you can certify it with "organization" certifier.
So if you Organization is "Acme" and if your Organization Unit is "US/Acme" and if the user is certified with "US/Acme" then you can again certified it with same certifier ID of "US/Acme" if you just want extend the expiration date. Or if you want to bring it under "Acme" then you can certifiy it by "Acme".
In that case, user will change from "John Doe/US/Acme" to "John Doe/Acme".
Thank you.
Sandeep
Deer Sandeep,
thanks for help, i didn exactly asked. May i recertificaton user with cert by "Acme" in address book in view "Certificate Expiration"with use "Recertificate selected people?
Or i have to use tab in administrator "configuration"?
Is the first procedure correct?
Thanks for help and best regards,
JP
Hi Jan,
Good Day
Hope you are doing well.
To recertify user setup with "organization/01", You will have to use the Same Cert ID.
For example, If "New user01" is setup with "US/HCL" Organization unit (New User01/US/HCL), then to recertify the "New user01", you need to use same Organization unit (US/HCL). you can not use "/HCL" Organization ID.
To recertify user, you can proceed with the address book in view "Certificate Expiration" with use "Recertificate selected people.
Once done let the Adminp process execute the request.
Please refer the following HCL support link for procedure to recertify user accounts.
https://help.hcl-software.com/domino/14.0.0/admin/conf_recertifyingorrenaminguseridsbyorganization_t.html
https://help.hcl-software.com/domino/14.0.0/admin/conf_recertifyingauserid_t.html
However, in case if you want to change the user account from "(New User01/US/HCL)" to "New User01/HCL" then you can use the "Rename" option to process "Request Move to New Certifier to change the user's hierarchical name to user/organization.
https://help.hcl-software.com/domino/14.0.0/admin/conf_movingausernameinthenamehierarchy_t.html
I hope the above information will help in answering your concern.
If you find the above information helpful to achieve your requirement. please click to Helpful button.
Regards
Nishant
Hi, @Jan Pavelka .
You can use the option to Request Move to New Certifier to change the user's hierarchical name to user/organization. You can use this reference product documentation: https://help.hcl-software.com/domino/12.0.2/admin/conf_movingausernameinthenamehierarchy_t.html
This way, you can recertify the user using the 'organization' moving forward.
Regards,
Christian Sinfuego
Thank for help,
i used "rename people" and "Request Move to New Certifier" and supply certiifer - this certifier is old or new? What i have to selected? After this i see menu with required new certifiers.
Thanks,
JP
The capital problem is, that i see "older"users, that has name as "John Doe/US/Acme" but the certifier Issuer is only "Acme". I checked certlog.nsf and in the certlog I see the original certifier but later only the "root" certifier and I'm not sure if it's correct because the username is still the same.
In the certlog are:
username not valid before certifier not valid after
2009 John Doe/US/Acme OU=Doe/US O=Acme 2011
2011 John Doe/US/Acme O=Acme 2024
The user name is original "John Doe/US/Acme" but the cetifier is only "Acme". This is the contradiction. Now we are on verdion DD 11.01 and maybee it is was possible on older version 9?
Thanks and best.
JP
@Jan Pavelka
Can you show an ID properties of the sample user?
The information you provided:
2009 John Doe/US/Acme OU=Doe/US O=Acme 2011
2011 John Doe/US/Acme O=Acme 2024
Seems that the user was registered with an OU - OU=Doe/US
Dear Christian,
iam sorry. The whole problem came about when I checked certlog.nsf,
I can see that the username is and the user was certified with that name,
but in 2010 (Maybe Domino version 7or 9), the user was recertified with a root certificate.
The username is the same and is the same OU, but only the root certificate was used.
This is a mystery, how this is possible. I think that it is possible to use only and always
the original certificate.
2009 John Doe/US/Acme OU=Doe/US O=Acme 2011 defaul user name and certificate Issuer was "OU=Doe/US O=Acme" but in year 2011 is Issuer only "Acme"
2011 John Doe/US/Acme O=Acme 2024
2011 John Doe/US/Acme O=Acme 2024 Still same name and cet is only "Acme".
This is for me mysterious and i dont know how it is possible, because i think, that i have to use to recertify always deafult cert Issuer.
Thanks,
JP
Hi, @Jan Pavelka
If in the certlog it shows 2011 John Doe/US/Acme O=Acme 2024 then the issuer will be "ACME" the reason why I would like you to check the ID properties is that it will show the certifier of the person.
Dear Christian, i checked both ID and properties. Username is still same, but as you can the Issuer was chenged and this is mysterious.
Year 2009- Name of User John Doe/US/ACME
Issued To Issued By
John Doe/US/ACME /US/ACME
John Doe/US/ACME /US/ACME
/US/ACME /ACME
ACME /ACME
Year 2011- Name of User John Doe/US/ACME
Issued To Issued By
John Doe/US/ACME /ACME
John Doe/US/ACME /ACME
ACME /ACME
Many thanks for help,
JP
Hello @Jan Pavelka ,
You should use the same OU (organization/01) to recertify the user document from server names.nsf using the administrator client.
You should not use the organization ID to recertify the user registered using the OU (organization/01).
If you try to recertify the person document using the Organization ID, it should be failed as the certificate of certifier ID used to register user (OU) and the certificate ID (Organization) you're trying to recertify are different.
Thanks & Regards,
Chaitanya Y
Big thanks to everyone!
JP
