#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

LDAP is not flushing old entries in its database and also auto populates mail address for Domino Groups

A Domino Group initially added an internet address, then it was removed from the document and now when doing ldapsearch, we noticed that address is still being populated in the mail= field. Another scenario was on a newly created test group where they only populated the group name and group type (e.g. testgroup) then when they do an ldapsearch on that group, they noticed that mail= shows an internet address (e.g. testgroup@domain.com).

I would like to forward this as a SECURITY and at least enhancement request. All organizations have a spam filter and uses LDAP as a means to register valid email that are allowed to have access to the outside ( in and out) .

In the group document. the email it is meant to have a intergroup and/or external/internal access.

THEREFOR the admin will get a false sense of security that these groups are not exposed to the internet since the email field is BLANK yet in LDAP, the email is automatically create.

So if you create and ALL STAFF group, span could be sent to this address and therefore to everyone.

THIS IS INSECURE and deceptive since it is not present or filled in the group document.

This also causes the use a user license since the work around is to create a user then include that user in a group.

  • Guest
  • Aug 22 2022
  • Needs Review
  • Attach files
  • Admin
    Thomas Hampel commented
    16 Oct 10:24am
    Can you please post or send me a mail with the ticket number? just use my firstname.lastname@pnp-hcl.com

    Thomas Hampel
  • Guest commented
    14 Oct 01:49pm

    This is a serious security risk since the email is not present in the "group" document BUT when queried , is automatically created.

    When discovered, I asked our security team, stopped pulling LDAP groups from Domino for apparent reasons of spam

    BUT this also stopped all the other legitimate group emails addresses that we used for receiving emails from the outside.

    NOT good

  • Guest commented
    14 Oct 01:44pm

    I did open a ticket, and they said that is engrained as part of Domino.

    They suggested that I create this idea.

    Apparently this has been there for a long time

  • Admin
    Thomas Hampel commented
    14 Oct 01:40pm

    Please open a support ticket for this issue - this needs to be investigated.