Solved an interesting problem this morning. In a new environment (rebuild/replacement of a V 7 awareness only system) that I built for clients our users were not able to log in to the ST Advanced Servers broadcast communities and chat rooms from their integrated Sametime client in Notes even though they were able to log-in through a browser and had full functionality. At the same time off-line messaging was not working either – but everything else was working just fine.
No matter of trace was giving me the reasons … until I had an epiphany during a thunderstorm this morning – the fact that one of our dogs is deathly afraid of thunder and will try to get INSIDE of you if in any way possible, actually prompted some thoughts that helped me find the issues in one go.
http://www-01.ibm.com/support/docview.wss?uid=swg21499716
I was pretty sure that something was keeping policies from being applied correctly, there had to be something with the way users were being identified. during the upgrade I had not paid enough attention to some of the changes I was testing – I forgot to add the [objectGUID] (using AD as the LDAP directory) to the search filters. Awareness will still work and Meetings as well … however the rest is going to be strange. I had also had some problems looking up users when adding them to the buddy list – that is when I had the epiphany that it was all related.
Here the changes to the Search Filters:
Search filter for resolving person names:
Original: (&(objectclass=user)(|(mail=%s*)(samAccountName=%s*)(cn=%s*)))
New: (&(objectclass=user)(|(mail=%s*)(objectguid=%s)(samAccountName=%s*)(cn=%s*)))
Search filter to use when resolving a user name to a distinguished name:
Original: (&(objectclass=user)(|(mail=%s)(cn=%s)(samAccountName=%s)))
New: (&(objectclass=user)(|(mail=%s)(objectguid=%s)(cn=%s)(samAccountName=%s)))
Search filter for resolving group names:
Original: (objectclass=group)
New: (&(objectclass=group)(|(objectguid=%s)(cn=%s*)))
Well, proves once again that it is all about BASICS, BASICS, BASICS ….
Filed under: Lotus Sametime Tagged: active directory ldap filter, ibm sametime, ldap
