As I wrote earlier in an AppNote (http://www.novell.com/coolsolutions/appnote/18520.html), I think security in e-mail is one of the most important things to consider. You can create a GroupWise password policy with IDM, or you can use LDAP authentication for your GroupWise system. With the LDAP method, GroupWise uses the eDirectory password to authenticate to your GroupWise PostOffice.
In this article I explain how to set up LDAP authentication on a GroupWise system.
1. Create an LDAP server in the GroupWise configuation.
2. To select the primary domain in ConsoleOne, go to the menu bar and click Tools > GroupWise System Operations > LDAP Servers.
Figure 1 - LDAP Server list
3. Click Add to create a new LDAP server.
Figure 2 - Adding an LDAP server
4. Enter a name for the LDAP Server. I called mine "LDAP Test". Make sure that you select a correct LDAP Server IP Address.
5. Leave all the other settings as they are and click OK.
You will see this screen:
Figure 3 - LDAP Test server on the list
6. Select the LDAP Test server and click Edit.
7. In the next screen, click Select Post Offices.
Figure 4 - Selecting the Post Office
8. From the available Post Offices, select a PO that needs to use LDAP authentication. I'm using the DOM01.LDAP Post Office.
9. Click Close.
10. Open the GroupWise view and select the Post Office you like to use LDAP Authentication.
Figure 5 - Post Office for LDAP Authentication
11. Right-click on the Post Office and select Properties.
12. From the GroupWise Tab, select Security.
You will see this screen:
Figure 6 - LDAP Security properties
13. Make sure you select the LDAP Authentication checkbox.
14. Click the Select Server button.
Figure 7 - Selected LDAP server
15. Make sure LDAP Test Server is selected and moved under Selected Server window.
16. Click Close.
Testing the LDAP Authentication
Now you are ready to test your LDAP authentication. I test it with my GroupWise WebAccess interface.
1. Open your WebAccess login page. I log in with the username and eDirectory password.
Figure 8 - WebAccess login page
You will notice that you can now log in now with your eDirectory password. If you try to log in with your GroupWise password, you will get an error.
Also, take a look at your POA Server screen when you are logged in:
Figure 9 - POA Server screen
You will see a line like this:
C/S Login WebAccess ::GW Id=ldap :: 10.100.20.254 [10.100.1.5]
This tells you that the WebAccess agent is logging in through an LDAP server.
If you see an error in the POA screen, you can change the login from normal to verbose or diagnostic.