Valid characters for Domino fullname - xpages

Usually when adding a web user to the address book of my Domino server I create a Person document and set a unique fullname (field "FullName") in canonical format (for example "CN=John Smith 8/O=Organization"). However, in order to not have to worry about uniqueness and to easily derive a user's mail address directly from his/her fullname, I would like to generate a fullname based on the user's mail address. Here is an example:
Mail address: john_smith.001#my.web-users.com
Derived fullname: CN=john_smith.001/O=my.web-users.com
Unfortunately, I have not found a documentation on what charaters are valid / safe to be used in fullnames, but I would like to know
(A) if all characters that can be used in mail addresses (except for "#", "=" and "/") can also be used in fullnames and
(B) if there could be problems with document access in NotesDocuments whose authors and readers fields contain fullnames with "special" characters.

Notes canonical names follow the X400 standard (only difference is to use a slash instead of a semicolon to separate the parts - allowed in 3.2.1 of the spec). X400 uses RFC1685 for the format. The spec doesn't say anything about characters other than / = and #, so you can use ..
You should (the Notes specs says it somewhere) never use . in a Domain name for a Notes domain (spaces are also a bad idea).
I had the practice to name the common name of my servers after their DNS names: server1.acme.com/OU=ServersNorth/O=Acme - saved me the headache to create connection documents (but freezes Domain names).

Related

How to list all DNS records including DANE TLSA

I would like to list all/any DNS records including the DANE TLSA.
With
dig mailbox.org ANY
I get all records including DNSSEC etc. but nothing about DANE. Why?
With
dig _443._tcp.mailbox.org. ANY
I get the DANE TLSA records.
I've read the question where someone wants to query all subdomains
How can I list ALL DNS records?
and am aware that this is only possible with a zone transfer.
But '_443._tcp.' isn't a real subdomain, is it? I thought it is just an SRV record. So how can I query ANYthing including DANE TLSA?
The command dig mailbox.org ANY asks for all records for the name mailbox.org..
The command dig _443._tcp.mailbox.org. ANY asks for all records for the name _443._tcp.mailbox.org..
mailbox.org. is not the same name as _443._tcp.mailbox.org..
Asking for all the records for one of them will not show any records for the other one. If it helps, you can think of (fully qualified) names in DNS as primary keys in a database (because that is in practice exactly what they are). If you ask the database for data for the key FOO it will not give you any data for the key FOOBAR (unless it is very badly broken). Exactly the same thing is happening here. You ask for one thing, and you do not get answers for another, different, thing.
You'd find the answer in Section 3 of RFC 6698:
TLSA resource records are stored at a prefixed DNS domain name. The prefix is prepared in the following manner:
The decimal representation of the port number on which a TLS-based service is assumed to exist is prepended with an underscore character ("_") to become the left-most label in the prepared domain name. This number has no leading zeros.
The protocol name of the transport on which a TLS-based service is assumed to exist is prepended with an underscore character ("_") to become the second left-most label in the prepared domain name. The transport names defined for this protocol are "tcp", "udp", and "sctp".
The base domain name is appended to the result of step 2 to complete the prepared domain name. The base domain name is the fully qualified DNS domain name [RFC1035] of the TLS server, with the additional restriction that every label MUST meet the rules of [RFC0952]. The latter restriction means that, if the query is for an internationalized domain name, it MUST use the A-label form as defined in [RFC5890].
Basically since you can have different "TLS-Based service" (e.g., DTLS) on different ports and this data is not included in the TLSA record set, the naming convention is there to find the correct information for the desired protocol/port combination.

