HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Needs Clarification
Workspace Domino
Categories Security
Created by Guest
Created on Aug 22, 2022

RELATED IDEAS

LDAP is not flushing old entries in its database and also auto populates mail address for Domino Groups

A Domino Group initially added an internet address, then it was removed from the document and now when doing ldapsearch, we noticed that address is still being populated in the mail= field. Another scenario was on a newly created test group where they only populated the group name and group type (e.g. testgroup) then when they do an ldapsearch on that group, they noticed that mail= shows an internet address (e.g. testgroup@domain.com).


I would like to forward this as a SECURITY and at least enhancement request. All organizations have a spam filter and uses LDAP as a means to register valid email that are allowed to have access to the outside ( in and out) .

In the group document. the email it is meant to have a intergroup and/or external/internal access.

THEREFOR the admin will get a false sense of security that these groups are not exposed to the internet since the email field is BLANK yet in LDAP, the email is automatically create.

So if you create and ALL STAFF group, span could be sent to this address and therefore to everyone.

THIS IS INSECURE and deceptive since it is not present or filled in the group document.

This also causes the use a user license since the work around is to create a user then include that user in a group.

  • Attach files
  • Guest
    Reply
    |     May 15, 2023

    Sorry about that. weird just got notification of new entry in this idea.

    Ticket number - CS0332428

  • Admin
    Thomas Hampel
    Reply
    |     Oct 16, 2022

    Can you please post or send me a mail with the ticket number? just use my firstname.lastname@pnp-hcl.com

    Thomas Hampel

  • Guest
    Reply
    |     Oct 14, 2022

    This is a serious security risk since the email is not present in the "group" document BUT when queried , is automatically created.

    When discovered, I asked our security team, stopped pulling LDAP groups from Domino for apparent reasons of spam

    BUT this also stopped all the other legitimate group emails addresses that we used for receiving emails from the outside.

    NOT good

  • Guest
    Reply
    |     Oct 14, 2022

    I did open a ticket, and they said that is engrained as part of Domino.

    They suggested that I create this idea.

    Apparently this has been there for a long time


  • Admin
    Thomas Hampel
    Reply
    |     Oct 14, 2022

    Please open a support ticket for this issue - this needs to be investigated.

Copyright © 2023 HCL Technologies Limited