IMAP Client Users Cannot Authenticate With Domino When Using A Non Domino LDAP Server To Authenticate Users
On upgrading to Domino 9.0.1 Fix Pack 2 users who connect to Domino and are authenticated using Active Directory or Tivoli Directory Server an IMAP client such as Outlook can no longer connect to Domino.
The same users can however connect to Domino via a browser and are authenticated by Active Directory or Tivoli Directory Server ..
This has been identified as a product defect under SPR # RMAS9PFRHP
Diagnosing the problem
Customers have installed a hotfix for SPR # RMAS9PFRHP but users attempting to connect using an IMAP client cannot be authenticated.
Setting the following notes.ini parameters shows that the users are authenticated by the LDAP server when accessing Domino via a browser.
When the same parameters are in place and the user attempts to connect to Domino using an IMAP client they will show a search for the user as being unsuccessful in binding.
In the Domino console.log file or when attempting to login to IMAP using Telnet when testing the user will receive the following error
LOGIN failure, cannot locate mail file or mail file not specified
Resolving the problem
The mailfile attribute is not being sent as part of the attributes to a remote LDAP server
If you are running a Domino server with a version under 9.0.1 FP4 a hotfix for SPR # RMAS9PFRHP is required to be installed on the Domino server and the following parameter must also be set on the notes.ini of the Domino server
If running a Domino 9.0.1 FP4 or higher server, you will only need to set the parameter in your server's notes.ini file.