Tab | Field | Value | Comment |
Basics | User name
(FullName) | Two-part Active Directory logon name |
- Specify the logon name shown in the user's Active Directory account user interface.
- Specify as the third or subsequent name in this field.
- Use exact case shown in Active Directory for the first name part. Use upper case for the second name part, regardless of case shown in Active Directory.
For example: bzechman@AD1.SUBNET2.RENOVATIONS.COM
- Can optionally add name to krbPrincipalName field too (see below).
- Used to link this Person record to the Active Directory Kerberos identity.
|
Basics | User name (FullName) | User's distinguished name in Active Directory |
- Required only if there is an IBM® WebSphere® SSO server authenticating users against Active Directory so that users' LTPA tokens contain their Active Directory names.
- Add this name after the other names that already exist in the field.
- Use the exact character case that is used in Active Directory.
- Use Notes forward slash (/) separators in the Active Directory name rather than LDAP comma (,) separators; for example:
uid=bzechman/ou=marketing/dc=renovations/dc=com
rather than
uid=bzechman,ou=marketing,dc=renovations,dc=com
- Used to map Active Directory distinguished names in SSO LTPA tokens to Notes distinguished names for determining user access to Domino resources.
|
Basics | Internet Password (HTTPPassword) | <password-hash> |
- If Domino uses directory assistance to connect to the Active Directory server, this user password must be different than the user password in Active Directory.
- Enables Domino to verify user passwords in the Domino Directory in situations when Windows single sign-on is not available.
|
Administration (Client Information section) | Active Directory (Kerberos) logon name
(krbPrincipalName) | Two-part Active Directory logon name |
- Optional for this field.
- Specify the logon name shown in the user's Active Directory account user interface.
- See the first row in this table for more information on this name.
- If specified in this field, add the following setting to the server NOTES.INI file to enable the value to be found in this field in Domino Directory or in any secondary directory accessed through directory assistance:
WIDE_SEARCH_FOR_KERBEROS_NAMES=1
- If specified in this field, create a full-text index for the Domino Directory to optimize searches of this field.
|
Administration (Client Information section) | LTPA user name | User's distinguished name in Active Directory |
- Required only if there is an IBM WebSphere SSO server authenticating users against Active Directory so that users' LTPA tokens contain their Active Directory names.
- Used to map Active Directory distinguished names in SSO LTPA tokens to Notes distinguished names for determining user access to Domino resources.
|