Quick Guide to Lotus Domino-Notes

What is it, and why should I use it over open-source solutions like Apache?

Note (no pun intended): Although Lotus' marketing literature doesn't always stick to this view of things, Domino is now supposed to mean the server, while Notes is the client side. Domino is available for NT, AS/400, and different *nices (Solaris, HP-UX, AIX, Linux), while Notes is only available for Windows, although it is said to run OK on Linux under the Wine emulator.

IMHO, Domino/Notes is the greatest, albeit proprietary, groupware solution currently available. Besides e-mail + to-do, personal/group calendars, and personal/group address books, it lets you build shared knowledge databases, and generally improve team-work through workflow. Personnaly, I wouldn't use it for e-mail, especially since Notes can work against a Unix-based e-mail system pretty well, although that means losing some of the groupware features. I just don't trust proprietary software for critical applications like e-mail.

The main reason you should give Domino/Notes a try if you need to offer such features, is that the Web-based tools are just too complicated to use by non-technical people (editing with HTML editors, uploading updated HTML files to your web server, synchronizing laptops, etc.), and do not support replications as easily as Domino/Notes.

As for proprietary solutions, MS Exchange only runs on NT and doesn't support knowledge databases as well as Domino, and Novell's Groupwise requires an NDS server in addition to a Groupwise server.

Pros & Cons

Pro: Con:

What are Domino/Notes databases?

Domino/Notes databases are nothing like DBMS's like Oracle. Instead, a Domino/Notes knowledge database is really a single, stand-alone binary .NSF file which contains all the documents that users have created. Each database has a unique Replica ID, and each document it contains has a unique Universal ID (UNID).

To improve performance, a database can be indexed, which means that additional files are created to contain indexes, but those files are independent from the database itself. In other words, and notwithstanding the ACL issue (access-control lists), you can just copy an NSF database and drop it on either another Domino server or a Notes clients.

The main two components of a Domino/Notes database are forms (templates) and views (lists of documents in the database, sorted by different fields.) Users must use available forms to create new documents in the database. Forms are handled by whoever has Manager/Designer rights to the database. This helps maintain coherence and homogeneity. Views are simply the list of documents available in a database, sorted by whatever fields the designer chose (eg. Creator, Date, etc.):

One of the available view for this database:

A form built using a standard Lotus-supplied template

In Domino/Notes, all databases are NSF files; no distinction is made between user e-mail databases, document databases, or system databases. System databases include

Overview of Domino/Notes architecture

Accessing a Domino database from a Notes client

Accessing a document in a database first requires that the user authenticate successfully against the Domino server. This requires that both the server ID file and the user ID file be stamped by a common certifier (CERT.ID). If the two IDs belong to different organizations, a cross-certificate must have been generated so that a client that belongs to organization B is allowed to connect to server in organization A.

The authentication itself consists in a bi-directional challenge which involves encrypting and decrypting a random number using the other party's public and private keys:

  1. The server/user requesting access sends a package that contains a random number, their name, their public key, and their certificates
  2. The server signs the random number with its public key, and sends it back to the requester
  3. The requester verifies that the signature is correct and that the random number matches the original
  4. The server repeats this process in reverse to prove that it is not an impostor.
To gain access to databases on a standard (non-HTTP) Notes server, a Notes user has to first authenticate with the server, then survive the server's access list, then get past a series of access lists in each database. At this point, the server may still refuse the user access to the server if the user is in a Not Access Server field or is not in an Access Server field in the Server's server document.

From IBM's Lotus Notes and Domino R5.0 Security Infrastructure Revealed

As shown above, Domino's security is based on several layers of security, which is partly what makes Domino hard to understand, and troubleshoot when access is denied.

Here are the different settings available in a database's ACL (from Installing and Configuring the Lotus Notes Web Publishing Products, http://docs.rinet.ru/PerfectIntranet/ch7.htm):

Access Level Activities Allowed
Manager The database manager can do anything in a database, including change the Access Control List
Designer Database designers can do anything in a database, including making changes in the database design, but excluding making changes in the Access Control List
Editor Database editors can add data documents to a database and can make changes in any data document in the database, regardless of the document's authorship. Editors cannot change database design or the Access Control List
Author Database authors can create new data documents and they can edit documents they originally created. With certain exceptions, they cannot edit documents not authored by themselves. Nor can they make changes in the database design or Access Control List
Reader Database readers can read data documents and views but cannot make changes of any kind in the database
Depositor Database depositors can create and save new data documents but cannot read any document, including their own after they close it, nor make changes of any kind in the database
No Access Users with no access will not be allowed to open a database at all

What are ID files?

