Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Traveler 9.0.1.18 with new Security Mode for Mail-File Access

Daniel Nashed – 22 June 2017 08:07:40
Traveler 9.0.1.18 comes with a couple of minor fixes and a big change in the way Traveler Server access mail-databases.
In 9.0.1.15 IBM introduced a new check if the Traveler server is listed in Trusted Servers (Server Security Tab) to show a warning if not.

Now we know what IBM was preparing for. The server now acts as the user instead of the server. That's only possible if listed in Trusted Servers.

You still need the Traveler server to be listed in the ACL of the mail databases. Trusted Servers means that to server itself can make the session on a database look like it would be the user session.
But the remote server still needs access to the database.

I have done a quick test. Without the proper ACL an error is logged and also the user status reports an error.

The IBM Traveler server encountered an internal error validating your User ID CN=John Doe/O=Acme/CÞ.  Please contact your server administrator.
[CN=notes.acme.de/OU=Srv/O=Acme-Net, mail/johndoe.nsf] is not reachable, status(0x4ac) "Unexpected internal error".

The new method for accessing mailfiles solves a couple of limitations. See details from the documentation below.


-- Daniel

What's new?


Traveler Server Run as User


Starting with IBM Traveler 9.0.1.18, the run as user feature will now be enabled by default. When running as the user, the Traveler server will access the user's mail file as the user ID instead of the server ID. This feature resolves several long standing issues with accessing the user's mail file as the server ID, including:

  • Honor ACL controls on mail file and corporate lookup for the user.
  • Prevent event notices and automated responses from being sent from the server ID.
  • Prevent the server ID from being assigned as the owner of the mail profile when there is no owner defined.

Note:
For run as user feature to function properly, the Traveler server must be listed as a trusted server in the user's Mail Server document. To disable run as user, set this notes.ini parameter: NTS_USER_SESSION=false



APAR # Abstract
LO90096 Info update continues to be ghosted on mobile device after the event is processed.
LO91797 Empty comments displayed on iOS native Calendar application when event processed in iNotes.
LO91836 Invalid this and future reschedule generated by iOS native Calendar application.
LO91875 Ghosted event not displayed on mobile device.
LO91956 Maill attachment does not sync to mobile device when contains angle brackets < and >.
LO91997 IBM Traveler web administrator may show iOS Verse 9.4 device as not supporting security capabilities.
LO92010 Better handling of special character in mail header fields.
LO92080 Ignore a reply message with out a valid action defined.
LO92085 Hard delete processed notices vs soft delete to prevent from filling up trash folder.
LO92209 Second meeting room may be lost if event updated from mobile device.
LO92210 Unable to turn off iOS Verse application password via Domino policy document setting.
LO92257 Two instances of a previously processed event may show on mobile device if the daylight savings rules change for the time zone.
LO92303 SQL Syntax error adding index TSGUDTSTAMPCREATEIDXSQL9 on DB2.




Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]