• How is a user validated?

    By Fred Janssen2 7 years ago

    What is the use case for this application?

    How does this application validate the user? Regular internet password?

    That would mean (if the user's internet password and Notes password are the synced) this application will be inaccessible for users who forgot their password.

    Fred

    • Re: How is a user validated?

      By Barbara Hegnauer 7 years ago

      Hi Fred

      You're right, that would not make much sense, especially when syncing the web password with a policy ;-)

      In the documentation, prerequisite section, I stated: 

       

              <ul style="list-style-type: none">
                  <li>
                      <p>
                          Make sure, that your users autenthicate against a directory which is NOT your Domino Directory</p>
                  </li>
              </ul>
              <p>
                  So you can configure your domino server that your web users authenticate against for example Active Directory.&nbsp;</p>
              <p>
                  A use case would be, that you&#39;re users once authenticate when they login to their windows client. Once authenticated, SSO is used, when they access a domino server using their browser.</p>
              <p>
                  Please search the web for the term &quot;configure single sign on for Lotus Domino&quot; to find out more about this.</p>
              <p>
                  Regards,</p>
              <p>
                  :-) Barbara</p>
              <p>
                  &nbsp;</p>
          </div>
      </div>
      

  • Try LDAP to authenticate your users

    By P Solano 7 years ago

    I implemented this before; we had Notes and HTTP synchronized so we used Windows credentials from Active Directory LDAP:

    Logic I used was something like this:

    1. Ask for Windows username and password

    2. Make a connection to LDAP with these credentials

    3. Once validated; we got the email address from LDAP

    4. We take email address and query it in Names.nsf for full Notes User Name

    5. Ask for new password

    6. Make password reset


    Regards,

    Pablo

    • Nice process...

      By Ray Bilyk 7 years ago

      I'd like to see that (especially steps 2-4) fleshed out a little more...

      • Steps 2-4

        By P Solano 7 years ago

        This is my agent; code is in LS... didn't know SSJS when I build my application Frown and uses an old fashion way of using a Profile Document to save data and then get data back.

        Note you can improve this by calling same agent via Ajax, agent.run or Agent.runWithDocumentContext. 

        I'm getting LDAP information from configuration documents; this is an example of one of them since I have a document for each country:

         

        Active Directory Info

         

        Domain: NA
        
        Country: United States
        
        IP Address: 172.26.32.23
        
        Port: 389
        
        Where Statement: WHERE objectCategory=&#39;CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=mydomain,DC=net&#39; AND sAMAccountName=
        
        &nbsp;
        

        Sub Initialize

         

        &nbsp;
        
        REM Error Handling
        
        On Error Goto errHandler
        
        &nbsp;
        
        REM Global Variables
        
        Dim session As New NotesSession&nbsp;
        
        Dim dbnames As NotesDatabase 
        
        Dim viewDomain As NotesView
        
        Dim docPerson As NotesDocument, doc As NotesDocument
        
        Dim docDomain As NotesDocument, docProfile As NotesDocument
        
        Dim ag As NotesAgent&nbsp;
        
        Dim strErrorMsg As String, ip As String, port As String, where As String
        
        Dim username As String, password As String, domain As String
        
        Dim db As NotesDatabase
        
        REM OLE Objects
        
        Dim objConnection As Variant&nbsp;
        
        Dim objCommand As Variant&nbsp;
        
        Dim objRecordSet As Variant  
        
        &nbsp;
        
        Set db = session.CurrentDatabase
        
        Set ag = session.CurrentAgent
        
        &nbsp;
        
        REM Get current document
        
        Set doc = db.GetDocumentByID(ag.ParameterDocID) 
        
        If doc Is Nothing Then Error 1000, &quot;Error getting request document&quot;
        
        &nbsp;
        
        REM Get Domain document 
        
        Set viewDomain = db.Getview(&quot;(lookupDomains)&quot;)
        
        Set docDomain = viewDomain.Getdocumentbykey(doc.Domain(0), true)
        