You must generate a user ID file for each user in the Organization. In the process, the ID file is certified, and contains the following information: Once the ID file is generated, a copy is available as an independent .ID file as well as an entry in the Public Name & Address Book for other users to use.

Tip: To display the different certifiers that live in a user's ID file, select File | Tools | User ID.

Important: The password only exists in the ID file, to prevent anyone else from using it. In other words, changing the password to an ID file makes no change to the server. If a copy is kept in the PNAB, which is not recommended for securite reason, the password to the original ID file is not updated.

Once generated, the user's ID file is located in the domain's Public Name & Address Book (PNAB). It can also be extracted into eg. JDOE.ID, and kept on the user's workstation.

Important: Regenerating an ID file means generating a new pair of public and private keys and losing the encryption keys. As a consequence, this users will no longer be able to access any encrypted document or database. (CHECK) He must also be removed and re-added to every single Access Control List (ACL) of Notes databases.

The Certifier, CERT.ID

The core identifier, the ID file from which all other ID files are created, is known as the CERT.ID, and is created when first setting up the Organization. Two other ID files are created when setting up a server: SERVER.ID (that server's ID file; each new server has its own ID file), and USER.ID (an ID file that can be used for administrative purposes, although any user who is registered as having Manager rights on a given Notes database can perform administrative tasks.) It's OK to rename those files, eg. rename SERVER.ID to SDSERV1.ID and USER.ID to SDADMIN.ID. Notes doesn't rely on the ID file's filename. Theres is nothing special about the USER.ID administrative file, although it gets put in a few places, such as the "administrator" field on the server document.

CERT.ID is the most important component of a Notes network, as it is required when adding new resources to the organization (users, servers, OUs), and re-certifying ID files whose validity period has expired. Keep several backups, and don't forget the password used to protect this ID file. Losing access to CERT.ID means having to rebuild the entire organization, along with user and server ID files. If that happens to you, update your résumé...

To avoid having all administrators use CERT.ID in their daily tasks, it is recommended to create OUs, each with its own certifier. This is also an efficient way to spread the administration work on different levels, and makes it easier to build an Organization that reflects the company's actual hierarchy, eg. users and servers could be made a member to Marketing/Acme or Marketing/US/Acme, instead of just /Acme.

X.500 Notation

Domino/Notes uses an X.500 type of hierarchical organization. Just like DNS, the whole point is to make it easier to create several identical names in the organization, eg. it's OK to have several users called John Doe, as long as they belong to different nodes in the organization. In case two users with the same name belong to the same node in the organization, you could user their middle initial to tell them apart. For instance, John Doe/Washington/Acme is the fully distinguished hierarchical name to user John Doe who belongs to Organizational Unit Washington, itself part of the over-all Acme Organization.

A common name (CN) is the user's or server's name. Organization Units (OU) are sub-entities, with up to 4 allowed. The Organization (O) is usually the company's name. The top level is the Country code level (C, eg. US), but it is rarely used. On the other hand, the fully distinguished canonicalized hierarchical name of that user would be CN=John Doe/OU=Washington/O=Acme. Since there is no functional difference between a user ID and a server ID, the canonical path to a server would be CN=Server1/OU=Washington/O=Acme.

Domino domain != NT domain != DNS domain

A Domino/Notes domain is used to organize mail routing and build an organization-wide address book. It has nothing to do with either Windows NT or Internet. Although not a requirement, companies usually make the Domino/Notes domain identical to the Organization. When using Domino/Notes' proprietary e-mail feature, John Doe/Acme@Acme means user John Doe in Organization Acme (/Acme), in e-mail domain Acme (@Acme). Note that while Domino/Notes uses the "@" sign, it has nothing to do with SMTP e-mail. The left part before the @ sign is the fully-qualified path which locates this user in the Notes organization.

