Setting Up LDAP Authentication on a GroupWise System



As I wrote earlier in an AppNote (, I think security in e-mail is one of the most important things to consider. You can create a GroupWise password policy with IDM, or you can use LDAP authentication for your GroupWise system. With the LDAP method, GroupWise uses the eDirectory password to authenticate to your GroupWise PostOffice.

In this article I explain how to set up LDAP authentication on a GroupWise system.

Authentication Setup

1. Create an LDAP server in the GroupWise configuation.

2. To select the primary domain in ConsoleOne, go to the menu bar and click Tools > GroupWise System Operations > LDAP Servers.

Figure 1 - LDAP Server list

Click to view.

3. Click Add to create a new LDAP server.

Figure 2 - Adding an LDAP server

Click to view.

4. Enter a name for the LDAP Server. I called mine "LDAP Test". Make sure that you select a correct LDAP Server IP Address.

5. Leave all the other settings as they are and click OK.

You will see this screen:

Figure 3 - LDAP Test server on the list

Click to view.

6. Select the LDAP Test server and click Edit.

7. In the next screen, click Select Post Offices.

Figure 4 - Selecting the Post Office

Click to view.

8. From the available Post Offices, select a PO that needs to use LDAP authentication. I'm using the DOM01.LDAP Post Office.

9. Click Close.

10. Open the GroupWise view and select the Post Office you like to use LDAP Authentication.

Figure 5 - Post Office for LDAP Authentication

Click to view.

11. Right-click on the Post Office and select Properties.

12. From the GroupWise Tab, select Security.

You will see this screen:

Figure 6 - LDAP Security properties

Click to view.

13. Make sure you select the LDAP Authentication checkbox.

14. Click the Select Server button.

Figure 7 - Selected LDAP server

Click to view.

15. Make sure LDAP Test Server is selected and moved under Selected Server window.

16. Click Close.

Testing the LDAP Authentication

Now you are ready to test your LDAP authentication. I test it with my GroupWise WebAccess interface.

1. Open your WebAccess login page. I log in with the username and eDirectory password.

Figure 8 - WebAccess login page

Click to view.

You will notice that you can now log in now with your eDirectory password. If you try to log in with your GroupWise password, you will get an error.

Also, take a look at your POA Server screen when you are logged in:

Figure 9 - POA Server screen

Click to view.

You will see a line like this:

C/S Login WebAccess  ::GW Id=ldap :: []

This tells you that the WebAccess agent is logging in through an LDAP server.

If you see an error in the POA screen, you can change the login from normal to verbose or diagnostic.


How To-Best Practice
Comment List