Cannot change GroupWise User Name in GW Mobility Service 2.0

Hi,

In GW Mobility Service 2.0 I can no longer change the "GroupWise User Name" value, which I need for the the address book selection. I need to change it, because we use AD authentication. This sets the username value to CNAME, which is different from our logon names (sAMAccountName). I can only change the "Mobility User Name""now. In 1.2.5.299, I was able to change it.

As a result, I'm unable to add new users to the system. Anyone know how to fix this?

Iwan
  • iwan wrote:

    > . I need to change it, because we use AD authentication.


    You must change it during the addition of the user. After you search for the
    user and check the box that you wish to add the user, you must first change the
    "default" name. If you click "add" at this point before changing the default
    user name, you will need to delete the user and readd again.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - http://bit.ly/1cv13RE


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • dzanre;2297139 wrote:
    iwan wrote:

    > . I need to change it, because we use AD authentication.


    You must change it during the addition of the user. After you search for the
    user and check the box that you wish to add the user, you must first change the
    "default" name. If you click "add" at this point before changing the default
    user name, you will need to delete the user and readd again.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - Caledonia Guide to the GroupWise Mobility Service 2.0


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...


    Hi,

    I don't add users via the web interface. I add them to an AD user group, at which point they are automatically added to the system. Once they are added, I change the name and sync them. I've added over 100 users like this in the previous version. I don't know why it does not work anymore. It does allow me to change the "Mobility User Name".

    Iwan
  • iwan;2297159 wrote:
    Hi,

    I don't add users via the web interface. I add them to an AD user group, at which point they are automatically added to the system. Once they are added, I change the name and sync them. I've added over 100 users like this in the previous version. I don't know why it does not work anymore. It does allow me to change the "Mobility User Name".

    Iwan


    Addition to my previous post:

    I tried adding users through the 'add users' option with the 'LDAP' checkbox selected (for test purposes), but when I type in the name and search, I receive the below error:

    ****
    Illegal Server Error
    An error has occurred and your request could not be completed.

    If the error persists, contact your system administrator.
    ****

    I would very much like to use the old method of adding users via an AD group.

    Iwan
  • iwan wrote:

    > I don't add users via the web interface. I add them to an AD user group, at
    > which point they are automatically added to the system. Once they are added, I
    > change the name and sync them. I've added over 100 users like this in the
    > previous version. I don't know why it does not work anymore. It does allow me
    > to change the "Mobility User Name".


    This has actually long been an issue, and I had failures even with 1.2.5. I
    think you got lucky. This is a known problem with using LDAP groups for adding
    users.

    Also, you say that you were using AD groups, and this is definitely not
    supported. eDirectory is the only supported LDAP server for Mobility and that
    has always been the case.

    So, I'm afraid that if this was working before, it was totally by accident.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - http://bit.ly/1cv13RE


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • dzanre;2297285 wrote:
    iwan wrote:

    > I don't add users via the web interface. I add them to an AD user group, at
    > which point they are automatically added to the system. Once they are added, I
    > change the name and sync them. I've added over 100 users like this in the
    > previous version. I don't know why it does not work anymore. It does allow me
    > to change the "Mobility User Name".


    This has actually long been an issue, and I had failures even with 1.2.5. I
    think you got lucky. This is a known problem with using LDAP groups for adding
    users.

    Also, you say that you were using AD groups, and this is definitely not
    supported. eDirectory is the only supported LDAP server for Mobility and that
    has always been the case.

    So, I'm afraid that if this was working before, it was totally by accident.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - Caledonia Guide to the GroupWise Mobility Service 2.0


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...


    Hi,

    I'm sorry to hear that. I've been using it with AD as an LDAP source for quite some time without any issues. I still use it for authentication to the web interface itself. It would still work if I could just modify the "GroupWise User Name", like I could in the previous version. It doesn't seem logical to allow changing the "Mobility User Name" and not the "GroupWise User Name".

    I am adding users through the web interface now and abandoned adding them via the LDAP group option (still use AD auth on the devices). I don't want to use eDir as I'm trying to move away from it. Every system within our company authenticates using AD. I only have eDir for GroupWise and with the next version of GW coming up and fully supporting AD, I can finally go to a single Directory.

    When I migrate to GW 2014, will I be able to select GroupWise for authentication in Mobility Service and have the POA use AD authentication? Effectively giving Mobility Service AD authentication through GW? If so, the only thing that would not work is adding users via a group (if eDir is not used anymore).

    Iwan
  • iwan wrote:

    > When I migrate to GW 2014, will I be able to select GroupWise for
    > authentication in Mobility Service and have the POA use AD authentication?


    Yes, because actually just using "GroupWise" authentication is effectively using
    AD authentication if your POA is set for LDAP. You would want to use GroupWise
    for both the provisioning and authentication. In fact, you could do that now,
    and instead of using an AD group for provisioning, use a GW Distribution List -
    that should actually fix your "naming" problem as well.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - http://bit.ly/1cv13RE


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • dzanre;2297387 wrote:
    iwan wrote:

    > When I migrate to GW 2014, will I be able to select GroupWise for
    > authentication in Mobility Service and have the POA use AD authentication?


    Yes, because actually just using "GroupWise" authentication is effectively using
    AD authentication if your POA is set for LDAP. You would want to use GroupWise
    for both the provisioning and authentication. In fact, you could do that now,
    and instead of using an AD group for provisioning, use a GW Distribution List -
    that should actually fix your "naming" problem as well.

    --
    Danita
    Novell Knowledge Partner
    GroupWise Mobility Service 2.0 Guide - http://bit.ly/1cv13RE


    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...


    Thank you for the answer. One final question: If I change authentication to GW, how do I add admin users to the "configengine.xml" file? As far as I can see, it only allows for ldap users.

    Iwan
  • Hi Iwan
    You cannot yet unfortunately. Planned for 2.0.1.

    And on AD, yes, we never supported it. Because of the new GW 2014 work we now require the GW schema extension on LDAP which essentially only eDir has.
    Like Danita said, GW auth is the future. LDAP authentication is basically only left there for backwards compatibility and will be removed in future versions.

    - Kai
  • Hi,

    I was wondering when it will be possible to add admin users to the admin interface if I change to GroupWise authentication? I did not see that option in 2.0.1 as stated above. Maybe I missed something?

    Iwan