{"id":36496,"date":"2025-01-01T16:00:00","date_gmt":"2025-01-01T15:00:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=36496"},"modified":"2025-01-14T17:34:07","modified_gmt":"2025-01-14T16:34:07","slug":"documentum-login-through-otds-without-otexternalid3","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/","title":{"rendered":"Documentum &#8211; Login through OTDS without oTExternalID3"},"content":{"rendered":"\n<p>As you might know, Documentum &#8220;deprecated&#8221; (in reality disabled completely) the different Authentication Plugins that were bundled with a Documentum Server. That means that with recent versions of Documentum, you cannot login to your LDAP-managed account anymore without having configured an OTDS and integrated it with your Documentum Server. After you <a href=\"https:\/\/www.dbi-services.com\/blog\/documentum-silent-install-otds\/\">installed the OTDS<\/a>, and configured it to work with Documentum, you might be faced with an annoying behavior that makes it impossible to login. This is because, by default, it only supports one specific configuration for the user_login_name (i.e. oTExternalID3). There is a workaround, but it&#8217;s not documented, as far as I know, so I&#8217;m writing this blog to share that information.<\/p>\n\n\n\n<p>When logging in to a Documentum Server, using the &#8220;connect&#8221; iAPI command, the Repository will verify if the user_login_name exists. If yes, it will send the Authentication request to the JMS, which will contact the OTDS with the details provided. The OTDS will perform the authentication with whatever Identity Provider you configured inside it and return the result to the JMS, which will then confirm the details to the Repository to either allow or deny the login. In this case, it doesn&#8217;t matter if the user_source of the dm_user is configured with &#8220;LDAP&#8221; or &#8220;OTDS&#8221;. Both will behave in the same way and the request will be sent to the JMS and then the OTDS, that&#8217;s the theory at least&#8230; That&#8217;s working properly for an &#8220;indirect&#8221; login using the &#8220;connect&#8221; iAPI command triggered by an already logged in user such as dmadmin. But a &#8220;direct&#8221; login (DA, dqMan, or direct iAPI with username\/password) will fail for an &#8220;LDAP&#8221; user_source as Documentum will, in this case, try to use the LDAP Auth and then complain that it&#8217;s deprecated :)&#8230; Might be the subject of another blog.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-i-otds-synchronization-with-default-configuration\">I. OTDS Synchronization with default configuration<\/h2>\n\n\n\n<p>To do some testing or if you are setting-up a freshly installed Documentum Repository (i.e. no previous LDAP integrations), you might want to keep things simple and therefore you would most probably end-up using the default configuration.<\/p>\n\n\n\n<p>The default User Mapping configuration for an OTDS Resource, for Documentum, might be something like:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; first-line: 1; highlight: [1]; title: ; notranslate\" title=\"\">\n    Resource Attribute            &amp;gt;&amp;gt; OTDS Attribute          &amp;gt;&amp;gt; Format\n    __NAME__                      &amp;gt;&amp;gt; cn                      &amp;gt;&amp;gt; %s\n    AccountDisabled               &amp;gt;&amp;gt; ds-pwp-account-disabled &amp;gt;&amp;gt; %s\n    client_capability             &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 0\n    create_default_cabinet        &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; F\n    user_address                  &amp;gt;&amp;gt; mail                    &amp;gt;&amp;gt; %s\n    user_global_unique_id         &amp;gt;&amp;gt; oTObjectGUID            &amp;gt;&amp;gt; %s\n    user_login_name               &amp;gt;&amp;gt; oTExternalID3           &amp;gt;&amp;gt; %s\n    user_name                     &amp;gt;&amp;gt; cn                      &amp;gt;&amp;gt; %s\n    user_privileges               &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 0\n    user_rename_enabled           &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; F\n    user_rename_unlock_locked_obj &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; T\n    user_type                     &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; dm_user\n    user_xprivileges              &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 0\n<\/pre><\/div>\n\n\n<p>Please note