        &nbsp;
        
        domain   = docDomain.Domain(0)
        
        username = doc.UserName(0)
        
        password = doc.Password(0)
        
        ip    = docDomain.IPAddress(0)
        
        port    = docDomain.Port(0)
        
        where = docDomain.Where(0)
        
        &nbsp;
        
        REM Make a lookup to Active Directory  
        
        Const ADS_SCOPE_SUBTREE = 2
        
        Const ADS_SECURE_AUTHENTICATION = 1
        
        enhLogAction ||, |Search Active Directory|
        
        enhLogExtendedContent ||, ||, |Username: | + domain + &quot;\&quot; + userName
        
        enhLogExtendedContent ||, ||, ||
        
        &nbsp;
        
        Set objConnection = CreateObject(&quot;ADODB.Connection&quot;)
        
        Set objCommand = CreateObject(&quot;ADODB.Command&quot;) 
        
        objConnection.Provider = &quot;ADsDSOObject&quot;
        
        objConnection.Properties(&quot;User ID&quot;) = domain + &quot;\&quot; + username&nbsp;
        
        objConnection.Properties(&quot;Password&quot;) = password
        
        objConnection.Properties(&quot;ADSI Flag&quot;) = &nbsp;ADS_SECURE_AUTHENTICATION
        
        &nbsp;
        
        objConnection.Open &quot;Active Directory Provider&quot;
        
        Set objCommand.ActiveConnection = objConnection 
        
        objCommand.Properties(&quot;Page Size&quot;) = 10000 
        
        objCommand.Properties(&quot;Searchscope&quot;) = ADS_SCOPE_SUBTREE
        
        &nbsp;
        
        objCommand.CommandText = &quot;SELECT mail FROM &#39;LDAP://&quot; + ip + &quot;:&quot; + port+ &quot;&#39; &quot; + &nbsp;where + &quot;&#39;&quot; + userName +&quot;&#39;&quot;
        
        enhLogAction ||, &quot;Select Statement&quot;
        
        enhLogExtendedContent ||, ||, objCommand.CommandText
        
        enhLogExtendedContent ||, ||, || 
        
        &nbsp;
        
        Set objRecordSet = objCommand.Execute&nbsp;
        
        &nbsp;
        
        enhLogAction ||, |Getting Internet address for user | + userName
        
        &nbsp;
        
        If ( objRecordSet.RecordCount = 0 ) Then
        
        Error 1000, |No record found for user | + userName
        
        Else
        
        If objRecordSet.RecordCount &gt; 1 Then
        
        Error 1000, objRecordSet.RecordCount &nbsp;+ | records found for user | + userName
        
        Exit Sub
        
        Else
        
        enhLogExtendedContent ||, ||, &quot;Internet Address: &quot; + objRecordSet.Fields(&quot;mail&quot;).value
        
        End If 
        
        End If
        
        &nbsp;
        
        enhLogExtendedContent ||, ||, ||
        
        REM Getting Person Document
        
        enhLogAction ||, |Getting person document|
        
        Set dbnames = New NotesDatabase( session.CurrentDatabase.Server, &quot;names.nsf&quot;)
        
        Dim view As notesview
        
        Dim docs As NotesDocumentCollection
        
        Set view = dbnames.GetView(&quot;($Users)&quot;)
        
        Set DocPerson &nbsp;= view.GetDocumentByKey (Lcase(objRecordSet.Fields(&quot;mail&quot;).value),True) 
        
        If docPerson Is Nothing Then
        
        Error 1000, &quot;No person document found on Domino Address Book&quot;
        
        Else
        
        enhLogExtendedContent ||, ||, &quot;Notes User: &quot; + docPerson.FullName(0)
        
        End If 
        
        Call doc.ReplaceItemValue(&quot;NotesUser&quot;, docPerson.FullName(0))
        
        &nbsp;
        
        REM Assign New Password 
        
        Dim &nbsp;pw As String
        
        Dim i As Integer, j As Integer, x As Integer&nbsp;
        
        Dim nchar() As String&nbsp;
        
        &nbsp;
        
        For x = 0 To 127  &#39;ASCII-Code
        
        Select Case x&nbsp;
        
