问题
We are integrating our lotus notes applications with Active Directory for authentication and mailing.
Authentication works fine and once logged it return the name in the below format
CN=Arumugam, Barath/OU=Users/OU=Region - North America/DC=mhf/DC=mhc
However there is no attribute in active directory which matches the above format. The closest match is attribute called distinguishedName. It is in below format.
CN=Arumugam\, Barath,OU=Users,OU=Region - North America,DC=mhf,DC=mhc
Is there a way I can convert distinguishedName to domino names in SSJS or @formula. I am not sure how domino automatically converts to the first format after login. I hope there should be someway.
回答1:
Using Directory Assistance you can set up username mapping. See http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=%2Fcom.ibm.help.domino.admin85.doc%2FH_CONFIGURING_DIRECTORY_LOOKUPS_WHEN_DOMINO_HANDLES_AUTHENTICATION_AND_USERS_ARE_MANAGED_PRIMARILY_THROUGH_ACTIVE_DIRECTORY_STEPS.html
回答2:
I was able to add users and groups from AD to ACL, by replacing all commas "," in distinguishedName with "/". Of course, the name mapping option have to be set up correctly and Notes distinguished name should be mapped to the distinguishedName field in AD. In your case the notes name should looks like this:
CN=Arumugam Barath/OU=Users/OU=Region - North America/DC=mhf/DC=mhc
Domino converts the names in the AD field distinguishedName by itself. You don't need to add Notes names for AD users.
The only thing that did not work for me: if I put the user or group from AD in the Domino group, and then add the Domino group to ACL for a DB, the user from AD still does not have access to DB.
来源:https://stackoverflow.com/questions/21744182/convert-active-directory-distinguishedname-to-domino-name