that the default value for &#8220;user_login_name&#8221; is &#8220;oTExternalID3&#8221;. In addition to mapped attributes from the AD \/ LDAP, OTDS defines some internal attributes that you can use, and this one is one of those. For example, if a cn\/sAMAccountName has a value of &#8220;MYUSERID&#8221;, then you will most probably end-up with something like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>oTExternalID1 == MYUSERID<\/li>\n\n\n\n<li>oTExternalID2 == MYUSERID@OTDS-PARTITION-NAME<\/li>\n\n\n\n<li>oTExternalID3 == MYUSERID@DOMAIN-NAME.COM<\/li>\n\n\n\n<li>oTExternalID4 == DOMAIN\\MYUSERID<\/li>\n<\/ul>\n\n\n\n<p>Therefore, in this case, with the default configuration, you would need to use &#8220;MYUSERID@DOMAIN-NAME.COM&#8221; to be able to login to Documentum. Nothing else would work as your dm_user would be synchronized\/created\/modified to have a user_login_name value of &#8220;MYUSERID@DOMAIN-NAME.COM&#8221;. As a sidenote, the &#8220;%s&#8221; in the Format column means to keep the formatting\/case from the source attribute. In most AD \/ LDAP, the cn\/sAMAccountName would be in uppercase, so you would only be able to login with the uppercase details. There is a parameter that you can set in the server.ini to be able to have a case-insensitive Repository and another one in the JMS, so you might want to take a look at that for example.<\/p>\n\n\n\n<p><strong><span style=\"text-decoration: underline\">Note:<\/span><\/strong> The value of oTExternalID3 can be changed in the Partition &gt; Properties &gt; Extended Functionality page. It is controlled by the value given to the &#8220;AD\/LDAP attribute&#8221; and by default, it should be set to &#8220;userPrincipalName&#8221; (i.e. MYUSERID@DOMAIN-NAME.COM). However, you can change that value to something else, like &#8220;sAMAccountName&#8221;, and in this case, oTExternalID3 would end-up with the same value as oTExternalID1.<\/p>\n\n\n\n<p>Here, I&#8217;m setting an AD password in an environment variable and then fetching a dm_user details to show you the current content, before triggering a login attempt (using the &#8220;connect&#8221; iAPI command):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [6,7,8,22,24,26,32,49]; title: ; notranslate\" title=\"\">\n&#x5B;dmadmin@cs-0 logs]$ read -s -p &quot;  --&gt; Please enter the AD Password: &quot; ad_passwd\n  --&gt; Please enter the AD Password:\n&#x5B;dmadmin@cs-0 logs]$\n&#x5B;dmadmin@cs-0 logs]$\n&#x5B;dmadmin@cs-0 logs]$ iapi REPO_NAME -Udmadmin -Pxxx &lt;&lt; EOC\n&gt; retrieve,c,dm_user where upper(user_login_name) like &#039;MYUSERID%&#039;\n&gt; get,c,l,user_name\n&gt; get,c,l,user_login_name\n&gt; EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2020. OpenText Corporation\n        All rights reserved.\n        Client Library Release 20.2.0000.0082\n\nConnecting to Server using docbase REPO_NAME\n&#x5B;DM_SESSION_I_SESSION_START]info:  &quot;Session 011234568006fe39 started for user dmadmin.&quot;\n\nConnected to OpenText Documentum Server running Release 20.2.00013.0135  Linux64.Oracle\nSession id is s0\nAPI&gt; ...\n1112345680001d00\nAPI&gt; ...\nMYUSERID\nAPI&gt; ...\nMYUSERID@DOMAIN-NAME.COM\nAPI&gt; Bye\n&#x5B;dmadmin@cs-0 logs]$\n&#x5B;dmadmin@cs-0 logs]$\n&#x5B;dmadmin@cs-0 logs]$ iapi REPO_NAME -Udmadmin -Pxxx &lt;&lt; EOC\n&gt; apply,c,NULL,SET_OPTIONS,OPTION,S,trace_authentication,VALUE,B,T\n&gt; connect,REPO_NAME,MYUSERID@DOMAIN-NAME.COM,dm_otds_password=${ad_passwd}\n&gt; apply,c,NULL,SET_OPTIONS,OPTION,S,trace_authentication,VALUE,B,F\n&gt; EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2020. OpenText Corporation\n        All rights reserved.\n        Client Library Release 20.2.0000.0082\n\nConnecting to Server using docbase REPO_NAME\n&#x5B;DM_SESSION_I_SESSION_START]info:  &quot;Session 011234568006fe40 started for user dmadmin.&quot;\n\nConnected to OpenText Documentum Server running Release 20.2.00013.0135  Linux64.Oracle\nSession id is s0\nAPI&gt; ...\nq0\nAPI&gt; ...\ns1\nAPI&gt; ...\nq0\nAPI&gt; Bye\n&#x5B;dmadmin@cs-0 logs]$\n<\/pre><\/div>\n\n\n<p>As you can see above, the result of the &#8220;connect&#8221; command is &#8220;s1&#8221;, which means the session is opened and Documentum was able to verify through the OTDS that the login is correct. On the JMS, there is an &#8220;otdsauth.log&#8221; file, that gives you this kind of information (might give a bit more information depending on the Documentum Server version used):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [4,5]; title: ; notranslate\" title=\"\">\n&#x5B;dmadmin@cs-0 logs]$ cat otdsauth.log\n...