APAR status
Closed as fixed if next.
Error description
Granting access to users not working with Nested Groups containing wild card STEPS to reproduce issue 1. Install 851 Domino server Register a user: Test User/EXT/ACME 2. In the Domino Directory Create 5 groups for example: Group " Access" Group " World" Group " Europe" Group " Germany" Group " External" And nest the groups World is member os Access Europe is member os World Germany is member os Europe External is member os Germany and include in "External Group" the member as an organizational unit */EXT/ACME 3. In the server document> Security> Server Access> Access Server: Enter in here the name of your Notes Administrator Your Test servers name and the Group earlier created named "Access" 4. Set up a Directory Assistance on the server. 5. Create a secondary Domino directory = On this "SecondNames.nsf" create a Group = "Test" and include as a member the name of the Test User/EXT/ACME On this "SecondNames.nsf" create a Simple agent to clear the value from the field "ListName" and run the agent selecting the group "Test" to clear the group name. 6. On the Directory Assistance database create a Directory Assistance Document for the "SecondNames.nsf" Domino Directory with the following settings: Domain Type = Notes Domain Name = Company Company Name= Company Made this domain available to= Checkmark on Notes Clients & Internet Authentication/Authorization CheckMark on LDAP Clients Groups Authorisation=YES Use exclusively for group authorization or Credential Authentication=NO Enabled=YES Paste in the Replicas the replica of the "SecondNames.nsf" 7. Run the command show xdir to make sure that the DA is listing the "SecondNames.nsf" 8. Switch id to select the user.id for the Test User/EXT/ACME In the server console you can see the error message ATTEMPT TO ACCESS SERVER by user Test User/EXT/ACME was denied
Local fix
1. Moving the Acess to with the wildcard */EXT/ACME from the 5 level group "External" to the first level group "ACCESS" in the Domino Directory 2. Changing in the Document for the SecondDirectory in the Directory Assistace the vaule Groups Authoritaion= from YES to NO
Problem summary
This APAR is closed as FIN. We have deferred the fix to a future release.
Problem conclusion
Temporary fix
Comments
This APAR is associated with SPR# BBSZ8HLD38. This APAR is closed as FIN. We have deferred the fix to a future release.
APAR Information
APAR number
LO61388
Reported component name
DOMINO SERVER
Reported component ID
5724E6200
Reported release
851
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-06-07
Closed date
2011-06-17
Last modified date
2011-07-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R851 PSN
UP
[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
07 July 2011