GroupWise Secure LDAP Authentication



I need to successfully authenticate over secure LDAP to GroupWise, for GroupWise Windows and Web clients.


Note: GroupWise server 7.0.2 runs on OES Linux and is called GW. You can use the following this Cool Solution for additional information:

Configuring LDAP

1. Start ConsoleOne.

2. Open the Properties of the LDAP group GroupWise object.

3. Select "TLS enabled for simple binds".

Creating the SSL Certificate

1. Start ConsoleOne.

2. Open Properties of the SSL Certificate DNS GroupWise object.

3. Under Certificates, select the trusted root certificate.

4. Export the trusted root certificate without private key, in .DER format, to gwroot.der.

5. Use the 8.3 notation and copy this file to you postoffice directory: /gw/grpwise/po

Tip: Put the servername in the root certificate file, such as "gwroot.der".

Setting Up GroupWise Secure LDAP

1. Start ConsoleOne.

2. Go to Tools > System Operations > LDAP Servers.

3. Select Enable SSL and enter the location of your postoffice directory (such as /gw/grpwise/po/gwroot.der).

Note: DO NOT BROWSE, but just directly enter /gw/grpwise/po/gwroot.der.

Restarting the Agents

1. Restart POA (on Linux):

/etc/init.d/grpwise postoffice.domain stop
/etc/init.d/grpwise postoffice.domain start

where postoffice is your postoffice name and domain is your domain name.

2. Restart LDAP (on Linux).

3. To stop nldap: nldap -u

4. To start nldap: nldp -l

5. Check POA logging 0n LDAP SSL.

1.1.2.    POA Logging
11:05:49 528 LDAP Settings:
11:05:49 528 Inactive Connection Timeout: 30 secs
11:05:49 528 Disable LDAP Password Change: No
11:05:49 528 LDAP Pool Server Reset Timeout: 5 mins
11:05:49 528 LDAP Server Quarantine Threshold: 2
11:05:49 528 Current LDAP Authentication mode: Load Balance Pool
11:05:49 528 Load Balance Pool Configuration:
11:05:49 528 Server Pool: LDAP bjzu-dom bjzu-po
11:05:49 528 LDAP Authentication Server IP Address:
11:05:49 528 LDAP Server Port: 636
11:05:49 528 LDAP SSL Enabled: Yes
11:05:49 528 LDAP SSL Key File Name: /gw/grpwise/po/gwroot.der
11:05:49 528 LDAP User Authentication Method: Bind
1.1.3. Client authenticatie LDAP SSL
17:18:42 416 C/S Login Windows Net Id=username ::GW Id=username :: ::ffff:
17:18:52 416 Initializing Secured LDAP session with at port 636 using SSL Key file /gw/grpwise/po/gwroot.der

Now you have successfully authenticated over secure LDAP to GroupWise.


How To-Best Practice
Comment List