“Butterflies and Zebras, And Moonbeams and fairy tales” ... I was on a recent project upgrading the GroupWise system to GroupWise 2014. As part of the upgrade, GroupWise 2014 wants an LDAP directory and/or server if you are connected to eDirectory. And as many of you may recall, in order to do proper MTA Synchronization between GroupWise and eDirectory, you need to have eDirectory User Synchronization set up properly.
Well these two things: upgrade to GroupWise 2014 and eDirectory User Synchronization have a relationship. If you have eDirectory User Synchronization set up and working properly before you upgrade to GroupWise 2014, then you will have no issue/error related to LDAP server/directory on the upgrade. Of course, after the upgrade to GroupWise 2014, you can fix the problem. But why not fix it before?!
This article will give you an example of proper eDirectory User Synchronization. I will address two different activities/features in GroupWise. LDAP Servers and eDirectory User Synchronization. GroupWise running on Linux with no eDirectory, requires an LDAP server set up, pointing to an eDirectory replica server.
First, create a new LDAP user in your eDirectory. I usually create them in either the GroupWise OU or the O of the tree. Once the user is created, make it trustee of Root and provide it with rights.
All Attributes Rights: Compare, Read, Write Entry Rights: Browse and Create
NOTE: Please understand this is the simplest way to set up an ldap user. But its not the most secure..
Second, create an LDAP Server under Tools | GroupWise System Operations | LDAP Servers.
Here you want want to set up a simple LDAP server. Again it will be unsecure. But remember you can secure all of this later after its working.
Fill in a Name, Description
Under the LDAP Server Address, place an IP Address of an eDirectory server that has a replica on it.
Many organizations have a specific eDirectory LDAP server. Or you can point to a server that has a Read/Write replica of Root.
Also here you want to make sure the server you are pointing to does not require SSL/636 and TLS. These can be found turned on in the LDAP Server and LDAP Group object for the server you are pointing to for this setup.
Set the Port to 389
User Authentication Method Bind
Select Post Offices do not set any.
Next, we need to move onto Tools | System Operations | eDirectory User Synchronization
In eDirectory User Synchronization:
Select the Configure Agents option
Select the MTA for the Primary Domain
Select Set Up eDirectory Access, notice the State may say 'disabled'
In Available LDAP Servers, Select the LDAP server you setup above
Select the Set Preferred, if you have more than 1 LDAP server
Browse to the LDAP User created previously and Select
Set the Password used for the LDAP user
Browse to the LDAP Group for the server named in the LDAP Servers from above
Select the Primary Domain MTA
Select Enable button on the right, then OK
At this point, the Primary domain is enabled to do eDirectory User Synchronization. Also, its at this point, I would recommend that the Primary domain MTA be the Sync Agent for all domains. Why? Well if you recall, the Primary domain is the 'gold copy' of your GroupWise system. Its from the Primary domain that all administration can be done and pushed 'down to' all other domains. So by making it the eDirectory Sync Agent for all domains, it will push down all changes to all domains.
Ah...but then its a single point of failure! Yes, it is, but not of a major point. Its also easier to administer. And in the properties of the domains, under Scheduled Events, only the Primary domain needs this set. All other domains can have it 'unchecked'.
To set all other MTA's eDirectory Sync Agent to the Primary Domain:
Choose and highlight a domain MTA you will change
Select Change Assignment, in eDirectory User Synchronization Configuration
Select the Primary Domain MTA with status set to Enabled
Select the next domain you choose to change, and repeat til all domains are using the Primary Domain MTA.
The final step on setting eDirectory User Synchronization Configuration is in the properties of the MTA, Scheduled Events.
Right click on each MTA
On the GroupWise tab, select Scheduled Events
DE-Select Default eDirectory User Synchronization Event for ALL non-Primary domain MTA's
Select Default eDirectory User Synchronization Event for the Primary domain MTA and set a schedule
Best to run this event at least one time each day after hours. However, if you have a changing environment. One that changes users information quite a bit each day, should have a couple events set. Maybe run one every 4 hours. Mind you, you can always right click, GroupWise Utiltiies, Synchronize to also sync changes.
At this point, I have walked you thru basic setup of LDAP server as well and proper “Best Practice” eDirectory User Synchronization Configuration. Even if you already have these set up, this article should prove a good review and part of your preparation for upgrading to GroupWise 2014. That leaves me with this:
“Fly on Little Wing” and enjoy your GroupWise 2014 upgrade.