        Case 48 To 57&nbsp;
        
        ReDim Preserve nchar(i)&nbsp;
        
        nchar(i) = Chr$(x)
        
        i = i + 1&nbsp;
        
        Case 97 To 122&nbsp;
        
        ReDim Preserve nchar(i)&nbsp;
        
        nchar(i) = Chr$(x)&nbsp;
        
        i = i + 1&nbsp;
        
        End Select&nbsp;
        
        Next&nbsp;
        
        &nbsp;
        
        i = i - 1
        
        For j = 1 To 8  &#39;generate the password 
        
        pw = pw + nchar(Rnd(x) * i)
        
        Next
        
        &nbsp;
        
        Call doc.ReplaceItemValue(&quot;NewPassword&quot;, pw)
        
        REM End New Password&nbsp;
        
        &nbsp;
        
        REM Reset ID Vault
        
        Set docProfile = db.Getprofiledocument(&quot;Profile&quot;)
        
        Call Session.ResetUserPassword(docProfile.IdVaultServer(0), doc.NotesUser(0), doc.NewPassword(0))
        
        &nbsp;
        
        REM Mark request as Completed
        
        Call doc.ReplaceItemValue(&quot;Status&quot;, &quot;Succesful&quot;)
        
        &nbsp;
        
        REM Delete Password fields
        
        Call doc.ReplaceItemValue(&quot;Password&quot;, &quot;xxxxx&quot;)
        
        &#39;Call doc.ReplaceItemValue(&quot;NewPassword&quot;, &quot;xxxxx&quot;)
        
        &nbsp;
        
        Call doc.Save(True,False)
        
        &nbsp;
        
        REM Create Profile document to keep result
        
        Dim replyDoc As NotesDocument&nbsp;
        
        Set replyDoc = db.getProfileDocument(&quot;ResetProfile&quot;, ag.ParameterDocID)
        
        replyDoc.ReplaceItemValue &quot;Status&quot;, &quot;Succesful&quot;
        
        replyDoc.save True, True
        
        &nbsp;
        
        REM Disconnect from LDAP
        
        enhLogExtendedContent ||, ||, ||
        
        enhLogAction ||, |Disconnect from LDAP server|
        
        objRecordSet.close
        
        objConnection.close
        
        &nbsp;
        
        Exit Sub
        
        &nbsp;
        
        errHandler: 
        
        strErrorMsg = &quot;Error &quot; &amp; Cstr(Err()) + &quot; - &quot; &amp; Error$ + &quot; - Line: &quot; &amp; Cstr(Erl())
        
        If Not (doc Is Nothing) Then
        
        Call doc.ReplaceItemValue(&quot;Status&quot;, &quot;Failure&quot;)
        
        Call doc.ReplaceItemValue(&quot;AgentMsg&quot;, strErrorMsg)
        
        &nbsp;
        
        REM Delete Password fields
        
        Call doc.ReplaceItemValue(&quot;Password&quot;, &quot;xxxxx&quot;)
        
        Call doc.ReplaceItemValue(&quot;NewPassword&quot;, &quot;xxxxx&quot;)
        
        Call doc.ReplaceItemValue(&quot;ConfirmPassword&quot;, &quot;xxxxx&quot;)
        
        Call doc.Save(True, False)
        
        &nbsp;
        
        Set replyDoc = db.getProfileDocument(&quot;ResetProfile&quot;, ag.ParameterDocID)
        
        replyDoc.ReplaceItemValue &quot;Status&quot;, &quot;Failure&quot;
        
        If Err() = 213 Then
        
        replyDoc.ReplaceItemValue &quot;AgentMsg&quot;, &quot;Please make sure you entered the correct country, Windows username and password.&quot;
        
        Else
        
        replyDoc.ReplaceItemValue &quot;AgentMsg&quot;, strErrorMsg
        
        End If 
        
        &nbsp;
        
        replyDoc.save True, True
        
        &nbsp;
        
        End If 
        
        enhLogException ||, ||
        
        If objConnection.State = 1 Then objConnection.close
        
        Exit Sub 
        
        &nbsp;
        
        End Sub