Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Http task should Identify the user status active/blocked before proceed for password authentication
Currently http behavior are like this :
In case you blocked (added in deny group) the user in domino server and and HTTP task is configured to obey this setting, (in server document - ports internet ports web- Enforce server access settings: Yes) and if this user try to connect over the web and passed the credential then http task verify the credential first and then look for server access setting available in server security document and provide the error message "HTTP Web Server: You are forbidden to perform this operation"
In case blocked user try to connect over the web and passed the incorrect credential then http task wait till limitation of wrong password attempt texceeded and after that added user in inetlockout.nsf database and provide the error message "authentication failure using internet password: User is locked out"
Expected behavior :
When user access is globally disabled then http server should Identify the user status first whether its active or inactive then verify password and proceed the request further.
In short : http should act on incoming request as follows 1. verify the user status on server 2. verify the credential .