Using Web admin to register users R6 XSP model - Fails - Critical

We have a problem to register user from the web admin

Problem Description

Our Mail servers are two clustered servers ISRVR01 and ISRVR02 which are accessed via the WES. (network dispatcher)

In our example our Hosted Organisation is called DGWS

When the DGWS Admin registers a user using Webadmin, accessing server ISRVR01 (which is the home server as specified in the policy document) and we also select to create replica on the cluster server ISRVR02 all works fine.

However if the WES directs DGWS Admin user to server ISRVR02 (which is not the home server) during Webadmin access and we try to the same as above, we get you are not authorized to perform that function.

Please see errors from both server logs below

From ISRVR01 log

02/20/2003 10:49:04 Certifying Test User3/dgws

02/20/2003 10:49:18 Agent message: -------------------------------

02/20/2003 10:49:18 Agent message: Domino Web Administrator Error:

02/20/2003 10:49:18 Agent message: (Please report the error below

02/20/2003 10:49:18 Agent message: to IBM Lotus software support)

02/20/2003 10:49:18 Agent message: -------------------------------

02/20/2003 10:49:18 Agent message: Notes error: You are not authorized to perform that operation (User3) in:

02/20/2003 10:49:18 Agent message: -->wqsRegisterUser$UserL3:cPostUserRegistration:REGISTERUSER (369)<–

02/20/2003 10:49:18 Agent message: wqsRegisterUser$UserL3:cPostUserRegistration:NEW (70)

From ISRVR02 log

02/20/2003 10:49:17 Database dgws/mail/TUser3.nsf created by ISRVR01/IntSrvr/DubaiGov

02/20/2003 10:49:29 The ACL in database dgws/mail/TUser3.nsf has been changed by ISRVR01/IntSrvr/DubaiGov.

02/20/2003 10:49:30 The ACL in database dgws/mail/TUser3.nsf has been changed by ISRVR01/IntSrvr/DubaiGov.

02/20/2003 10:49:31 Database dgws/mail/TUser3.nsf deleted by ISRVR01/IntSrvr/DubaiGov

Please Note: In R6.0 to see the server list, we needed to give access to the ‘server form’ in the xACL for HostedAdminGroup.

Also, although we have specified the Security Type as International in the policy registration document, it defaults back to North American, so we have to manually change this.

Subject: Question

Based on what you wrote, it seems to me that the user/admin logging into webadmin might not have the exact same admin privileges/access rights on both servers. For example, if he/she is listed as database administrator in the server document of server ISRVR01, he/she should have all the same privileges set on server ISRVR02, too. If part of a group, the group should have identical access, too.

Subject: RE: Question

Hi Thomas The hosted admin is in a hostedORGadminstrator group which have the correct access. This is configured on both servers. Same secuirty settings, groups. Both servers is in a cluster and used for failover.

This problem seems to be related to how the XACLs is working.

Is you have faced simular problem I would apprecieate any feed back

thank you Thomas

Subject: RE: Question

Are you trying to set quotas on mailfiles during registration? Try registering without a quota and let me know if this makes a difference.

thanks

Thomas - IBM

Subject: RE: Question

Hi, I’am facing this problem at client side and also in testing environment.

I tried to register the user without quota, as per your suggestion.

Still I am getting the same error message.

Thanks & Regards

Subject: RE: Question

Is the output on the mail server console the same as in the above case? Does it:1. Create the mail file

2. Modify the ACL

3. Delete the mail file

What mail template are you using? Can you try a different mail template and see if you get the same error?

Subject: Question - solved by a work around

Yes We have tried to do all the points you mentioned and still does not work

What we have done now is to add the localdomain servers into the XACl in the names.nsf which then allows us now to register the users on multiple server via the web admin.