Related Tips & Info

GroupWise Secure LDAP Authentication

MigrationDeletedUser
0 Likes

Problem



I need to successfully authenticate over secure LDAP to GroupWise, for GroupWise Windows and Web clients.



Solution



Note: GroupWise server 7.0.2 runs on OES Linux and is called GW. You can use the following this Cool Solution for additional information:
http://www.novell.com/coolsolutions/feature/19308.html

Configuring LDAP



1. Start ConsoleOne.



2. Open the Properties of the LDAP group GroupWise object.



3. Select "TLS enabled for simple binds".



Creating the SSL Certificate



1. Start ConsoleOne.



2. Open Properties of the SSL Certificate DNS GroupWise object.



3. Under Certificates, select the trusted root certificate.



4. Export the trusted root certificate without private key, in .DER format, to gwroot.der.



5. Use the 8.3 notation and copy this file to you postoffice directory: /gw/grpwise/po



Tip: Put the servername in the root certificate file, such as "gwroot.der".



Setting Up GroupWise Secure LDAP



1. Start ConsoleOne.



2. Go to Tools > System Operations > LDAP Servers.



3. Select Enable SSL and enter the location of your postoffice directory (such as /gw/grpwise/po/gwroot.der).



Note: DO NOT BROWSE, but just directly enter /gw/grpwise/po/gwroot.der.



Restarting the Agents



1. Restart POA (on Linux):



/etc/init.d/grpwise postoffice.domain stop
/etc/init.d/grpwise postoffice.domain start


where postoffice is your postoffice name and domain is your domain name.



2. Restart LDAP (on Linux).



3. To stop nldap: nldap -u



4. To start nldap: nldp -l



5. Check POA logging 0n LDAP SSL.



1.1.2.    POA Logging
11:05:49 528   LDAP Settings:
11:05:49 528   Inactive Connection Timeout: 30 secs
11:05:49 528   Disable LDAP Password Change: No
11:05:49 528   LDAP Pool Server Reset Timeout: 5 mins
11:05:49 528   LDAP Server Quarantine Threshold: 2
11:05:49 528   Current LDAP Authentication mode: Load Balance Pool
11:05:49 528   Load Balance Pool Configuration:
11:05:49 528   Server Pool: LDAP bjzu-dom bjzu-po
11:05:49 528   LDAP Authentication Server IP Address: 10.10.10.200
11:05:49 528   LDAP Server Port: 636
11:05:49 528   LDAP SSL Enabled: Yes
11:05:49 528   LDAP SSL Key File Name: /gw/grpwise/po/gwroot.der 
11:05:49 528   LDAP User Authentication Method: Bind
1.1.3.         Client authenticatie LDAP SSL
17:18:42 416 C/S Login Windows  Net Id=username ::GW Id=username :: ::ffff:10.10.10.201
17:18:52 416 Initializing Secured LDAP session with 10.10.10.200 at port 636 using SSL Key file /gw/grpwise/po/gwroot.der


Now you have successfully authenticated over secure LDAP to GroupWise.

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.