How to fetch the Document/Assignment manager name using # formula

I have a view in which I need to fetch the document manager name but not the hierarchical name. I need to fetch the last name and the first name. I have used the #Name function but I'm not sure how to use it. Any help will be appreciated.
Many people are under the impression that #Name([G];theName) will give the first name and #Name([S];theName) will give the last name -- because that's what the Lotus documentation says. That's actually true, but it only ever worked for hierarchical names that came in messages received via the old Lotus X.400 gateway, which could include G and S components (e.g., CN=first last/G=first/S=last/OU=ou1/O=org/C=US).
The best you can do with #Name for an ordinary Notes/Domino user is to use #Name([CN];theName), as suggested by #Mike Zens, and then if you need to separate first and last names you can use #Left and #Right. Unfortunately, there's no perfect way to do this because the CN could look like this: "Mary Ann Jones" where the first name might be "Mary" or it might be "Mary Ann". (And I've actually been confronted by a user with that name who was angry that a piece of software I was supporting made the assumption that "Ann" was her middle name!) Or you could run into a name like this: "Jose de la Madrid". There's just no possible algorithm that will always parse a name into the correct parts.
So if you really need to get first and last names separately, the best thing to do is use #NameLookup to retrieve the FirstName and LastName fields from the Domino Directory. Of course, that will only work if those fields are filled in, which isn't 100% guaranteed.
If you are looking for ways to just format the name, as mentioned already you can use the #Name formula:
#Name([CN]; DocumentManager);
If you are looking for specific information on that user, you can use the #NameLookup formula:
lastNameList := #NameLookup([ForceUpdate]; DocumentManager; "Lastname");
(where DocumentManager is the item that has your user's name, and "Lastname" is the value from the Person doc you are trying to retrieve);
This example returns "Mary Tsen" if the AUTHOR field in the document contains "CN=Mary Tsen/OU=Illustration/O=Acme":
#Name([CN]; AUTHOR)
Replace AUTHOR with the field name storing the document managers name.

Look for unique ID pattern which easy indexed by search engines

Like from Microsoft - "KB2756872" or from National Vulnerability
Database - "CVE-2010-1428" or from Red Hat - "RHSA-2010:0376" or
from OIDs - "1.3.6.1.4.1.311" or from UUID/GUID
- "550e8400-e29b-41d4-a716-446655440000".
I want to put several jobs to UIDs. See next...
I develop blog software and have idea to put unique ID in body of
each post so can easily identify that copy from local storage is
correspond to remote published copy.
Also I want to post to many different blogging services so if one
is down articles will be accessible from another. So link can
dead but if I add UID - anyone can try web-search to find post on
another service!
Also this allow to gather some article spreading
statistics. Many sites just replicate content (copy-writing and
rewriting bots and people) to broke search engines. With UID I
easily can identify such sites...
So my question how is to make UIDs (in which form) so it would be
easily indexed by search engines (web, like Google/Yahoo, and
corporate, like Lucene/Solr/Sphinx/Xapian/etc).
I know about some limitation of search engine like:
only >= 3 chars for each search part
it was not indexed dust like gfh6wytrh6wu56he5gahj763
so this task s not easy...
Any advice is appreciated (books/blog articles/etc).
You could use Tag URIs, as defined by RFC 4151.
They are globally unique, and everyone who owned a domain name or an email address for at least a day can mint them.
Note that these URIs only identify, they don’t locate. So a Tag URI doesn’t say anything about where something is published.
Let’s say your site’s domain is "example.com". If you create a blog post, you could create the following Tag URI:
tag:example.com,2012-12:cute-cat
Note that the date in this URI is not a publication date! It must be a (past) date on which you owned the domain (resp. email address). If you registered your domain in 2003, you could always use Tag URIs starting with tag:example.com,2004: (not "2003", because "2003" would mean "2003-01-01", which might be a time where you didn’t own the domain yet), followed by a (unique) string under your control. However, if you like you could always use the publication date, of course. But don’t use future dates.
You can use year and number based article identifier just like CVE identifiers. Since you need revisions as well, you can append dot after the identifier to clarify the version. For example, for an AWesome Blog Service, AWBS-2012-1.0 would refer to original document, AWBS-2012-1.1 would refer to first revision etc.
However, you need to make sure that AWBSs are unique before you use them. CVEs are assigned manually from the pool. You would probably need some kind of service that assigns AWBS from pool. It could be a simple database query.

