Hi,In my intranet application, various applications involved, for example when I click on accounts, it should prompt for user name and password, for this we have created one generic user. Once after entering in to accounts section again there are various categories, like training on accounts. when I click on this training on accounts link it should again prompt for user name and pwd, and there are approximately 35 users are there, here user should pass his id and password.Here the user need to pass his username and pwd, and i tried with creating a group and its not working despite individual entries are working.
I could be wrong here, but I think the focus is switching in the wrong direction.
First off, you can have hundreds of individual entries in an ACL, much more then 45 (see here: IBM Lotus Notes/Domino Limits). But you will not want to. This would be a nightmare to administer.
The better way to do it (and I think that is what your original question was about) is to create a group (either Multi-purpose or ACL only) in your Domino Directory, add the hierarchical names of your users to this group and finally add this group to the ACL of your application (Type: Person group). This will grant access to this application to all members of your group.
Now, the fun starts, if this does not work. Usually, access rights should be effective very, very shortly after adding a member to the group. Things get a little trickier, if you use more than one Directory. In this case, you have to set up Directory Assistance on the server AND pay attention to the fact, that group membership resolution can only be enabled for one more Domino Directory, apart from the primary directory. If you need to enable group membership resolution for more than one additional Domino Directory, you can set up a Directory Catalog, combining the data from those Directories and enable group membership resolution for this Directory Catalog.
Hi,Thank you so much for you kind information, but still there is some ambiguity, how we can prompt for user to enter user name and pwd if that users are in a group.
If an anonymous user or the currently authenticated user has no access to this database, he will be prompted for user name and password automatically.
Simple ACL example:
-Default-: No Access
Anonymous: No Access
YourGroupName: Author
LocalDominAdmins: Manager
YourServer: Manager
Whenever a user tries to access this database and he is either “anonymous” (not authenticated yet) or authenticated, but not member of either YourGroupName or LocalDomainAdmins, he will be prompted for user name and password.
If you want to provide a link, that forces authentication immediately, just append “&login” to any valid Domino URL. If you use single server session based authentication (which is a forms based authentication using Domino’s DomAuthSessId cookie), user authentication is valid for all resources on that server. From this point on, the user will have access to all databases, that grant him appropriate access, either through group membership or through his user name being explicitly added to the ACL.