\n2025-01-01 13:37:26,417 UTC DEBUG &#x5B;root] (default task-6) In com.documentum.cs.otds.OTDSAuthenticationServlet\n2025-01-01 13:37:26,780 UTC DEBUG &#x5B;root] (default task-6) userId: MYUSERID@DOMAIN-NAME.COM\n2025-01-01 13:37:26,782 UTC DEBUG &#x5B;root] (default task-6) Password Auth Success: MYUSERID@DOMAIN-NAME.COM\n&#x5B;dmadmin@cs-0 logs]$\n<\/pre><\/div>\n\n\n<p>The Repository logs will also show the trace_authentication details and the OTDS will also have a successful authentication attempt in its logs. So, all is well in a perfect world, right?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-ii-otds-synchronization-with-updated-configuration\">II. OTDS Synchronization with updated configuration<\/h2>\n\n\n\n<p>When working with an existing Repository that was initially setup with LDAP Sync and Auth, you might have a &#8220;simple&#8221; configuration that defined that the user_login_name would be the cn\/sAMAccountName attribute from the Active Directory. In this case, you probably don&#8217;t want to change anything after the integration of the OTDS\u2026 After all, the OTDS is supposed to simplify the configuration and not complexify it. Therefore, you would setup the OTDS to integrate (Synchronized Partition or Non-Synchronized one) with your AD \/ LDAP and then create a Resource that would replicate and match the exact details of your existing users. Even on a freshly installed Repository without previous LDAP integration, you might choose to login with &#8220;MYUSERID&#8221; (or &#8220;myuserid&#8221;) instead of &#8220;MYUSERID@DOMAIN-NAME.COM&#8221;. The OTDS will allows you to configure that, so users can be synchronized to Documentum however you want.<\/p>\n\n\n\n<p>To achieve that, you would need to change a bit the User Mapping configuration to keep your previous login information \/ avoid messing with the existing dm_user details. For example, you might want to change the client_capability, user_login_name, user_name and some other things. Here is an example of configuration that allows you to synchronize the users with the cn\/sAMAccountName from your AD \/ LDAP, in lowercase, please note the changes with a wildcard (*):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\n    Resource Attribute            &amp;gt;&amp;gt; OTDS Attribute          &amp;gt;&amp;gt; Format\n    __NAME__                      &amp;gt;&amp;gt; cn                      &amp;gt;&amp;gt; %l (*)\n    AccountDisabled               &amp;gt;&amp;gt; ds-pwp-account-disabled &amp;gt;&amp;gt; %s\n    client_capability             &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 2 (*)\n    create_default_cabinet        &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; F\n    user_address                  &amp;gt;&amp;gt; mail                    &amp;gt;&amp;gt; %s\n    user_global_unique_id         &amp;gt;&amp;gt; oTObjectGUID            &amp;gt;&amp;gt; %s\n    user_login_name               &amp;gt;&amp;gt; cn (*)                  &amp;gt;&amp;gt; %l (*)\n    user_name                     &amp;gt;&amp;gt; displayName (*)         &amp;gt;&amp;gt; %s\n    user_privileges               &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 0\n    user_rename_enabled           &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; T (*)\n    user_rename_unlock_locked_obj &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; T\n    user_type                     &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; dm_user\n    user_xprivileges              &amp;gt;&amp;gt;                         &amp;gt;&amp;gt; 32 (*)\n<\/pre><\/div>\n\n\n<p>The documentation mention in some places to have the same value for both _NAME_ and for user_name but I&#8217;m not sure if that&#8217;s really required, as I have some customers with different values, and it works anyway. It&#8217;s pretty common for customers to have the same value for cn and sAMAccountName and to store the displayName into, well, the displayName attribute\u2026 On Documentum side, some customers will use cn as the user_name, but some others will use displayName instead. The user_name is, after all, a kind of displayName so I don&#8217;t really understand why OTDS would require both _NAME_ and user_name to be the same. It should instead rely on the user_login_name, no?