Environment
Novell Identity Manager Driver - Lotus Notes
Lotus Domino - Release 8.5.2
Lotus Domino - Release 8.5.2
Situation
After upgrade to Lotus Domino version 8.5.2, the driver fails to switch ID to the user specified on the driver credentials. The following error is seen on startup and also later in the trace:
Error prepping switchToID method: error ID = 4371. Message: Can't switch IDs on a server
The problem only occurs if the driver is running on the machine where Domino is running. If the connection is done from a machine with a Notes client, then the problem doesn't occur.
As a consequence of this error, operations are executed with the identity of the server instead of the provided credentials.
Error prepping switchToID method: error ID = 4371. Message: Can't switch IDs on a server
The problem only occurs if the driver is running on the machine where Domino is running. If the connection is done from a machine with a Notes client, then the problem doesn't occur.
As a consequence of this error, operations are executed with the identity of the server instead of the provided credentials.
Resolution
With the release of Notes 8.5.2, IBM fixed a problem that even when an agent was running on the server, the query to check if that was the case (function isOnServer) would return false. Starting from version 8.5.2 this function behaves properly and will return "true" when run on the server.
The authentication mechanism when the driver runs on the server is slightly different than the one used when connecting from a client. In previous versions of the driver, regardless of where the driver was running, it would behave as though it was connecting from a client. With 8.5.2 it's now possible to distinguish that the driver is running in the server and a different authentication mechanism is required.
This issue was addressed with the release of the Notes driver version 3.5.6 Patch 1. With this fix, the driver uses the appropriate authentication mechanism, depending on the value of the "isOnServer" value. Starting from this version, Notes 8.5.2 is fully supported. Please pay attention to the release notes on the driver for some advice on how to configure rights for the server when running with such a configuration.
The 4371 error should not prevent the driver from starting and should not affect any operation in the publisher channel. If there are problems on the publisher channel, they are most likely caused by some other problem.
The authentication mechanism when the driver runs on the server is slightly different than the one used when connecting from a client. In previous versions of the driver, regardless of where the driver was running, it would behave as though it was connecting from a client. With 8.5.2 it's now possible to distinguish that the driver is running in the server and a different authentication mechanism is required.
This issue was addressed with the release of the Notes driver version 3.5.6 Patch 1. With this fix, the driver uses the appropriate authentication mechanism, depending on the value of the "isOnServer" value. Starting from this version, Notes 8.5.2 is fully supported. Please pay attention to the release notes on the driver for some advice on how to configure rights for the server when running with such a configuration.
The 4371 error should not prevent the driver from starting and should not affect any operation in the publisher channel. If there are problems on the publisher channel, they are most likely caused by some other problem.