Friday, October 1, 2010

An ID Vault and user rename gotcha


By Vladimir Tankhimovich

When I register new Domino users, I never know if they'll be using Notes, iNotes or IMAP client.

That's why I always create them as Notes users, with Notes IDs, so they can choose any option. This approach has its downside, because of the way Domino user rename is implemented.

When an administrator initiates a rename for a user that has an ID file, the Administration Process renames Person document and waits until the user logs in to the server with his ID file, which triggers the rest of the rename process -- ACL, mail db title/owner etc.

That means to rename a Web user (one that has an ID file but never uses it) I have to switch my Notes client to his backup ID file and hit the server to finish rename process.

I have been doing this for years until IBM created ID Vault and gave me hope. Below are quotes from IBM documentation stating that renames are done on IDs in the vault and happen without user involvement.

Here's what the ID vault interoperability FAQ says:

Renames are done on IDs in the vault and resynchronized to the user's local ID file. An administrator specifies a new name for a user and this user's Person Document is updated by the Administration Process with the new name information. The next time the user's ID file is resynchronized with the server, the new user name is transparently and automatically transferred to the user's local ID file.

And here's what Domino Administrator 8.5 Help says:

No user involvement during ID renames

Sounds very good, right? Now user renames become fully automated as long as their IDs are vaulted. Great!

Not so fast. The above statements are not true, according to my experience and IBM support investigation.

Nothing still happens until user hits the server with his ID file. For me it means yet an extra step: now I have to extract the ID from the vault first (I don't keep backup IDs anymore because I have the vault), then switch and log in.

I opened a PMR with IBM hoping they would change functionality to match documentation, but according to their engineer, they are, instead, going to fix documentation. Too bad.

