Did I pull a Buchan or a Mooney?
Chris Whisonant is out of town this week at a customer site, so I've been fielding support matters for the Bleedyellow.com environment. So I've been getting a lot of "why can't I login" messages over the past few days.
"Hrmmm," I thought, "why did this happen in the last few days? What did we change?"
Ah, I changed the registration process so that we could make sure we were using properly salted passwords in the directory, so that the user auditors wouldn't be able to dictionary-attack the general user-population's passwords. (See, I *DO* know a thing or two about admin!) Did I only include the $SecurePassword="1", and leave everything else alone? Of course not. Silly me.
I said to myself, "Self, why are we writing a Shortname field to the Person document when they register? Nobody uses that for anything. Let me fix this registration process from 1998, and make it work a bit more like modern systems."
Ahh... the joys of sliding down the razor blade of life. Then again, how else would the yellow be bleeding?
I'm sure by now you know the punchline...
Connections DOES use the shortname! It doesn't use it for user logins, and it doesn't use it for the displayed user name, but it uses it during the authentication process. And as a result, anyone who registered over the weekend could get to Sametime, they could get to public resources on the Domino server (of which there are none at the moment,) and if the Wiki was live yet, they probably would have been able to get to THAT... but they couldn't get to Connections, which means they couldn't get to all the really cool stuff.
So, sorry about that. I'm not sure if this is a development blunder, since it's related to code, or an admin blunder, since it's related to code operating on the directory -- but no matter.
We shall simply call it a CELTIC blunder, in the grand ILUG tradition.
Thank you, Paddy and Highlander, for allowing me to point to other beacons of this community who have committed greater sins.
(Oh, and if you registered on Bleedyellow.com in the past 4 days, your account probably works just fine now. I fixed all the shortnames.)
Comments
Posted by Timothy Briley At 04:20:22 PM On 03/11/2008 |
Posted by Mika Heinonen At 08:28:37 PM On 03/11/2008 |
How "2nd fullname... is the email" I'm not really sure. Email address is generally considered the single known unique identifier for a person across the internet, since it's generally assumed that mail administrators don't permit name collisions.
Posted by Nathan T. Freeman At 10:26:58 PM On 03/11/2008 |
Sametime isn't misconfigured. You can login to Sametime with anything that's in the user name field. After putting my shortname into that field and waiting a few minutes (after ctrl-shift-f9 on domino directory, of course), I am able to login with my "shortname" (which is not in the shortname field any longer...) I remember this being an issue with Sametime going back a while, actually.
By the way, I could use my shortname for Connections prior to making the modifications to my person document to shift my shortname around.
Posted by Chris Whisonant At 12:04:07 AM On 03/12/2008 |
Posted by Alan Bell At 01:08:09 PM On 03/13/2008 |