User requirements for basic password authentication

To access the IBM® Sametime® Community Server by using a web browser, users must enter a user name and internet password to access any protected database on the server.

A protected database is a database that has its Access Control List (ACL) set to require basic password authentication. If the ACL settings of a database allow anonymous access, the user is not authenticated (prompted for a user name and internet password) when accessing the database.

Note: It is important for a user to enter a name when accessing a Sametime database so that the user's name can be displayed in any presence list within the database. If the ACL settings of a database allow anonymous access, a user is not prompted for a name unless the setting Users of Sametime applications can specify a display name so that they do not appear online as anonymous is selected in the Configuration > Community Services > Anonymous Access settings of the Sametime System Console. When this option is selected, it forces a name entry prompt to appear when an anonymous user attends a scheduled meeting. From this name entry prompt, the user can enter a name for display purposes in a presence list. The server accepts any name entered by the user at the name entry prompt; the user is not authenticated.

A Sametime Connect Client user must also be authenticated each time the user starts the Sametime Connect Client and connects to the Community Services on the Sametime server. Sametime Connect users must enter the user name and internet password that is stored the Person document in the Domino® Directory when logging on to Sametime Connect.

Person document, User names, and internet passwords in the Domino Directory

Each member of the Sametime community must have a Person document in the Domino Directory to authenticate with the Sametime server. The names and password that a user can enter when accessing a Sametime server are maintained in the Basics tab of a Person document in the Domino Directory.

To access a Person document, open the Sametime Administration Tool and select Domino Directory > Domino > Manage People. Double-click a person's name to open that user's Person document.

The table shows a sample entry in the Basics section of a user's Person document. The text that follows the table explains how these entries are used in the web browser and Sametime Connect Client password authentication processes.

Sample settings in the Basics section of a Person document

Table 1. Sample settings in the Basics section of a Person documentExample text for how the Basics section of a Person document might be populated
Field	Sample Entry	Comment
First name	Gary	This field is optional.
Middle initial		This field is optional.
Last name	Ollerman	This field is required.
User name	Gary Ollerman/Community;GOllerman or Gary Ollerman/Community GOllerman Note: The Community (or domain) name is appended to the first entry in the user name field by default.	This field is required. If you include more than one name, separate the names with a semicolon (;), or listing each name on a new line.
Alternate name		This field is optional.
Short name/UserID		This field is optional.
Generational qualifier		This field is optional.
Internet password	(FCF5F3960B0A289D3)	This field is required.

The following fields on the Person document are used by the authentication process:

First name - This field is used only when a user logs in from a web browser.
Web browser - If an entry exists in the Given name field in the Basics tab of the Person document, the user can enter this name at the User Name prompt that appears when accessing a protected database on the Sametime server with a web browser. (A protected database is a database that has its ACL set to require basic password authentication.)
Sametime Connect - The first name (given name) is not a valid entry at the User Name prompt that appears when logging on to the Sametime Connect Client.
Surname - An entry must exist in the Surname field of the Basics tab of a Person document.
The surname can be entered in the User Name prompt that appears when accessing a protected database on the Sametime server with a web browser. The surname can also be used when logging on from the Sametime Connect Client.
Note: If both the Given name and Surname fields contain entries, the user can enter the first and last names at the User Name prompt that appears when accessing the Sametime server.
User name - An entry must exist in the User name field in the Basics tab of a Person document.
Generally, it is good practice to use a user's first and last name in the User name field. The User name field can contain multiple entries. In our example, the User name field contains both Gary Ollerman/Community and GOllerman. (Each entry must be separated by a semicolon (;) or be listed on a separate line in the User name field of the Person document.)
A user can enter any name that appears in the User name field of the Person document when logging on to the Sametime server from the Sametime Connect Client or a web browser. For example, the user could enter Gary Ollerman/Community or GOllerman at a Sametime Connect or web browser User Name prompt. The name entered by the user is resolved to the topmost name (Gary Ollerman/Community in the example) in the User name field. The topmost name in the User name field is the name that is displayed in the presence lists of all Sametime clients.
Note: If you want a user's email address to display in presence lists, enter the user's email address as the topmost name in the User name field of the Person document. If the email address is included in the User name field, the user can also enter the email address at the User name prompt when logging in from a Sametime Connect Client or web browser.
Sametime uses the topmost name in the User name field to validate a user in a database ACL. If you require basic password authentication for a database and you enter the names of individual users in the ACL of a database, enter the topmost name that appears in the User name field of the Person document in the database ACL. Although the user can enter GOllerman when logging on, Sametime uses "Gary Ollerman/Community" to validate the user in the database ACL. Therefore, "Gary Ollerman/Community" must be the name that appears for this user in database ACLs.
Internet password - Users must enter the internet password to authenticate with the Sametime server using a web browser or the Sametime Connect Client. In the example, the internet password is sametime. The password displays as a series of random characters because internet passwords are encrypted on the Person document.
Password character restrictions
In addition to non-English characters, the following characters must not be included in passwords used by Sametime:
: \ } " " &

LDAP

If you have configured the Sametime server to operate with an LDAP directory on a third-party server, the authentication process uses the user names and passwords stored in the LDAP directory. It is not necessary to create Person documents containing separate user names and passwords in the Domino Directory on the Sametime server.

Password character restrictions

In addition to non-English characters, the following characters must not be included in passwords used by Sametime:

: \ } " " &