Although it is possible for a Notes domain to contain several Organizations, or one Organization to contain several domains, the most common setup is for the domain to map to the Organization.

Notes Named Networks

A Notes Named Network is used to simplify mail routing. Servers that use the same network protocol and share constant connections should be added into an NNN, so as to avoid having to create connection documents to route mail between them. Servers that belong to the same NNN share the same PNAB.

Also, users will see the list of servers that belong to the same NNN when they use the "Open Database" dialog to add an icon to a Notes database. Servers that do not belong to the NNN will not appear in that list, and users are required to type their distinguished name and the filename of the database.

To avoid confusion, NNNs are usually named for both their location and protocol, eg. ACME_IP.

What's in the PNAB?

The Public Name and Address Book holds not only Person documents for each user created in the domain, but also administration information like server names and parameters, or connection documents to route mail to other domains, either Notes or Internet. The PNAB can also be used to contain the list of any contact of the company, ie. outside contacts with an Internet e-mail or no e-mail at all can be added to the PNAB. When adding a new server to a domain, the first thing Notes does is create a local replica of the PNAB on that new server.

Two groups are automatically placed in the PNAB when it is created: LocalDomainServers and OtherDomainServers. They should contain the hierarchical names of the servers with which your server communicates (both within and outside your domain.)

Location documents can be found in the PNAB and also a user's local Personal NAB on his workstation. Those documents are used to tell Notes how to connect to a given server. This is where the server's IP address is found.

The Person document is created when a new user is registered in the domain. His document contains information about his mail file and home server, as well as his public key, which is used during the authentication process. The User Name must contain the user's fully distinguished name.

The Certifier documents contain information about certifiers in the organization. One of the fields is that certifier's public key.

The Server Connection documents define the connection method and path between servers in the domain and in adjacent domains. In a user's Personal NAB, the connection documents define the path and connection information between a client and a server.

Domain documents specify and define the name, location, and type of access to adjacent and nonadjacent Notes domaines, and non-Notes domains.

Server documents define and configure the servers in your domain.

The Personal NAB is created when installing the Notes client. Its Certifiers documents are used to identify the certificates held by a particular user, and are used heavily during cross-certification.

Cross-certification

The process of sharing certificates to enable authentication among users and servers that were not created with a common certificate is called cross-certification. Cross-certification is a two-way process that requires both organizations to cross-certify and store a certificate. If the certificate does not exist in either company's NAB, authentication cannot occur.

If you do not use Domino/Notes for e-mail, the next best way to organize cross-certification is by generating a safe ID, ie. a copy of an ID file that can be used only to have it cross-certified. You should not send your full ID file to be x-certified (File | Tools | Server Administration, followed by Administration | ID Files..., input your password, then select More Options section, Create Safe ID File)

A cross-certificate located in a user's Personal NAB can be copied/pasted into the domain's PNAB for others to use.

If John Doe/Bar needs to connect to a database sitting on a server at /Foo, he needs a cross-certificate, either in his Personal NAB or his domain Bar's Public NAB.

Replication

Notes supports replicating databases on multiple servers. A copy of a database is static, ie. changes made to the original database will not be replicated to that copy.

A server must have the same or higher level of access to a database as the highest user on that server. Otherwise, the changes that a user with higher rights makes on that server cannot be replicated to to other servers.

Only one server should have Manager access to a database, so as to avoid unpredictable replication problems should changes be made simultaneously on several replicas of a database.

Renaming users

Renaming a user must not be done manually, but instead through a request handled by the Adminp process on the server. After the change has occured, the user's name must be manually updated in any database ACLs, as well as in any Reader and Author name fields.

Notes client: The sights

Another peeve I have about the Notes client is that settings are spread in different locations. Below is a list of areas of worth if you need to customize your workstation:

File menu

Useful sections are: Database, Replication, Mobile, Preferences, and Tools.

Database sub-menu

This is where you can :

Replication sub-menu

This is where you can handle replications of remote DBs.

Mobile sub-menu

This is actually a different route to your Private NAB. The Mobile sub-menu will direct you to the Location section where you can set up different connection profile (eg. LAN, dial-up, disconnected), which is a way for Notes to change its behavior when you try to access remote resources depending on how you can reach said remote resources.

