Also, on a similar note concenring Lotus "O" groups....


If you have several "O" groups to query, so how can you do it?

You have several "O" groups on the server. E.g.,

o=example
o=example2
o=example3
Solution:

Log into the UI, and go to System Administration > LDAP > Add LDAP Server Profile. Under the Base DN field, do not type anything. Keep this field blank so you can query all available "O" groups.

Hello,

Is there a way to ask if a username or email is a member of a particuliar group on domino ldap server ?

(When there have only CN in group "member" attribute)

We are running an agent which update each user's person doc with the 'MemberOf' information. The agent build a list of groups where user is member of and this field (in our case 'MemberOf') is added in a new subform which is then imported into "LDAP Aware" $PersonExtensibleSchema subform

More details how to extend LDAP schema from IBM site: http://www.ibm.com/developerworks/lotus/library/ls-Exploring_LDAP_features/
(see section 'Extending existing object classes', it's for Domino 5 but the LDAP hasn't really changed after since)

The following agent update the 'MemberOf' field in users' person doc. Please keep in mind this doesn't include possible Mail-In databases, if you want to get MemberOf info for Mail-In DBs you can create similar agent with 'Set view = thisdb.getview("Mail-In Databases")'.

Sub Initialize
	Dim session As New NotesSession
	Dim thisdb As NotesDatabase
	Dim db As notesdatabase
	Dim col As NotesDocumentCollection
	Dim view As NotesView
	Dim server As String
	
	Set thisdb = session.CurrentDatabase
	thisdb.DelayUpdates = True
		
	If session.IsOnServer Then
		server = ""
	Else
		server = thisdb.Server
	End If
	
	Print("Start updating MemberOf information")		
	Set view = thisdb.getview("People")
	Call ProcessComputeWithForm(thisdb, view)
	Print("Finished updating MemberOf information")
	
End Sub



Sub ProcessComputeWithForm(thisdb As notesdatabase, view As notesview)
	Dim origdoc As notesdocument
	
	Set origdoc = view.GetFirstDocument()
	Do While Not origdoc Is Nothing
		If origdoc.hasitem("MemberOf") Then
			prevmemberof = origdoc.MemberOf
			success = origdoc.ComputeWithForm( False, False )
			If Not ArrayEqual(prevmemberOf, origdoc.MemberOf) Then
				Call origdoc.Save( False, False)
			End If
		Else
			success = origdoc.ComputeWithForm( False, False )
			Call origdoc.Save( False, False)
		End If
		Set origdoc = view.GetNextDocument(origdoc)
	Loop	
End Sub

Function ArrayEqual(array1, array2) As Integer
	If Ubound(array1) <> Ubound(array2) Then
		ArrayEqual = False
		Exit Function
	Else
		For a=0 To Ubound(array1)
			If array1(a) <> array2(a) Then
				arrayequal = False
				Exit Function
			End If
		Next
	End If
	arrayequal = True
End Function

Is this information alos correct for 6.5.x?

I found Ironport LDAP group query for Lotus Domino in the Domino FAQ.

Can't test it, but perhaps anyone here could say that it is working?

The Domino FAQ states "Queries are only possible for valid email addresse e.g. name@domain.com ...", thus you would need to create new groups on your Domino server that contain their email addresses instead of their Notes names (CN=...).

I've set up a few of these groups as ACL groups (so they could not be used for mailing) to accomplish some group specific filters on the ESA, but maintaining the groups is a manual process.

I'd be curious into how effective/reliable the altering the DB schema to add "MemberOf" and running a scheduled script would work in a large organization.

:)

I'd be curious into how effective/reliable the altering the DB schema to add "MemberOf" and running a scheduled script would work in a large organization.