TROUBLESHOOTING


Internet user name-and-password authentication using a condensed Directory Catalog fails
If you're having difficulty setting up a server to use a condensed Directory Catalog to look up names and passwords to authenticate Internet users, take these steps to troubleshoot the problem.

Note These steps do not apply to authentication using an Extended Directory Catalog.

1. Test that authentication using directory assistance alone is working.

2. If you are trusting all the aggregated directories for authentication, make sure you've selected the option on the Basics tab of the Server document: "Trust the server based condensed directory catalog for authentication with internet protocols." 3. In the "Directories to include" field of the directory catalog Configuration document, specify a replica of each secondary Domino Directory that contains the users you want to authenticate. Do not include the name of an LDAP directory in the "Directories to include" field.

4. In the "Additional fields to include" field of the directory catalog Configuration document, do the following:

5. Run the Dircat task to build the directory catalog.

6. If the server on which you ran the Dircat task is not the server doing the authentication, make sure you've created a replica of the populated directory catalog on the server, added the directory catalog file name to either the Directory Profile or the Basics tab of the Server document, and then restarted the server.

7. If you use name-and-password authentication, and you choose the server authentication option "Fewer name variations with higher security," make sure users provide either their hierarchical names or common names for authentication rather than first names, last names, or short names only.

8. If you include groups of users in database ACLs on the server, store those groups in the server's primary Domino Directory and/or in one directory configured in the directory assistance database that is enabled for group authorization.

Related topics