5.11 User.id Password Set

The Notes driver shim provides password-set capabilities through the modify-password command. When issuing the command on the Subscriber channel, the Notes driver shim uses a shared native library to access the appropriate Lotus Notes APIs that allow for changing a password within a user.id file.

The shared native library that comes with the driver is named notesdrvjni. On the Windows platform, notesdrvjni.dll is placed in the Identity Manager binaries folder (c:\novell\nds) where the NotesDriverShim.jar can find it when the driver launches. On Linux, the notesdrvjni.so file is linked to the Notes/Domino execution directory.

If the Notes driver shim initializes with the notesdrvjni shared library present, text similar to the following should show in a level 3 (or above) trace:

"NotesDriverShimLotusCAPIAccess: notesdrvjni (notesdrvjni.dll) successfully loaded."

If this text does not appear, or if you see a different message, the feature is automatically disabled within the Notes driver shim.

Upon receiving the modify-password command, the Notes driver shim attempts to modify the Notes user.id file passwords if the modify-password command has the following elements:

  • An old-password

  • A password element

  • A user-id-file="c:\Lotus\Notes\ids\people\JohnDoe.id" XML attribute as a custom parameter

This custom parameter is the same as the parameter that is used for add commands, but in this case the specified filename is never used in conjunction with the user-id-path parameter because it is with an add command. If a full path is not specified, the NotesDriverShim directs the user.id file search to the default directory that the driver is using (the Notes/Domino data folder).

This user-id-file parameter can also be used to specify multiple ID files by separating the ID filenames with semicolons (";"). (such as user-id file="ids\people\JohnDoe.id;ids\people\johnnydoe.id;c:\Temp\jd.id".

ID files that require multiple passwords cannot be set by using this feature. However, it is possible to use this feature to change the password for a user.id file, a server.id file, or a cert.id file. Below is a general example of an XDS command setting a password for JohnDoe.id:

<input> 
   <modify-password 
      class-name="Person" 
      event-id="pwd-subscribe" 
      src-dn="\PWDSYNCTREE\sync\dom\unit\JohnDoe" 
      src-entry-id="35952" 
      user-id-file="c:\Lotus\Notes\ids\people\JohnDoe.id">
      <association>D9628831A988381AC12570F9005BE6B3</association> 
      <old-password>zyxwvut321</old-password> 
      <password>abcdefg123</password> 
    </modify-password> 
</input>

The NotesDriverShim must have appropriate read and write file system access to the specified user.id file. When a correct user-id-file="user.id" XML attribute and valid <old-password> and <password> elements are available to the modify-password command, this command then modifies an existing user.id file password, as well as the HTTPPassword within the Notes Address Book (NAB).

You can control whether the NotesDriverShim modifies the user.id password or the HTTPPassword by using the following driver parameters that you set within subscriber-options section of the driver configuration:

allow-http-password-set allow-userid-password-set

These subscriber-options parameters are Boolean and can be set to True or False, depending on the desired default behavior of the NotesDriverShim. They can also be used as override parameters when you set them as attributes to the <modify-password> element.

If you only want to modify the HTTPPassword, omit the user-id-file attribute from the XDS command, or apply the allow-userid-password-set="false" attribute. If you only want to modify the user.id password, then apply the allow-http-password-set="false" attribute.