<\/p>\n\n\n\n<p>After consolidating the OTDS Resource, you should be able to see the correct user_login_name as it was before (with the LDAP Sync job). What&#8217;s the purpose of this blog then? Well, the OTDS allows you to change the mapping as you see fit, so that you can replicate exactly what you used to have with an LDAP Sync. But you cannot login anymore\u2026<\/p>\n\n\n\n<p>After the modification of the OTDS Resource User Mapping and its consolidation, here I&#8217;m trying to login again (with &#8220;myuserid&#8221; instead of &#8220;MYUSERID@DOMAIN-NAME.COM&#8221;) to show the difference in behavior:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [3,4,20,22,27,44]; title: ; notranslate\" title=\"\">\n&#x5B;dmadmin@cs-0 logs]$ iapi REPO_NAME -Udmadmin -Pxxx &lt;&lt; EOC\n&gt; retrieve,c,dm_user where upper(user_login_name) like &#039;MYUSERID%&#039;\n&gt; get,c,l,user_name\n&gt; get,c,l,user_login_name\n&gt; EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2020. OpenText Corporation\n        All rights reserved.\n        Client Library Release 20.2.0000.0082\n\nConnecting to Server using docbase REPO_NAME\n&#x5B;DM_SESSION_I_SESSION_START]info:  &quot;Session 011234568006fe48 started for user dmadmin.&quot;\n\nConnected to OpenText Documentum Server running Release 20.2.00013.0135  Linux64.Oracle\nSession id is s0\nAPI&gt; ...\n1112345680001d00\nAPI&gt; ...\nLastName (Ext) FirstName\nAPI&gt; ...\nmyuserid\nAPI&gt; Bye\n&#x5B;dmadmin@cs-0 logs]$\n&#x5B;dmadmin@cs-0 logs]$ iapi REPO_NAME -Udmadmin -Pxxx &lt;&lt; EOC\n&gt; apply,c,NULL,SET_OPTIONS,OPTION,S,trace_authentication,VALUE,B,T\n&gt; connect,REPO_NAME,myuserid,dm_otds_password=${ad_passwd}\n&gt; apply,c,NULL,SET_OPTIONS,OPTION,S,trace_authentication,VALUE,B,F\n&gt; EOC\n\n        OpenText Documentum iapi - Interactive API interface\n        Copyright (c) 2020. OpenText Corporation\n        All rights reserved.\n        Client Library Release 20.2.0000.0082\n\nConnecting to Server using docbase REPO_NAME\n&#x5B;DM_SESSION_I_SESSION_START]info:  &quot;Session 011234568006fe4f started for user dmadmin.&quot;\n\nConnected to OpenText Documentum Server running Release 20.2.00013.0135  Linux64.Oracle\nSession id is s0\nAPI&gt; ...\nq0\nAPI&gt; ...\n&#x5B;DM_SESSION_E_AUTH_FAIL]error:  &quot;Authentication failed for user myuserid with docbase REPO_NAME.&quot;\n\n\nAPI&gt; ...\nq1\nAPI&gt; Bye\n&#x5B;dmadmin@cs-0 logs]$\n<\/pre><\/div>\n\n\n<p>This time the authentication fails. If you look at the Repository logs, you can see the user is detected properly, and the Repository start the authentication with the OTDS (1st line below). But when the result comes back (2nd and 3rd lines below), it says that it failed:<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n2025-01-01T13:46:16.446426      188808&#x5B;188808]  011234568006fe50        &#x5B;AUTH]  Start-AuthenticateUserByOTDSPassword:UserLoginName(myuserid)\n2025-01-01T13:46:16.815111      188808&#x5B;188808]  011234568006fe50        &#x5B;AUTH]  otds_password_authentication = false:\n2025-01-01T13:46:16.815159      188808&#x5B;188808]  011234568006fe50        &#x5B;AUTH]  End-AuthenticateUserByOTDSPassword: 0\n2025-01-01T13:46:17.174676      188808&#x5B;188808]  011234568006fe50        &#x5B;AUTH]  Final Auth Result=F, LOGON_NAME=myuserid, ...\n<\/pre><\/div>\n\n\n<p>The JMS otdsauth.log file will have a similar content, it will start the OTDS communications (1st line below) but the result returned (2nd line below) is not the user_login_name of Documentum. Instead, it&#8217;s the value of oTExternalID3 and then the JMS says that it failed (3rd line below):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; highlight: [2,3]; title: ; notranslate\" title=\"\">\n2025-01-01 13:46:16,671 UTC DEBUG &#x5B;root] (default task-6) In com.documentum.cs.otds.OTDSAuthenticationServlet\n2025-01-01 13:46:16,813 UTC DEBUG &#x5B;root] (default task-6) userId: MYUSERID@DOMAIN-NAME.COM\n2025-01-01 13:46:16,814 UTC DEBUG &#x5B;root] (default task-6) Password Auth Failed: myuserid\n<\/pre><\/div>\n\n\n<p>On the OTDS side, no problems, the authentication was successful when it was received (in the directory-access.log):<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: bash; title: ; notranslate\" title=\"\">\n2025-01-01 13:46:16.777|INFO  ||0|0|Authentication Service|Success Access|27,Initial authentication successful|172.0.0.10|&quot;&quot;|OTDS-PARTITION-NAME|&quot;MYUSERID@DOMAIN-NAME.COM&quot;|&quot;Authentication success: MYUSERID@DOMAIN-NAME.COM using authentication handler OTDS-PARTITION-NAME for resource __OTDS_AS__&quot;\n<\/pre><\/div>\n\n\n<p>If you look at the exact timestamp of the messages, you see the exact flow of how things went. In short, the OTDS says that it&#8217;s OK and it sends back some information to the JMS. But because the information returned is oTExternalID3, there is a mismatch with the value of the user_login_name and the JMS\/Repository then concludes that the authentication failed, which isn&#8217;t true\u2026<\/p>\n\n\n\n<p>Therefore, using any user_login_name value other than oTExternalID3 isn&#8217;t a problem from a synchronization point of view, but you still cannot login anyway.