Setting Up LDAP Authentication on a GroupWise System

0 Likes
over 14 years ago

Introduction



As I wrote earlier in an AppNote (http://www.novell.com/coolsolutions/appnote/18520.html), I think security in e-mail is one of the most important things to consider. You can create a GroupWise password policy with IDM, or you can use LDAP authentication for your GroupWise system. With the LDAP method, GroupWise uses the eDirectory password to authenticate to your GroupWise PostOffice.



In this article I explain how to set up LDAP authentication on a GroupWise system.



Authentication Setup



1. Create an LDAP server in the GroupWise configuation.



2. To select the primary domain in ConsoleOne, go to the menu bar and click Tools > GroupWise System Operations > LDAP Servers.







Figure 1 - LDAP Server list


Click to view.




3. Click Add to create a new LDAP server.







Figure 2 - Adding an LDAP server


Click to view.




4. Enter a name for the LDAP Server. I called mine "LDAP Test". Make sure that you select a correct LDAP Server IP Address.



5. Leave all the other settings as they are and click OK.



You will see this screen:







Figure 3 - LDAP Test server on the list


Click to view.




6. Select the LDAP Test server and click Edit.



7. In the next screen, click Select Post Offices.







Figure 4 - Selecting the Post Office


Click to view.




8. From the available Post Offices, select a PO that needs to use LDAP authentication. I'm using the DOM01.LDAP Post Office.



9. Click Close.



10. Open the GroupWise view and select the Post Office you like to use LDAP Authentication.







Figure 5 - Post Office for LDAP Authentication


Click to view.




11. Right-click on the Post Office and select Properties.



12. From the GroupWise Tab, select Security.



You will see this screen:







Figure 6 - LDAP Security properties


Click to view.




13. Make sure you select the LDAP Authentication checkbox.



14. Click the Select Server button.







Figure 7 - Selected LDAP server


Click to view.




15. Make sure LDAP Test Server is selected and moved under Selected Server window.



16. Click Close.



Testing the LDAP Authentication



Now you are ready to test your LDAP authentication. I test it with my GroupWise WebAccess interface.



1. Open your WebAccess login page. I log in with the username and eDirectory password.







Figure 8 - WebAccess login page


Click to view.




You will notice that you can now log in now with your eDirectory password. If you try to log in with your GroupWise password, you will get an error.



Also, take a look at your POA Server screen when you are logged in:






Figure 9 - POA Server screen


Click to view.




You will see a line like this:



C/S Login WebAccess  ::GW Id=ldap :: 10.100.20.254 [10.100.1.5]


This tells you that the WebAccess agent is logging in through an LDAP server.



If you see an error in the POA screen, you can change the login from normal to verbose or diagnostic.

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended