Configure Domino8.5.1 to use windows Active Directory single-point Login

Last Update:2013-12-28 Source: Internet

Author: User

Tags domain server

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Configure Domino8.5.1 to use windows Active Directory single-point Login

1. Before implementing the SPNEGO mechanism of domino 8.5.1, you must specify the following information:

· A Microsoft Windows Active Directory domain server (BYSFT-DC.BYSFT.LOCAL) that provides Kerberos Key Distribution Center Services and LDAP services.

· Domino 8.5.1 the server (BYSFT-MAIL01.BYSFT.LOCAL) runs on a Windows machine that is added to the domain of the Active Directory.

· Domino 8.5.1 server configuration (BYSFT-MAIL01.BYSFT.LOCAL) to "multi-server session" Single Sign-On authorization mechanism MSSO ).

· You need a Windows client (windowsXP or windows7) that is added to the Active Directory domain. The server runs a Domino-supported browser (IE6 ).

2. How the spnego mechanism works

650) this. width = 650; "title =" clip_image002 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21X9-0.jpg "height =" 330 "/>

3. Configure implementation 3.1 to create the AD user tester03 for web login on the Domain Server; and create the personal configuration document for tester03 on the domino server; For details, see create in the domain controller 3.1.1.

650) this. width = 650; "title =" clip_image004 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image004 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2GA-1.jpg "height =" 501 "/>

3.1.2 register the personal document test03 on the domino server and use the domino administrator)

650) this. width = 650; "title =" clip_image006 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image006 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21O6-2.jpg "height =" 276 "/>

650) this. width = 650; "title =" clip_image008 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image008 "src =" http://www.bkjia.com/uploads/allimg/131228/023K262O-3.jpg "height =" 462 "/>

650) this. width = 650; "title =" clip_image010 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image010 "src =" http://www.bkjia.com/uploads/allimg/131228/023K244O-4.jpg "height =" 446 "/>

650) this. width = 650; "title =" clip_image012 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image012 "src =" http://www.bkjia.com/uploads/allimg/131228/023K22562-5.jpg "height =" 425 "/>

Modify personal documents after successful registration

650) this. width = 650; "title =" clip_image014 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image014 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23K7-6.jpg "height =" 182 "/>

650) this. width = 650; "title =" clip_image016 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image016 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2M27-7.jpg "height =" 378 "/>

Leave the internet password empty

Add an internet-formatted address within the user name Domain: tester03@BYSFT.LOCAL (case sensitive)

650) this. width = 650; "title =" clip_image018 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image018 "src =" http://www.bkjia.com/uploads/allimg/131228/023K22220-8.jpg "height =" 201 "/>

3.2 use the setspn.exe tool in the domain to register http service management 3.2.1 create a domino management account SysAdmin on domain control) and add the user to the domain administrator group; 650) this. width = 650; "title =" clip_image020 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image020 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2HR-9.jpg "height =" 357 "/> 3.2.2 use the SysAdmin account on the domino server to start the lotus domino server Service

650) this. width = 650; "title =" clip_image022 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image022 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2MV-10.jpg "height =" 309 "/>

650) this. width = 650; "title =" clip_image023 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image023 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23U3-11.png "height =" 433 "/>

3.2.3 register an account associated with the HTTP service

Setstp-to HTTP/bysft-mail01.bysft.local SysAdmin

650) this. width = 650; "title =" clip_image025 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image025 "src =" http://www.bkjia.com/uploads/allimg/131228/023K21251-12.jpg "height =" 124 "/>

3.3 use the template da50.ntf on the domino server to create a directory auxiliary service database named myda. nsf

650) this. width = 650; "title =" clip_image026 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image026 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24L2-13.png "height =" 356 "/>

650) this. width = 650; "title =" clip_image028 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image028 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25W7-14.jpg "height =" 150 "/>

650) this. width = 650; "title =" clip_image030 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image030 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25216-15.jpg "height =" 314 "/>

650) this. width = 650; "title =" clip_image032 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image032 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24554-16.jpg "height =" 306 "/>

650) this. width = 650; "title =" clip_image034 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image034 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25350-17.jpg "height =" 394 "/>

3.4 create web sso configuration; allow webmail to perform single-point logon configuration through ad ldap users

650) this. width = 650; "title =" clip_image036 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image036 "src =" http://www.bkjia.com/uploads/allimg/131228/023K25K1-18.jpg "height =" 358 "/>

650) this. width = 650; "title =" clip_image038 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image038 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2G43-19.jpg "height =" 211 "/>

650) this. width = 650; "title =" clip_image040 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image040 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23159-20.jpg "height =" 314 "/>

3.5 configuration-server documents;

650) this. width = 650; "title =" clip_image042 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image042 "src =" http://www.bkjia.com/uploads/allimg/131228/023K23H3-21.jpg "height =" 582 "/>

650) this. width = 650; "title =" clip_image044 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image044 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24K8-22.jpg "height =" 417 "/>

3.6 configuration-message-configuration, notes parameter configuration; Objective To monitor SSO authentication activities through the console

650) this. width = 650; "title =" clip_image046 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image046 "src =" http://www.bkjia.com/uploads/allimg/131228/023K26104-23.jpg "height =" 212 "/>

4. perform a test through the client. 4.1 If the domain is not added or the Integrated Identity Verification is not started, the specific description is as follows;

650) this. width = 650; "title =" clip_image048 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image048 "src =" http://www.bkjia.com/uploads/allimg/131228/023K24150-24.jpg "height =" 306 "/>

650) this. width = 650; "title =" clip_image050 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image050 "src =" http://www.bkjia.com/uploads/allimg/131228/023K2G37-25.jpg "height =" 374 "/>

4.2 you can also use the Add domain. After configuring Integrated Identity Authentication in the IE option, when using the domain to log on, open the IE window to directly access the web mailbox;

650) this. width = 650; "title =" clip_image051 "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" clip_image051 "src =" http://www.bkjia.com/uploads/allimg/131228/023K26292-26.png "height =" 298 "/>

Reference:

Http://www-10.lotus.com/ldd/dominowiki.nsf/dx/How_to_configure_the_Windows_single_sign-on_ (SSO) _ for_Web_clients _ (SPNEGO) _ in_an_existing_Domino_environment _ (Tutorial)

Http://www.ibm.com/developerworks/cn/lotus/quickr-domino85-sso/index.html

Http://www-10.lotus.com/ldd/dominowiki.nsf/dx/How_to_configure_the_Windows_single_sign-on_ (SSO) _ for_Web_clients _ (SPNEGO) _ in_an_existing_Domino_environment _ (Tutorial)

Http://www.docin.com/p-220610687.html

This article from "Gao Wenlong" blog, please be sure to keep this source http://gaowenlong.blog.51cto.com/451336/1128793

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More