Preferences sub-menu

Tools sub-menu

Private Name & Address Book

... which happens to be a very misleading name, as it not only contains your private address book (as opposed to the Public Name & Address Book sitting on the Domino server), but also the Connection documents which are all-important when you need to connect to servers through dial-up. The Private NAB also contains settings to connect to Internet servers, such as SMTP, IMAP/POP, or LDAP. Remove this local DB, and you won't be able to dial up to remote servers, be they Domino or Internet. Stupidly enough, the Private NAB default filename is names.nsf... just like the Public NAB sitting on a Domino server. When creating a local replica of the Public NAB, Notes will use the same name by default, potentially hosing your Private NAB since they both use names.nsf as their filename. Very smart.

Links to resources

Either Domino DBs or web sites can be added to the bookmarks section. Area noted "1." contains links to your mail database (eg. jdoe.nsf), which is located either on the Domino server or your local workstation depending on the Location under which you are presently working, ie. if you are running the Office location, Notes will open the jdoe.nsf that lives on the Domino server (if any), but will open the local jdoe.nsf replica if you are currently using the Internet or Island location documents.

The first four icons contain links to e-mail, calendar, address book, and to-do, respectively. The last icon leads to the Replicator workspace, where you can set replication settings.

Area noted "2." contains links to folders, eg. links to Domino DBs or Internet web sites. The second icon contains a link to the familiar Workspace view.

Installing Domino on a Linux server

  1. Uninstall MTA and web server (eg. rpm -e sendmail apache)
  2. Create a user ID that Domino will use to run (eg. useradd notes), and set a password for this account.
  3. Untar the archive, and run ./install
  4. Once you're through with this command-line part of the install procedure, log out, and log in with the Notes account that you just created above.
  5. Go to the directory where you installed Domino, eg. /local/notesdata, and launch the HTTP setup through /opt/lotus/bin/http httpsetup
  6. At this point, Domino's web daemon is running. Finish the install by launching Domino's web server, and connect to it through a web browser (eg. http://domino.example.com:8081).
    Important: The "certifier" field is actually the Organization (eg. /Acme), which must be longer than 3 characters long. The Country field is optional (eg. if filled, the fully-qualified organization would be /Acme/Us.)
  7. Finally, launch Domino itself by switching to Notes' data directory (eg. /local/notesdata), and lauching Domino's daemon through /opt/lotus/bin/server .
  8. Create startup scripts so that Domino runs during bootup (/etc/rc.d/init.d/ and symlinks in /etc/rc.d/rcX.d/)
Note: The certifier's ID CERT.ID and the server's ID SERVER.ID are located in the Notes data directory (eg. /local/notesdata). The user ID file that you created during the setup procedure (ie. USER.ID, which actually is not an administrator account, ie. it has no more rights than the other user accounts that you will create once the server is up and running) can be found in that user's entry in the Public Name & Address Book: Aim your web browser to the Domino server (eg. http://domino.example.com/names.nsf), log on with the USER.ID's password, open NAMES.NSF and find this user's record in NAMES.NSF.

CHECK: Once the initial setup is done, Domino should run automatically through startup scripts, so it should not be a problem to remove password and shell for the Notes user account for added security, ie. put a * in /etc/passwd or /etc/shadow for this account and finish it off with usermod -s /bin/false notes.

Security Issues

By default, the password of an ID file is only stored in the file, but it can also be checked at the server to verify that the correct ID is being used. It is also a way to force users to change their passwords regularly, and to prevent reuse of old passwords.

If the original password of an ID file was chosen to be easy to remember and meant to be changed by the user shortly after having been created, anyone can just detach the original ID file from the PNAB, and pass for this user. This means, for instance, accessing an encrypted mail database... After registering a new user or server, detach the ID file from the PNAB, and keep several copies. Should the new password be forgotten, the user can always be handed the original ID file, with its original password. Additional certificates a user might have received since his ID file was originally created are stored in the PNAB.

In the advanced section of a DB's ACL, when "Administration Server" is left to None, the default, it means that NO server can make administrative changes. AdminP will make changes such as modifying ACL's and reader fields, but should do so only on one replica of the DB, otherwise you would get massive numbers of replication conflicts. Thus the need to designate a single server where those sorts of changes get made

Three basic elements help maintain database integrity and prevent data loss:

If using the SET SECURE <password here> instruction in the Notes server console to control access, you cannot launch the Notes client on the same host. Either turn off this protection by typing the full SET SECURE <password>, or run File | Tools | Server Administration from a remote Notes client, provided you have the right to run the remote console.

Q&A

How can I extract Domino/Notes documents as HTML and use them into a Web server?

Check out iNotes. You can also export individual documents through File | Export.

How to handle document versioning?

Surprisingly enough, Domino/Notes tells you that a document was edited by another user... but doesn't show you what changes were made. It is the responsibility of the editor to make those obvious by using different colors (pen), strikethrough, etc.

After asking this question in a newsgroup, there appears to be three solutions: Purchasing the add-on Domino.Doc, embedding either a Lotus WordPro or Microsoft Word document to take advantage of the versioning feature offered by those two word-processors, or making use of Domino/Notes' support of "response" documents, not unlike threading in Usenet. Yuck.

How to import addresses in the PNAB from an ASCII file?

From: "W.Flamme" 
Newsgroups: comp.groupware.lotus-notes.admin
Subject: Re: How to import addresses through CSV file?
Date: Tue, 10 Apr 2001 14:48:43 +0200
Organization: RZ-Online
Lines: 58
Message-ID: <9avr8a$peo$1@news.rhein-zeitung.DE>
References: <3aca08b6.28230773@news.imaginet.fr> <9af3q2$e4d$1@news.rhein-zeitung.DE> <3acb2bb0.73171274@news.imaginet.fr>
NNTP-Posting-Host: pppin217.max-mainz.rz-online.net
X-Trace: news.rhein-zeitung.DE 986935370 26072 212.7.164.217 (10 Apr 2001 20:42:50 GMT)
X-Complaints-To: abuse@rhein-zeitung.de
NNTP-Posting-Date: 10 Apr 2001 20:42:50 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Path: writer!fr.colt.net!fr.clara.net!heighliner.fr.clara.net!RENT.THIS.SPACE.FOR.ADVERTISING!newsfeed.hanau.net!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!newsfeed.r-kom.de!stueberl.r-kom.de!news-ffm.transmedia.de!news.zet.net!news.rhein-zeitung.de!not-for-mail
Xref: writer comp.groupware.lotus-notes.admin:71676

"Frederic Faure"  schrieb im
Newsbeitrag news:3acb2bb0.73171274@news.imaginet.fr...
> On Wed, 4 Apr 2001 12:03:58 +0200, "W.Flamme"
>  wrote:
> >Type="Person" is probably missing. Check the SELECT statement of the
> >contacts view...
>
> I don't understand. Where should I put that Type="Person" statement?
> I cannot see anything related to SELECT or a Contacts view in the
> Tabular Text Import dialog that pops up when I open the PNAB and
> select File | Import.

Soory for puzzeling you..

What I meant (rather than explained, perhaps): If you want your imported
docs to appear in a view, it makes sense to look at this view's selection
formula first. Eg the contacts view's SELECT statement demands Form="Person"
& Type="Person". If you don't set the latter field value for your import,
all you'll see is - nothing. However the documents have been imported
properly.
Most likely there will be a lot of garbage import in the backend already, it
makes sense to get rid of that before your next try.

Unfortunately the import dialog will not allow you to declare additional
default values for your import despite 'Form'.

There are three ways to address this:

1) add a column named 'Type' to your import data and add "Person" as a value
for each record. It's simple copy/paste if you're working with a
spreadsheet. Or using a CSV, simply use FIND , REPLACE WITH
Person or "Person" resp.

2) you can use a COL-File for import specification and have a 'computed'
section within it, like:

:
FORMULASTART
FIELD Type:="Person";
FORMULAEND
:
This will create the additional Type="Person" field for each record, even if
there is no such field in your data.

3) Write your own LS CSV import routine.

You could also send me what you have and I'll do the conversion for you. To
be honest, it's much harder to explain every detail than to do it..

--

Wolfgang Flamme
wflamme@mainz-online.de

"I love deadlines. I love the whooshing sound they make as they fly by."
     Douglas Adams

http://sunsite.net.edu.cn/tutorials/senotes4/CH12.HTM
http://www.interguru.com/msieall.htm
http://mlarchive.ima.com/notes/1999a/2790.html


From: "W.Flamme" 
Newsgroups: comp.groupware.lotus-notes.admin
Subject: Re: How to import addresses through CSV file?
Date: Tue, 10 Apr 2001 14:48:43 +0200
Organization: RZ-Online
Lines: 58
Message-ID: <9avr8a$peo$1@news.rhein-zeitung.DE>
References: <3aca08b6.28230773@news.imaginet.fr> <9af3q2$e4d$1@news.rhein-zeitung.DE> <3acb2bb0.73171274@news.imaginet.fr>
NNTP-Posting-Host: pppin217.max-mainz.rz-online.net
X-Trace: news.rhein-zeitung.DE 986935370 26072 212.7.164.217 (10 Apr 2001 20:42:50 GMT)
X-Complaints-To: abuse@rhein-zeitung.de
NNTP-Posting-Date: 10 Apr 2001 20:42:50 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Path: writer!fr.colt.net!fr.clara.net!heighliner.fr.clara.net!RENT.THIS.SPACE.FOR.ADVERTISING!newsfeed.hanau.net!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!newsfeed.r-kom.de!stueberl.r-kom.de!news-ffm.transmedia.de!news.zet.net!news.rhein-zeitung.de!not-for-mail
Xref: writer comp.groupware.lotus-notes.admin:71676

"Frederic Faure"  schrieb im
Newsbeitrag news:3acb2bb0.73171274@news.imaginet.fr...
> On Wed, 4 Apr 2001 12:03:58 +0200, "W.Flamme"
>  wrote:
> >Type="Person" is probably missing. Check the SELECT statement of the
> >contacts view...
>
> I don't understand. Where should I put that Type="Person" statement?
> I cannot see anything related to SELECT or a Contacts view in the
> Tabular Text Import dialog that pops up when I open the PNAB and
> select File | Import.

Soory for puzzeling you..

What I meant (rather than explained, perhaps): If you want your imported
docs to appear in a view, it makes sense to look at this view's selection
formula first. Eg the contacts view's SELECT statement demands Form="Person"
& Type="Person". If you don't set the latter field value for your import,
all you'll see is - nothing. However the documents have been imported
properly.
Most likely there will be a lot of garbage import in the backend already, it
makes sense to get rid of that before your next try.

Unfortunately the import dialog will not allow you to declare additional
default values for your import despite 'Form'.

There are three ways to address this:

1) add a column named 'Type' to your import data and add "Person" as a value
for each record. It's simple copy/paste if you're working with a
spreadsheet. Or using a CSV, simply use FIND , REPLACE WITH
Person or "Person" resp.

2) you can use a COL-File for import specification and have a 'computed'
section within it, like:

:
FORMULASTART
FIELD Type:="Person";
FORMULAEND
:
This will create the additional Type="Person" field for each record, even if
there is no such field in your data.

3) Write your own LS CSV import routine.

You could also send me what you have and I'll do the conversion for you. To
be honest, it's much harder to explain every detail than to do it..

--

Wolfgang Flamme
wflamme@mainz-online.de

"I love deadlines. I love the whooshing sound they make as they fly by."
     Douglas Adams

Registering users from an ASCII text file

Alexis;Catherine;R.;;password1;;;Marketing / Acme;;;;;;Marketing Profile
Check the online help for infos on each field

(R5) How to extract USER.ID?

Newsgroups: comp.groupware.lotus-notes.admin
Subject: Re: help !! domino install do not creat user.id???

>You have to open the "lnotes.exe" from one of the dicrectories and than
>open the address-book.
>Now open the entry for your admin and at the bottom of the window there
>should be an "attachment" (userID), which you now can extract and use.

How to recover a lost password?

Although R5 introduced a password recovery feature, you should keep copies of ID file (with their password :-)

Access-control: Why introduce Roles in addition to ACLs?

Beats me. I don't see the need for additional control where I'd be perfectly happy setting acces to a field with eg. "only such-and-such individual or member of the MIS group can edit this field."

(From IBM's Lotus Notes and Domino R5.0 Security Infrastructure Revealed)
Roles in the ACL
When a group you want to add to the ACL does not exist in the Domino Directory, you may want to create a special group or role for users of the database. Roles let you define responsibilities in the application and further define access to database elements.

What Is a Role?
A role is a subset of the ACL that is controlled by the database manager. A role can be used anywhere that a group or user name can be used. Users and groups are assigned roles to refine access to particular views, forms, sections, or fields of a database. Instead of assigning access to a design element to users and groups, you assign access to the role.

Some advantages of using roles are that they:

What's the use of DB Type in the DB Properties section

TO-DO

Lots of administration-related infos in the HELPADMN.NSF database.

Check Archive settings

Check crash recovery and soft deletions

in R5 you can easily create a custom frameset that has several different frames in it (one for Sales, R&D, etc). The content of each frame could be a view, or even a page w/ an embedded view. Look in the "Today" section of http://www.notes.net and do a search for "Katz"

Tips and tricks

Setting up Notes as an SMTP/POP client

  1. Install Notes 5
  2. Go through the setup wizard (You DO want to connect to a Domino server as this files the server name in the Open DB dialog later on)
  3. Once installed, remove all Location docs except Internet
  4. Input adhoc parameters in the Internet doc
  5. Open DBs from server: e-mail for user, and the PNAB on the server
  6. Create local replicas of those two DBs
  7. Update User Preferences to also include the replica of the PNAB for recipient name lookups
  8. Create SMTP, POP, and LDAP accounts in the user's address book

    Note: By default, POP = Leave msgs on the server. Change this to No.

How to recover the default, familiar workspace

If you don't like the cheesy AOL-like default welcome screen of Notes 5, here's how to use the traditionnal Workspace instead:
  1. Click on the Databases icon in the left hand-side Bookmark section

  2. Right-click on the Workspace item, and select "Set Bookmar as Home Page"

How to open a view from a Web browser

http://mysrv/acme.nsf/MyView?OpenView

Adding a History field

To keep a list of the different users who edited the document:
  1. Open an existing DB that has this feature, go to the Design | Script Libraries section, and copy/paste the HistoryLib document
  2. Open the form to which you need to add a field to hold change history
  3. Open the MyForm Form | Options section, and add
  4. Option Declare
    Use "HistoryLib"
  5. Open the MyForm Form | Declarations section, and add
    Dim strPrevHistory As String
  6. Open the MyForm Form | PostOpen section, and add
    strPrevHistory = Source.FieldGetText("History")
  7. Open the MyForm Form | QuerySave section, and add 
    	Dim strHistory As String
	strHistory = CurrentDate() & ", "
	strHistory = strHistory & ExtractName(CurrentUser()) & ", "
	strHistory = strHistory & Source.FieldGetText("HDStatus") & Chr(13) & Chr(10) & strPrevHistory
	Call Source.FieldSetText("HDLastUpdated", strHistory)
Another useful trick: @If ( $UpdatedBy != null;@Name ( [CN]; @Subset ( $UpdatedBy ; -1 ) );null )

Alternative: Add the following code to a History text field: 

h := @Text(@Now) + " " + @Name([CN]; @UserName);
@If(@IsNewDoc; h; @IsDocBeingSaved; h : @Subset(LastUpdated;10); @Subset(LastUpdated;10))

How to manager appointments for a whole team?

Check out http://www.alma.fr/dazibao/

How to move Domino to another server

... regardless of the OS (NT <-> Linux OK):
  1. On the new server, install Domino as if it were the first server in the organization. Certifier name = Domain name = ACME. Launch the new server once to make sure it runs OK, and stop it.
  2. From the old server, copy all the ID files, NFS files, along with any NTF template you might have built
  3. Update your DNS to make this move transparent to users
  4. Launch the new server
Note: If the old server is not disommissioned, and, hence, the new server is assigned a new IP address, clients might be unable to find the new Domino server (I asked in newsgroups where Notes cached this information, to no avail.) To solve this, create a Connections document so that Notes can resolve NEWSRV/ACME into its IP address: Open the user's Personal Address Book | View | Advanced | Connections.

More infos: http//www.support.lotus.com/sims2.nsf/802ee480bdd32d0b852566fa005acf8d/29dc782a0b95cc7b8625661f006cf84d?OpenDocument

Resources

Books

Here are books I would recommend, either on administration or development:

On the Web