NameLookup does not pull Phone number

I have 2 fields that looks for username, the gets the email address and phone number from user's person document.
Creator_Email: #NameLookup([NoUpdate]; #UserName; "OfficePhoneNumber")
Creator_Ext: #NameLookup([NoUpdate]; #UserName; "OfficePhoneNumber")
The problem is there is one user reported that the extension did not pull out. It came out blank
I have checked on the person document and the phone number is there
the email address pull out correctly, but when I tested changing the first letter of first and last name to lower case (ie. Test.User#domain.com to test.user#domain.com), the field that pulls the email address still show up with Upper case.
I have tried to take the user.id and test it on a different PC and the problem persists.
Any idea why this happens? I know there are 2 address books set up in the company and that is not ideal but I have checked the 2 address books and make sure all the needed information are there.
The #NameLookup formula does a look up to a hidden view on the database, and sometimes you run into a situation where the index for that view isn't up-to-date. You can go to the database and press CTRL+SHIFT+F9 to rebuild all the views, or you can try to use the FORCEUPDATE flag in your formula.
I think you'll find that the #NameLookup call is finding people who have created entries for themselves in their personal address books. If those entries are incomplete, the lookups will fail to find the missing fields.
The #NameLookup will use the parameter...
Go to /File/Preferences/Location then is the current location find the Server Tab and check that you defined Domino Directory server (if empty user search on local)
Check also in the Mail tab, Recipient Name lookup that could "stop after first march" or exhaustively search ALL the names known on the client.
In #NameLookup you can also use [NoUpdate]:[Exhaustive]
be aware as mention before that view may be not up to date, that caching can occurs in the #NameLookup.
In place of this, I suggest to use:
#DbLookup("":"";YourServer:"names.nsf" ; "($VIMPeople)" ; #Name([ABBREVIATE] ;#UserName) ; "OfficePhoneNumber");

How can I create human readable key for notes documents

For the documents stored in the database, I would like to create a human readable key to uniquely identify the document. e.g. PO20090110-001. How do I go about doing that?
When saving a document you can put together the first part of the number by using the date or any technique you like (ej. "PO" & format(date, "YYYYMMDD") & confDoc.getitemvalue("doccounter")).
As for the counter I like to store it in a configuration document and update it when each doc is saved. If there are lots of documents created during the day you can run into rep conflicts on you configuration document, if this is the case you can have an agent on the server do the actual assigning of the number, the drawback to this is that you don't get the number right away when saving.
Hope this helps.
One solution used in our help desk is to take the initials of the current user and add it to the a number in the last document in a view. Add one to the number and store that it the new document along with the ititals and the new number as the key.
It's not simply.
Create field for uniquely key and this key saving onSave (or other event), but you must protect this number to be unique.
You can create agent, which checking number on domino server and if agent find conflict then notify application administrator or other responsibility person to resolve this.
Or each replica generate own number and after replicate on domino, agent assign number in right format.
You can create a "nearly" unique key in Domino simply by using the #Unique function, with no arguments. This will generate a string key, based on the current user's first and last name and the current clock time. You will end up with a string something like: "ESCR-12345678".
I say "nearly" unique, because it is not really like an identity column in SQL - Domino does not guarantee it will only give out a particular string once. If you use #unique in a server-side agent which generates many id's at once - for example, and agent that loops and uses #unique within the loop, you can get into a situation where #unique will return a duplicate - because you create 2 docs within the same second and because your "username" is always the server's canonical name. But, outside of that scenario, #unique is generally safe to use.
If you then need to open or reference docs by this ID, just create a view sorted by that ID and you can a url in the form ../myView/id?readDocument.

Resources