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-iii-workaround\">III. Workaround<\/h2>\n\n\n\n<p>As mentioned in the introduction of this blog, there is a workaround, which is to set the parameter &#8220;<strong>synced_user_login_name=sAMAccountName<\/strong>&#8221; in the <strong>otdsauth.properties<\/strong> file that configures how the JMS talks to the OTDS (another workaround might be to change the value of &#8220;AD\/LDAP attribute&#8221; in the Partition as mentioned earlier in this blog, but that will apply to the full OTDS configuration and not just for this repository). I looked at all the OTDS and Documentum documentations, for several versions, as well as KBs, but I couldn&#8217;t find this workaround mentioned anywhere. Maybe I&#8217;m the one that doesn&#8217;t know how to search (don&#8217;t blame the search from OT Support website :D). The one and only reference to this parameter is in the <a href=\"https:\/\/webapp.opentext.com\/piroot\/edccs\/v240400\/edccs-agd\/en\/html\/jsframe.htm?opentext-directory-services-integ\" target=\"_blank\" rel=\"noreferrer noopener\">Documentum Server Admin &amp; Config doc<\/a>, but it tells you that it&#8217;s optional and it&#8217;s only for OTDS token-based authentication. Here, we are doing a password-based auth, we don&#8217;t have any OTDS oAuth Client ID\/Secret, so this section shouldn&#8217;t be required at all. You don&#8217;t need the other parameters from this section, but you DO need &#8220;synced_user_login_name&#8221;, if you would like to login with the cn\/sAMAccountName\/oTExternalID1\/oTSAMAccountName parameter.<\/p>\n\n\n\n<p>However, there is an additional catch\u2026 The parameter was apparently only introduced in 20.3. For any older Documentum Server, you will need to check with OT if they have a fix available. I know there is one for 20.2, but it&#8217;s only for Windows (c.f. <a href=\"https:\/\/support.opentext.com\/csm?id=kb_article_view&amp;sysparm_article=KB0783327\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>). Now, you know that you can also use this parameter for that purpose.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As you might know, Documentum &#8220;deprecated&#8221; (in reality disabled completely) the different Authentication Plugins that were bundled with a Documentum Server. That means that with recent versions of Documentum, you cannot login to your LDAP-managed account anymore without having configured an OTDS and integrated it with your Documentum Server. After you installed the OTDS, and [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[197,525],"tags":[3504,2609,233,1547,3500,3502,3503],"type_dbi":[],"class_list":["post-36496","post","type-post","status-publish","format-standard","hentry","category-application-integration-middleware","category-enterprise-content-management","tag-dm_user","tag-documentum-2","tag-iapi","tag-ldap","tag-otds","tag-otexternalid3","tag-user_login_name"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Documentum - Login through OTDS without oTExternalID3 - dbi Blog<\/title>\n<meta name=\"description\" content=\"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let&#039;s see the workaround to apply to allow something else.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Documentum - Login through OTDS without oTExternalID3\" \/>\n<meta property=\"og:description\" content=\"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let&#039;s see the workaround to apply to allow something else.