Consultants Corner: Preparation for upgrade to GroupWise 2014

0 Likes
over 7 years ago
“Butterflies and Zebras, And Moonbeams and fairy tales” ... I was on a recent project upgrading the GroupWise system to GroupWise 2014. As part of the upgrade, GroupWise 2014 wants an LDAP directory and/or server if you are connected to eDirectory. And as many of you may recall, in order to do proper MTA Synchronization between GroupWise and eDirectory, you need to have eDirectory User Synchronization set up properly.

Well these two things: upgrade to GroupWise 2014 and eDirectory User Synchronization have a relationship. If you have eDirectory User Synchronization set up and working properly before you upgrade to GroupWise 2014, then you will have no issue/error related to LDAP server/directory on the upgrade. Of course, after the upgrade to GroupWise 2014, you can fix the problem. But why not fix it before?!

This article will give you an example of proper eDirectory User Synchronization. I will address two different activities/features in GroupWise. LDAP Servers and eDirectory User Synchronization. GroupWise running on Linux with no eDirectory, requires an LDAP server set up, pointing to an eDirectory replica server.

First, create a new LDAP user in your eDirectory. I usually create them in either the GroupWise OU or the O of the tree. Once the user is created, make it trustee of Root and provide it with rights.

All Attributes Rights: Compare, Read, Write
Entry Rights: Browse and Create

NOTE: Please understand this is the simplest way to set up an ldap user. But its not the most secure..


Figure 1: LDAP User, Trustee of Root, All Attribute Rights Figure 1: LDAP User, Trustee of Root, All Attribute Rights


Figure 2: LDAP User, Trustee of Root, Entry Rights Figure 2: LDAP User, Trustee of Root, Entry Rights


Second, create an LDAP Server under Tools | GroupWise System Operations | LDAP Servers.

Here you want want to set up a simple LDAP server. Again it will be unsecure. But remember you can secure all of this later after its working.


  1. Select Add

  • Fill in a Name, Description

  • Under the LDAP Server Address, place an IP Address of an eDirectory server that has a replica on it.

    • Many organizations have a specific eDirectory LDAP server. Or you can point to a server that has a Read/Write replica of Root.

  • Also here you want to make sure the server you are pointing to does not require SSL/636 and TLS. These can be found turned on in the LDAP Server and LDAP Group object for the server you are pointing to for this setup.


  • Set the Port to 389

  • User Authentication Method Bind

  • Select Post Offices do not set any.

  • Select Ok.



 Figure 3: Tools | GroupWise System Operations | LDAP Servers


Figure 4: Add LDAP Server Figure 4: Add LDAP Server


Figure 5: Fill in Name, Description, LDAP Server Address, Select OK Figure 5: Fill in Name, Description, LDAP Server Address, Select OK


Next, we need to move onto Tools | System Operations | eDirectory User Synchronization

In eDirectory User Synchronization:

  1. Select the Configure Agents option

  • Select the MTA for the Primary Domain

  • Select Set Up eDirectory Access, notice the State may say 'disabled'



In Available LDAP Servers, Select the LDAP server you setup above

  1. Select the Set Preferred, if you have more than 1 LDAP server

  • Browse to the LDAP User created previously and Select

  • Set the Password used for the LDAP user

  • Browse to the LDAP Group for the server named in the LDAP Servers from above

  • Select OK

  • Select the Primary Domain MTA

  • Select Enable button on the right, then OK



At this point, the Primary domain is enabled to do eDirectory User Synchronization. Also, its at this point, I would recommend that the Primary domain MTA be the Sync Agent for all domains. Why? Well if you recall, the Primary domain is the 'gold copy' of your GroupWise system. Its from the Primary domain that all administration can be done and pushed 'down to' all other domains. So by making it the eDirectory Sync Agent for all domains, it will push down all changes to all domains.

Ah...but then its a single point of failure! Yes, it is, but not of a major point. Its also easier to administer. And in the properties of the domains, under Scheduled Events, only the Primary domain needs this set. All other domains can have it 'unchecked'.

To set all other MTA's eDirectory Sync Agent to the Primary Domain:

  1. Choose and highlight a domain MTA you will change

  • Select Change Assignment, in eDirectory User Synchronization Configuration

  • Select the Primary Domain MTA with status set to Enabled

  • Select OK

  • Select the next domain you choose to change, and repeat til all domains are using the Primary Domain MTA.



The final step on setting eDirectory User Synchronization Configuration is in the properties of the MTA, Scheduled Events.


  1. Right click on each MTA

  • On the GroupWise tab, select Scheduled Events

  • DE-Select Default eDirectory User Synchronization Event for ALL non-Primary domain MTA's

  • Select Default eDirectory User Synchronization Event for the Primary domain MTA and set a schedule



Best to run this event at least one time each day after hours. However, if you have a changing environment. One that changes users information quite a bit each day, should have a couple events set. Maybe run one every 4 hours. Mind you, you can always right click, GroupWise Utiltiies, Synchronize to also sync changes.

 Figure 6: Tools | GroupWise System Operations | eDirectory User Synchronization


Figure 7: Select Configure Agents Figure 7: Select Configure Agents


Figure 8: Select Set Up eDirectory Access; Note: Disabled State Figure 8: Select Set Up eDirectory Access; Note: Disabled State


Figure 9: Select LDAP Server, Set Preferred, Add LDAP User, LDAP Password, LDAP Group Figure 9: Select LDAP Server, Set Preferred, Add LDAP User, LDAP Password, LDAP Group


Figure 10: Browse to LDAP Group for Server holding eDirectory Replica Figure 10: Browse to LDAP Group for Server holding eDirectory Replica


Figure 11: Select Enable, Note: State Enabled, eDirectory Access is Yes Figure 11: Select Enable, Note: State Enabled, eDirectory Access is Yes


Figure 12: Primary Domain now does eDirectory User Synchronization Figure 12: Primary Domain now does eDirectory User Synchronization


Figure 13: Select Change Assignment to set all domain MTA's Sync Agent to be the Primary Domains MTA Figure 13: Select Change Assignment to set all domain MTA's Sync Agent to be the Primary Domains MTA


Figure 14: Example: Note DOM1 is the Primary Domain, its MTA is now the Sync Agent for all domains Figure 14: Example: Note DOM1 is the Primary Domain, its MTA is now the Sync Agent for all domains


Figure 15: Set Scheduled Event ON for Primary domain, OFF for all other domains, in MTA Properties of each domain Figure 15: Set Scheduled Event ON for Primary domain, OFF for all other domains, in MTA Properties of each domain


Summary:


At this point, I have walked you thru basic setup of LDAP server as well and proper “Best Practice” eDirectory User Synchronization Configuration. Even if you already have these set up, this article should prove a good review and part of your preparation for upgrading to GroupWise 2014. That leaves me with this:

“Fly on Little Wing” and enjoy your GroupWise 2014 upgrade.

Got comments or article ideas? Need help GroupWise? Drop me a line at: Gregg@HinchmanConsulting.com. “The Force is strong in this one.”

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended