Lotus Domino Administrator 8 Help - Setting up ID recovery

SECURITY

Setting up ID recovery
Before users can recover their ID files, you must set up ID recovery. Perform these steps before anyone loses or corrupts an ID -- ideally before you begin registering users.

1. From the IBM® Lotus® Domino™ Administrator, click Configuration, and then click Certification.

2. Click Edit Recovery Information.

3. In the "Choose a Certifier" dialog box, click Server and select the registration server name from the Domino Directory (only if the correct server name does not appear).

4. Choose the certifier for which you are creating recovery information.

If you are using a server-based certification authority, click "Use the CA process" and select a certifier from the drop-down list. You must be a Certificate Authority (CA) administrator for the certifier in order to change ID recovery information.
If you are not using a server-based certification authority, click "Supply certifier ID and password." If the certifier ID path and file name does not appear, click Certifier ID and select the certifier ID file and enter the password.

5. Click OK. The "Edit Master Recovery Authority List" dialog box appears.

6. Enter the number of recovery authorities that are required to recover an ID file. It is recommended that you choose at least three.

7. Select the length of the recovery password from the drop-down list. The default is 16 characters.

8. Click Add and select the names of the administrators who are the designated recovery authorities.

9. Choose whether you want to use an existing mailbox for recovery information or create a new one.

If you have a mail or mail-in database already set up for recovery information, click "I want to use an existing mailbox." Click Address and select the database from the Domino Directory.
If you want to create a new database to store recovery information, click "I want to create a new mailbox." In the "Create New Mailbox" dialog box, enter the name of the server on which the database is to be created, and the database title. You can use the file name that is created from the database title, or you can create a new one.

10. In the Custom Recovery Message field, type a customized message for the "Enter passwords" dialog box that appears during the ID recovery process. For example, you may want to specify help desk contact information. Message length is limited to 512 characters.

Note

Whenever you make changes in this dialog box, the Export button is disabled. You cannot export recovery information until you save the new or updated information.

11. Click OK.

12. If you are using a server-based certification authority, at the server console type:

load ca

This starts the CA process with the new recovery information, or refreshes it if it is already running. Then type:

tell adminp process all

to process the request to add recovery information to the certifier.

13. In the mail-in database ACL, set the -Default- access to No access and give administrators Reader access.

Note If you have created additional O-level IBM® Lotus® Notes® certifiers, be sure to cross-certify them with the initial Lotus Notes certifier prior to setting up recovery information.

See also

ID recovery

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary