Accessing GroupWise User Accounts

0 Likes

Problem



As a GroupWise administrator, I often get asked to access a user's account by his or her supervisor, for a variety of reasons (granting proxy access, looking for certain emails, opening a records request, etc.) and many times without that user knowing. For some time, the only way to access someone's account was to change their password. Of course, this would create problems for the target user when they tried to access their account again with a password that was no longer valid.

Solution



Since switching to LDAP Authentication for all GroupWise Post Offices, I've found a much easier, less intrusive way to access a user's account, without having to change their password. If you're not using LDAP Authentication, then this will not work.

To proceed, follow these steps:

1. Create a temporary eDirectory user. The actual login name can be anything.

2. Put the first and last name of the target user (the user whose email you are wanting to access) into the temporary user's First and Last name fields.

3. Assign a password to the temporary account.

4. Switch to the GroupWise View in ConsoleOne and browse to the target user.

5. Right-click his/her account and select GroupWise Utilities – GW / eDir Association – Associate Objects.

6. With 'Select Existing Object' chosen, click the Browse icon.

7. Browse to your temporary eDirectory user created in step 1.

8. Highlight the user and click OK. You will be prompted that the existing object is already associated with another object - proceed anyway.

This will reassociate the target user's GroupWise account with your temporary eDirectory user. Depending on your system's internet email format, with the first and last names filled in appropriately, it should also maintain the email address of the account during this operation so as not to deny any external email.

9. After allowing a few minutes for the changes to propagate, log in to GroupWise as the target user. You will use the target user's GroupWise USERNAME, but you will use the temporary eDirectory user's PASSWORD. Now you're in.

Once you've finished any necessary operations (finding email, granting proxy access, etc.), you'll need to reverse this.

10. Repeat Step 2 exactly.

11. Repeat Step 3, except when browsing for the existing object, select the target user's regular eDirectory account.

I was quite surprised to find how simple this solution is, and I have used it on many occasions to access user accounts on a supervisor's behalf.

Environment

GroupWise 7 using LDAP Authentication

Labels:

How To-Best Practice
Comment List
Anonymous
Parents
  • When using LDAP authentication in GroupWise there is an even easier way to get access to a mailbox.

    Open ConsoleOne (with GroupWise snapins). Open the user account who's mailbox is to be opened. Click on the GroupWise tab. There should be an entry "LDAP Authentication". Just type in the name and context (in ldap format cn=jdoe,ou=mib,o=nsa) of a user (could be your own account or a temporary one) with a known password and apply the changes.

    Now you can log in to the mailbox that is to be opened with the password of the account that you specified in the "LDAP Authentication" field.

    When finished examining the mailbox remove the entry from the "LDAP Authentication" field and everything is back to normal.

    Paddy
Comment
  • When using LDAP authentication in GroupWise there is an even easier way to get access to a mailbox.

    Open ConsoleOne (with GroupWise snapins). Open the user account who's mailbox is to be opened. Click on the GroupWise tab. There should be an entry "LDAP Authentication". Just type in the name and context (in ldap format cn=jdoe,ou=mib,o=nsa) of a user (could be your own account or a temporary one) with a known password and apply the changes.

    Now you can log in to the mailbox that is to be opened with the password of the account that you specified in the "LDAP Authentication" field.

    When finished examining the mailbox remove the entry from the "LDAP Authentication" field and everything is back to normal.

    Paddy
Children
No Data
Related Discussions
Recommended