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-01T15:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-14T16:34:07+00:00\" \/>\n<meta name=\"author\" content=\"Morgan Patou\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MorganPatou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Morgan Patou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\"},\"author\":{\"name\":\"Morgan Patou\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"headline\":\"Documentum &#8211; Login through OTDS without oTExternalID3\",\"datePublished\":\"2025-01-01T15:00:00+00:00\",\"dateModified\":\"2025-01-14T16:34:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\"},\"wordCount\":1703,\"commentCount\":3,\"keywords\":[\"dm_user\",\"Documentum\",\"iapi\",\"ldap\",\"OTDS\",\"oTExternalID3\",\"user_login_name\"],\"articleSection\":[\"Application integration &amp; Middleware\",\"Enterprise content management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\",\"name\":\"Documentum - Login through OTDS without oTExternalID3 - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2025-01-01T15:00:00+00:00\",\"dateModified\":\"2025-01-14T16:34:07+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"description\":\"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let's see the workaround to apply to allow something else.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Documentum &#8211; Login through OTDS without oTExternalID3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\",\"name\":\"Morgan Patou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"caption\":\"Morgan Patou\"},\"description\":\"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.\",\"sameAs\":[\"https:\/\/blog.dbi-services.com\/author\/morgan-patou\/\",\"https:\/\/x.com\/MorganPatou\"],\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Documentum - Login through OTDS without oTExternalID3 - dbi Blog","description":"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let's see the workaround to apply to allow something else.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/","og_locale":"en_US","og_type":"article","og_title":"Documentum - Login through OTDS without oTExternalID3","og_description":"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let's see the workaround to apply to allow something else.","og_url":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/","og_site_name":"dbi Blog","article_published_time":"2025-01-01T15:00:00+00:00","article_modified_time":"2025-01-14T16:34:07+00:00","author":"Morgan Patou","twitter_card":"summary_large_image","twitter_creator":"@MorganPatou","twitter_misc":{"Written by":"Morgan Patou","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/"},"author":{"name":"Morgan Patou","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"headline":"Documentum &#8211; Login through OTDS without oTExternalID3","datePublished":"2025-01-01T15:00:00+00:00","dateModified":"2025-01-14T16:34:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/"},"wordCount":1703,"commentCount":3,"keywords":["dm_user","Documentum","iapi","ldap","OTDS","oTExternalID3","user_login_name"],"articleSection":["Application integration &amp; Middleware","Enterprise content management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/","url":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/","name":"Documentum - Login through OTDS without oTExternalID3 - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2025-01-01T15:00:00+00:00","dateModified":"2025-01-14T16:34:07+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"description":"Login to Documentum only works when using the OTDS oTExternalID3 configuration. Let's see the workaround to apply to allow something else.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-login-through-otds-without-otexternalid3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Documentum &#8211; Login through OTDS without oTExternalID3"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8","name":"Morgan Patou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","caption":"Morgan Patou"},"description":"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.","sameAs":["https:\/\/blog.dbi-services.com\/author\/morgan-patou\/","https:\/\/x.com\/MorganPatou"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=36496"}],"version-history":[{"count":13,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36496\/revisions"}],"predecessor-version":[{"id":36579,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/36496\/revisions\/36579"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=36496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=36496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=36496"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=36496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}