#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Active Directory integration using unique Distinguished Name but with Display Name as the name displayed for the user

We have an ISV solution built on XPages that allows authentication with Active Directory (via Directory Assistance) and also has custom name pickers for picking user names and groups from Active Directory. This works great.
Now we have a customer that has their Active Directory set up so that Common Name is a unique identifier for each user (using a 7 character format) where the actual (and more usable) user name is stored in the Display Name attribute of their Active Directory. With our current setup in Directory Assistance the user name when logged on is then the unique (but not user friendly) identifier based on the Distinguished Name which Common Name is part of. Also, picking names from their Active Directory using our custom name picker means that the names displayed are the same unique but not user friendly names.
Currently it is not possible in Domino to integrate with Active Directory so that the unique Distinguished Name (with the Common Name part) is used as the actual identifier of the user while the Display Name is used as the name displayed for the user.

This idea is a request to enhance the capabilities of Domino, Directory Assistance and integration with Active Directory to support the scenario above.
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Dec 12 2019
  • Shipped
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    27 Apr 07:38am

    Status is now "Shipped" but I do not understand how the above problem can be solved with Dir Sync.

    The specific problem is that Common Name is a unique identifier for each user (using a 7 character format such as 123BEJO) where the actual (and more usable) user name is stored in the Display Name attribute of their Active Directory.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    21 Feb 05:28pm

    You can activate DirSync to create the users automatically in Domino Directory. You can configure Domino to authenticate against AD by using cn. You should change your name pickers code to use the information in Domino Directory.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Jan 02:52pm

    How can your suggestion solve this specific idea? I have talked to HCL support (case number CS0070625) and they could not solve it and suggested that I created an idea for it

  • Admin
    Thomas Hampel commented
    8 Jan 02:48pm

    You dont have to sync passwords ( and in my opinion you should never sync them) -- you can still authenticate against AD but then do the name mapping based on the Domino Directory person document.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Jan 01:20pm

    Unfortunately not because the new Dir Sync feature in 11 does not sync AD passwords (not possible) and we want to integrate directly with AD

  • Admin
    Thomas Hampel commented
    8 Jan 01:16pm
    Cant you leverage the new DirSync function of V11 to resolve your problem?