Serdar Basegmez 15.Apr.11 03:06 AM a Web browser Administration 8.5.1 (Lotus Domino) Linux
There is an authorization problem with documents and group authorization.
We are running a Quickr place for Turkish LUG. All members are grouped under LUGMembers group in a secondary directory, connected with Directory assistance. Quickr is configured to use LDAP. LUGMembers group is author in the place.
The place is open to anonymous access. When we assign LUGMembers as a reader to a folder, it's fine. The folder cannot be accessed by anonymous users and all members can see it. However if we assign LUGMembers as a reader to a content (page, document, etc.), noone can see the content except the creator or superusers.
I inspected reader fields in those documents inside 'main.nsf' of the place. I noticed the difference. When we limit access to a folder, reader field of the document (in System\Folders view) has the following value:
Field Name: h_Readers
Data Type: Text List
Field Flags: SUMMARY READ-ACCESS NAMES
As you see, contents are using 'CN=GroupName' ldap notation. However, this is not complete and missing organization part so probably domino server completes it with its own organization. So groups cannot be authorized with this missing LDAP notation.
Anybody has an idea about it? Is it by design, or buggy?