Table of contents
Most Web applications have different types of users. You might have a technical Web site that has dealers, distributors, and content editors or a CRM Web application that has salespeople, department managers, and executives. Each user group sees a different menu, content, and has a different access level.
Notes developers have been using groups and roles for security (authors/readers field). We set up different groups, add users to members of the groups, and assign the groups specific roles. In addition to security, we also use them to show/hide certain functionality in our application.
Domino administrators would surely benefit from a system where users can register themselves, and once they are registered, they are automatically added to the proper groups. Moreover, the users can change their password and reset their password (if they forget their password).
The registration database store registration documents and has the following options available to users:
- New registration
- Change password
- Forgot password
Before users can access the Web site, they must complete a registration form as shown in the following example.
The form has basic contact and password information. The security question and answer are required for the Forgot Password feature.
You have several options after the registration is submitted depending on your needs. Here are the most common scenarios:
- Immediately add the user to a group in the address book.
- Notify the web application administrators to approve the registration. Once approved, the user is added to a group in the address book.
- Push the registration to a workflow system and route it to the appropriate people. The responsible people can select into which group the user needs to be placed.
In any case, you need a routine to add a user to a group. The following sample code can do that. It takes into account the 15K (around 1000 members) text list limitation (which may be increased in Lotus Notes 8) by creating subgroups under the main group. For example, if the main group is called Dealers, the subgroups are Dealers 1, Dealers 2, Dealers 3, and so on. The Dealers group will contain Dealers 1, Dealers 2, Dealers 3, and so on.
Sub AddUserToGroup( Byval fullname As String, Byval group As String, nab As NotesDatabase )
' Load up our static groups view
Dim groups As NotesView
Set groups = nab.GetView( "($VIMGroups)" )
Dim groupMainDoc As NotesDocument
Set groupMainDoc = groups.GetDocumentByKey( group )
Dim saveGroupMainDoc As Integer
saveGroupMainDoc = False
If groupMainDoc Is Nothing Then
Set groupMainDoc = New NotesDocument( nab )
groupMainDoc.Form = "Group"
groupMainDoc.ListName = group
groupMainDoc.Members = group & " 1"
groupMainDoc.GroupType = "0"
Call groupMainDoc.ComputeWithForm( False, False )
saveGroupMainDoc = True
Dim groupMainMembers As NotesItem
Set groupMainMembers = groupMainDoc.GetFirstItem( "Members" )
' Find last subgroup entry in the members list
Dim subGroup As String
subGroup = ""
Forall s In groupMainMembers.Values
If Left$( s, Len( group ) ) = group Then
subGroup = s
' Open the subgroup, and keep trying until we find one with room
Dim groupNum As Integer
groupNum = 0
' Which subgroup was the last one
If subGroup <> "" Then
groupNum = Val( Right( subGroup, Len( subGroup ) - Len( group ) - 1 ) )
groupNum = 1
subGroup = group & " 1"
Dim groupSubDoc As NotesDocument
Set groupSubDoc = groups.GetDocumentByKey( subGroup )
If groupSubDoc Is Nothing Then
' Create a new subgroup document
Set groupSubDoc = New NotesDocument( nab )
groupSubDoc.Form = "Group"
groupSubDoc.ListName = subGroup
groupSubDoc.GroupType = "0"
Call groupSubDoc.ComputeWithForm( False, False )
' Add it to the main group if needed
If Not groupMainMembers.Contains( subGroup ) Then
Call groupMainMembers.AppendToTextList( subGroup )
saveGroupMainDoc = True
' See if the subgroup still has room, if so, we've found our subgroup
Dim groupSubMembers As NotesItem
Set groupSubMembers = groupSubDoc.GetFirstItem( "Members" )
If groupSubMembers.ValueLength < 10000 Then
' If no room, try the next one
groupNum = groupNum + 1
subGroup = group & " " & groupNum
' Finally: add the user to the subgroup
Call groupSubMembers.AppendToTextList( fullname )
Call groupSubDoc.Save( False, True )
If saveGroupMainDoc Then
Call groupMainDoc.Save( False, True )
The following figure shows a sample Change Password form. In this example, we use the e-mail address that is specified to look up the user. If you enable the Change Password feature when the user is logged in, you do not need the e-mail address.
Since the password in the person document is encrypted, we cannot directly compare the old password with the password stored in the person document. However, you can use the @Password formula to encrypt the old password that is typed by the user and compare the value with the password (in the HTTPPassword field) that is stored in the person document.
This feature is usually placed on the login form. In the following figure, we use the e-mail address that is specified to make sure the user exists.
If the user is found, we take the user to the second page shown in the following figure.
The security question and answer ensure that the user is really the person who is associated with the account or e-mail address.
Consider using a separate address book, if you do not want the users of your Web application to be in the same address book as your company's address book.
- Use Directory Assistance to set up the extranet address book.
- Put the groups in the company's address book and the person documents in the extranet address book to ensure that the users can log in if you use single sign-on (SSO), LDAP or both. Note: This may not be necessary in the newer version of Domino (7 or later).