Environment
Novell Identity Manager Driver - Lotus Notes
Lotus Domino - Release 8.5.2
Lotus Domino - Release 8.5.2
Situation
After upgrade to Lotus Domino version 8.5.2, the driver fails to register a user, when the driver is configured to run on the Domino Server. The following error is seen when attempting to certify the user:
registerNotesUser: Error registering User. ID = 4005. Message: Notes error: You are not a Registration Authority for the certifier. (user-last-name).
registerNotesUser: Error registering User. ID = 4005. Message: Notes error: You are not a Registration Authority for the certifier. (user-last-name).
Resolution
With the release of Notes 8.5.2, IBM fixed a problem that even when an
agent was running on the server, the query to check if that was the
case (function isOnServer) would return false. Starting from version
8.5.2 this function behaves properly and will return "true" when run on
the server.
This means that if the driver is running on the Domino server and the Lotus Notes version is 8.5.2 or higher, the certification process will be run using the server's ID and the server itself needs to be added to the list of Registration Authorities for the CA.
In previous versions of Notes, it was not possible to determine that the driver was running on the server and therefore the registration process was always done using the user's credentials specified in the driver configuration.
This statement comes from the IBM website: "When you make a request to the CA to register the user and run the agent in a
Notes client, the request is signed with the runner's ID. When the agent is
scheduled on the server and runs, the CA request is signed with the server's ID. This is why the server must also be listed as an RA for the
CA".
This means that if the driver is running on the Domino server and the Lotus Notes version is 8.5.2 or higher, the certification process will be run using the server's ID and the server itself needs to be added to the list of Registration Authorities for the CA.
In previous versions of Notes, it was not possible to determine that the driver was running on the server and therefore the registration process was always done using the user's credentials specified in the driver configuration.
Additional Information
For more information about this error on the IBM site:
https://www-304.ibm.com/support/docview.wss?uid=swg21206903
For more information on the change of behavior of the isOnServer function, read KB 7008296.
For more information on the change of behavior of the isOnServer function, read KB 7008296.