RE: Logic behind "Honor old names for up to <21> days" Bruce Stapley 12.Dec.05 06:46 PM Lotus Notes Domino Administrator 6.0.1All Platforms
I only hope that as part of the renaming process a mail goes to the particular user that the entire process of renaming would come into effect with those 'n' number of days.
1) To the extent that I can understand the two questions I see embedded in that statement, the answers are Yes.
2) Name changes are not instantaneous in Domino (as they are in Windoze) because Domino, unlike Windoze, doesn't use SIDs. In the M$ world, every ACL entry contains only the SID for the entry you add, not the "display name," so changing a username or group name consists solely of editing the "display name" for that user or group in the single place it lives: in the account stored in the SAM or AD. As soon as that change replicates to all Domain Controllers, it's done. However, in the Domino world, there are no SIDs. The contents of an entry in an ACL or a server document security field or an ECL or anywhere else a username shows up are the actual characters it takes to spell out the username, not a SID. Therefore, username changes involve finding every instance of that username, everywhere it exists, and changing it explicitly. Since the name might be in many fields/ACLs/etc in many dbs on many servers, it cannot be done instantaneously, so it's done instead via the admin process.
3) The n-day period refers to how long the user's ID file will contain the old name, so that the user can continue to authenticate against not-yet-updated server document security fields, ACLs, Readers/Authors fields, etc with the old name until those instances of the old name are updated.
4) As Marilyn explained, the reason is to accommodate any delays by using a period which is much longer than should reasonably be necessary for a name change. This does not mean that the name change isn't "done" until the 21- or 14-day period (or up to as much as 60 days, actually) is over. Each part of the name change is "done" when it gets done. As soon as the person document contains the new name, the user can receive mail addressed to their new name (as well as their old names, forever). As soon as the Owner field in their mailfile's Calendar Profile is updated, outgoing mail will no longer be sent "by" New Name "on behalf of" Old Name, etc.
Return to top
. . . . . . RE: Logic behind "Honor old names f... (Bruce Stapley 12.Dec.05) 
Print this page
