E-Pro: Sys Admin Newsletter Feb 2005

Tags :

From the Editor
I know you are about tired of hearing all of the Lotusphere banter and hype all over the press. But, as luck would have it I will not fill your head with too much of it. Libby has done a fine job on the Lotus Informer of keeping you up to date and providing links to all the blogs. So peek in on my strange overview of the week's events.

From there I jump into some Sametime issues that are all too common across your installations and into a former customer's directory dilemma. When I refer to dilemma, he has over 40 directories he is trying to get a handle on. My last stop for this fast train ride of a newsletter is from another reader and Lotusphere attendee on DMZ security and a directory question all in one.

-- Chris Miller, e-ProWire: Lotus Sys Admin Tips editor

Chris's 0.124260 ZAR

As a frequent traveler, this annual trek to Lotusphere seems to scream to me: patience, relaxation, and wonderful weather. After nine years, I also figure that I would finally get that one (or all) of those things will not happen.

Patience: More like patients. Tons of them from stress, running from session to session. With the new 60-minute format, there was an excellent mix of sessions and topics for every person with any desire. But the rush to sneak in lunch around the lunchtime session, the breakfast around the 7 a.m. Birds of a Feather, and then a dinner or event around the evening training for certification leaves most of the newer attendees as patients. I saw red eyes, stuttering, and even a glazed look that Krispy Kremes would be proud of.

From the IdoNotes Mailbox: Disparate Directories, Domino, and LDAP

I'm wondering if in your travels you have had some experience synchronizing multiple disparate directories, and what products have you used to do that? I have a Domino LDAP with about 28,000 users. I have at least 40 non-Domino systems containing directories that I would like to pull back to my LDAP in some way. Referrals using Directory Assistance is not the answer. I'm thinking a metadirectory product may help. The 40 non-Domino systems are running varieties of Novell and Microsoft directories. Any thoughts?

Common Error: Unable to Connect to Sametime Due to Incorrect Logon

I know many of you who have deployed, or are in pilot process of deploying, Lotus Sametime (yes, as always, call it Lotus Instant Messaging if you desire) and have encountered the error in the title. So what are you to do when troubleshooting common Sametime errors?

The actual documentation doesn't have an error section, but technotes and the online forums often turn up surprising answers. We host and manage numerous Sametime infrastructures and see this issue quite often. We have even seen it in our internal infrastructure at times. The best resource is technote #1167149. It's short and to the point.

Pulling into Port of Sametime

This follows right behind the possible errors you can get when trying to log into Sametime. But what if you can't even get that far? What if the necessary ports may not be open in the firewall for your users? Knowing the basic Sametime ports is important for any Sametime administrator, especially those studying for the exam (or so I have heard from numerous sources).

If you plan on building an architecture with Sametime servers inside and outside of the firewall or just letting external users acess the server, the ports that need to be available is a long laundry list that looks like the U.S. national debt.

From the IdoNotes Mailbox: Non-registered Users on DMZ Web Servers

Hi Chris,
I attended your session today on LDAP [at Lotusphere] and found it very useful -- always enjoy your sessions -- you make the audience think!

Can you help me with a security question? We have a Domino server running http in the DMZ and need to start depositing data into a db residing on this server, mostly from non-registered users. What do other companies do to provide extranet access to clients and other external users in this scenario? Do you have to add Anonymous to the db ACL with the appropriate level of access?

Also, what alternatives are there to having the full Names.NSF on servers in the DMZ -- is this hackable? We use a server in the DMZ as a passthru server for users to get to their mail files from the Internet.