Some users, after being renamed (Rename... Change Common Name) are not updated in ID Vault

eeha0120 · September 22, 2021, 2:09am

Hi team.

Hope you're all doing fine.

We have several users that were renamed (Rename... Change Common Name).

Rename process. All days defined in "Honor old names for up to " have passed a while ago.

There are no pending tasks at all on Admin4.nsf

ACLs were properly updated, as well as Ownership of mail file.

Some of them were updated in ID Vault, having both, the original/initial name, and the new name.

Some of them did not update their entry in ID Vault.

I have checked all links an information mentioned here:

https://support.hcltechsw.com/csm?id=community_question&sys_id=80163ba31bf26894beab64e6ec4bcb5f

I also checked these sites and found no useful information:

https://www.ibm.com/support/pages/apar/LO55508

https://ds_infolib.hcltechsw.com/ldd/nd85forum.nsf/DateAllFlatweb/b0433ce610f7c82685257a30004b1854?OpenDocument

Some users are Web users only (Verse), that is, no Notes client.

Some others use Notes client.

We have both "group" of users in both situations: ID Vault properly updated, and not updated.

I checked certs and they seem to be ok.

Some of the web users were instructed to use Notes client; they configured it with their original ID file. In order to accomplish the client configuration, I had to add the original name (before renaming) to the mailbox ACLs. After this, Notes client configuration finished, and even after a few days, there were no update to the ID Vault entry.

I even tried Actions - Upload ID Files to ID Vault, having selected the current user (renamed) using his ID file, but it obviously warned "User name does not match ID file".

I tried querying the vault using qvault with the new name and it showed:

QVR: User deleted
QVR - User not found in the ID vault.

Which makes sense, as certainly there's no entry for the renamed user in the Vault.

Is there any procedure to push the missing renamed users to the Vault ?

Or any suggestion on what could I check further ?

Thank you very much in advance.

Sincerely,

Elvis.

anon-1171 · September 22, 2021, 7:10am

If a user is renamed, he needs to interact with his Notes ID as the server doesn't have the password. The Notes client is automatically updating the Notes ID, a Webmail user needs to open an encrypted or X.509 signed mail. Best is to enhance the rename process to send an encrypted mail to the renamed users (e.g. with subject "Important, you have been renamed, please read").

eeha0120 · September 22, 2021, 10:28am

Hi Heinz.

Thank you very much for your prompt response and suggestion.

That's indeed my understanding, that Notes client is automatically updating the Notes ID, and that's why users were instructed to install and use the client.

Anyway, I've just tried your suggestion and sent an Encrypted message to one of the renamed users and I'm waiting for his shift to begin and open it, from the Notes Client, as they currently don't have access via Web.

I'll post the results later.

Sincerely,

Elvis.

anon-1171 · September 22, 2021, 11:05am

Hi Elvis

at the second the Webmail user is accessing you should see that the ID Vault document is changed. The name change is valid for 21 days from my understanding, then Domino is reverting if no action is shown from the user. This is the reason that we send the users the encrypted Notes mail, if the do not acct we change their password after 2 weeks and login for them to force the update to happen. Doing so we have less troubles than having half completed renamed, changed ACL entries, wrong owner etc. pp.

eeha0120 · September 25, 2021, 12:47pm

Hi Heinz.

Thank you very much.

We performed all of the suggested steps, and none of them "worked" in the sense that ID Vault User Name ID was not updated.

In the ID Vault, the date shown next to user name got updated, but the entry in ID Vault kept with old name (the original name). It never got the new name.

Based on your last response, I would understand that Domino reverted back the change, shouldn't it ? But the issue is that Domino shows the user renamed everywhere but in the ID Vault (and of course, the Notes client with was just recently installed).

Show we try renaming the user back to the original name and then back to the new desired name, but performing your suggested steps in between ?

Any other suggestion ?

Sincerely,

Elvis.

anon-1171 · September 27, 2021, 8:01am

Hi Elvis

reading an encrypted document in iNotes will update the Notes ID in the vault. If not, something else may be wrong with the ID or the request is too old and revert back was already initiated. In this case I suggest to ectract the ID from the vault, open the ID and copy the public key. Then compare to the person document, if needed replace the public key and remove the new name from the list (on top) of the Fullname. Then clear the fields indicating the rename from the person document, delete corresponding adminp requests to the failed rename request. Once done submit a new rename request and let the user open the encrypted mail.

Fields to delete from the person doc:

AdminpOldCertificate
AdminpOldFirstName
AdminpOldFullName
AdminpOldInternetAddress
AdminpOldLastName
AdminpOldOwner
AdminpOldShortName
ChangeRequest
ChangeRequestDate
$AdminpOldWebName

best regards, Heinz