NotesDriverShim: Using a Windows Mapped Driver to Create Lotus Notes user.id Files



By: pnuffer

May 6, 2008 12:50 pm

Reads: 443

Comments:0

Rating:0

Question:

Can the NotesDriverShim utilize a Windows ‘mapped drive’ to specify the location for creating a newly registered Notes user’s user.id file?

Answer:

Yes. The driver’s subscriber option parameter ID File Storage Location (cert-path) specifies the default location in which all newly created Notes user.id files will be created. This parameter can be overridden by the custom parameters user-id-file and user-id-path. You can search for these parameters in the online documentation for more information.

A successful configuration using mapped drives is generally determined by proper file access rights. If a mapped drive is not accessible to the NotesDriverShim, the Lotus Notes registration process will produce an error (Message = Error registering new user) when the NotesDriverShim attempts to register the new user, resulting in a failed user add command. Windows configurations with strict security policy may not allow mapped drives. When using a Windows version prior to Windows Server 2003, mapping drives for usage by a service such as the IDM Remote Loader or the IDM engine is fairly straight forward. And we recommend using file paths in UNC format, such as: \\servername\sharename\subdir.

However, Windows 2003 and beyond forbids a service to see any network drive mappings that were mapped by a logged in user. And an error such as “_A service should not directly access local or network resources through mapped drive letters._” may be seen. On Windows Server 2003, each logon session receives its own set of drive letters, A through Z. Therefore, redirected drives cannot be shared between processes that are running under different user accounts. Additionally, a service (or any process that is running in its own logon session) cannot access the drive letters that are established in a different logon session. However, drive letters that are mapped from a service that is running under the local System account are visible to all logon sessions. Thus, the only way around this problem is to write your own service to map the drive. Here are a couple links that could help you get started on configuring your own drive mapping service.

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q243/4/86.ASP&NoWebContent=1

http://forum.osnn.net/showthread.php?t=86544

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Identity Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment