IBM Support

IMAP Client Users Cannot Authenticate With Domino When Using A Non Domino LDAP Server To Authenticate Users

Technote (troubleshooting)


Problem

On upgrading to Domino 9.0.1 Fix Pack 2 users who connect to Domino and are authenticated using Active Directory or Tivoli Directory Server an IMAP client such as Outlook can no longer connect to Domino.
The same users can however connect to Domino via a browser and are authenticated by Active Directory or Tivoli Directory Server ..

Cause

This has been identified as a product defect under SPR # RMAS9PFRHP

Diagnosing the problem

Customers have installed a hotfix for SPR # RMAS9PFRHP but users attempting to connect using an IMAP client cannot be authenticated.

Setting the following notes.ini parameters shows that the users are authenticated by the LDAP server when accessing Domino via a browser.

When the same parameters are in place and the user attempts to connect to Domino using an IMAP client they will show a search for the user as being unsuccessful in binding.

Debug_Namelookup=1

LDAPDEBUG=7

DEBUG_DIRECTORY_ASSISTANCE=63

In the Domino console.log file or when attempting to login to IMAP using Telnet when testing the user will receive the following error

LOGIN failure, cannot locate mail file or mail file not specified


Resolving the problem

The mailfile attribute is not being sent as part of the attributes to a remote LDAP server

If you are running a Domino server with a version under 9.0.1 FP4 a hotfix for SPR # RMAS9PFRHP is required to be installed on the Domino server and the following parameter must also be set on the notes.ini of the Domino server

LDAP_ALLOW_UNMAPPED_ATTRS=1

If running a Domino 9.0.1 FP4 or higher server, you will only need to set the parameter in your server's notes.ini file.

Document information

More support for: IBM Domino

Software version: 9.0.1.1, 9.0.1.2, 9.0.1.3

Operating system(s): Linux, Windows

Reference #: 1700969

Modified date: 30 April 2015