The default action of the Notes driver is that when we disable/inactivate users in eDirectory, the corresponding action in Lotus Notes adds the user to an explicit "deny access" group. However, when we try to logon as the "disabled" user into Lotus Notes, the logon is successful. The user can even access his/her Inbox. How can we fix this so the expired user, when logged in to Lotus Notes, will not longer have access to the Lotus Notes System?
This sounds like a Domino server configuration issue. To resolve this problem,
1. Check the Not Access Server: field of the Current Server Document.
2. Using Domino Administrator, click the Configuration Tab.
3. Highlight Server > Current Server Document.
4. Click the Security view tab of the Current Server Document.
5. Scroll down to the Server Access section and validate the your deny access group is contained within the 'Not access server:' field.
6. If the group name being used to deny access is not present, edit this "Not access server" field and insert the group name.
This should disallow access for members of this group that use the Notes Client.
If you also want to disallow access for these members via the web,
1. Using Domino Administrator click the Configuration Tab.
2. Highlight Server > Current Server Document.
3. Click the Ports view tab of the Current Server Document.
4. Click the sub-tab Internet Ports and its sub-tab of Web.
5. Set the 'Enforce server access settings:' field to 'Yes'.
6. Save any changes you made and restart the Domino server.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.