Changing to LDAP auth in POA: roll back possible?

Hello there!

I am thinking about to change to high security auth in POA because users have some trouble dealing with two passwords and I cannot apply security standards to password strength. My question is: if something went wrong, could I get back to groupwise embed auth again with all the previous passwords? How the remote mode mailboxes would behave? Because password is somehow embed inside.

Thank you.
  • randolf,

    what could go wrong? I'd use a test PO and play with it.

    The original password will still be stored in the user database, so if you go back, the old password will still be there.
    As for remote mailboxes, I haven't used them in years. I find caching so much easier. I assume (didn't test) it will error out upon the first connect and then ask for the LDAP password. It will probably then ask if you want to use the online password for the remote mailbox.

    I'd create a test PO and play with it.

    Uwe

    --
    Novell Knowledge Associate
    Please don't send me support related e-mail unless I ask you to do so.
  • buckesfeld;2336217 wrote:
    randolf,

    I'd create a test PO and play with it.
    what could go wrong? I'd use a test PO and play with it.

    The original password will still be stored in the user database, so if you go back, the old password will still be there.
    As for remote mailboxes, I haven't used them in years. I find caching so much easier. I assume (didn't test) it will error out upon the first connect and then ask for the LDAP password. It will probably then ask if you want to use the online password for the remote mailbox.
    .




    I even didn't think about it. You are right. Btw, I thought that remote and catching were pretty similar. Indeed, I as Linux user, I am using groupwise in catching mode because remote is not offered.

    Thank you.
  • Confirmed. I does store passwords and if you want to switch back it keeps the previous one. Now I have to find out what happens with webaccess and gms service once you change to ldap and that unfortunately is not as easy as create other post office.
  • randolf carter wrote on 10/15/2014 01:06 PM:
    > Now I have to find out what happens with
    > webaccess and gms service once you change to ldap and that unfortunately
    > is not as easy as create other post office.


    Think of Webaccess as just another client. I uses the same data as the Win32 client, just paints colorful HTML pictures to display it.
    GMS as in Mobility? The stored password in the ActiveSync account will fail and users have to enter their directory password instead.

    Uwe

    --
    Novell Knowledge Associate
    Please don't send me support related e-mail unless I ask you to do so.
  • buckesfeld;2336579 wrote:
    randolf carter wrote on 10/15/2014 01:06 PM:
    > Now I have to find out what happens with
    > webaccess and gms service once you change to ldap and that unfortunately
    > is not as easy as create other post office.


    Think of Webaccess as just another client. I uses the same data as the Win32 client, just paints colorful HTML pictures to display it.
    GMS as in Mobility? The stored password in the ActiveSync account will fail and users have to enter their directory password instead.



    Yes, I could add a secondary post office to webaccess and It did work without no further config. Now I am trying that groupwise ask for other field rather than displayName I would like it to ask for samAccount because is shorter.
  • It was as easy as copy full distinguishedName string in LDAP field in user account. Now it is working.
  • randolf carter wrote on 10/16/2014 12:06 PM:
    > It was as easy as copy full distinguishedName string in LDAP field in
    > user account. Now it is working.


    Glad you got it working.

    Uwe

    --
    Novell Knowledge Associate
    Please don't send me support related e-mail unless I ask you to do so.