Configuring Proxies between ZENworks Mobile Workspace, a GroupWise Server, and an LDAP Source



This document provides information on how to configure proxies between ZENworks Mobile Workspace, a GroupWise server, and an LDAP source using an Nginx and an LDAP Proxy, respectively.


    • The Nginx Proxy should be installed. For information on how to install the Nginx Proxy click here.


    • The NetIQ LDAP Proxy should be installed. For information on how to install the NetIQ LDAP Proxy click here.


    • The ZENworks Mobile Workspace server should be able to communicate with the respective Proxy Servers on the designated ports.


    • The SSL ports 443 (mail server SOAP request to Nginx) and 636 (LDAPS communication) should be open for the ZENworks Mobile Workspace server to communicate with devices running the proxy service.

Configuring the Nginx Proxy

    1. Add the following lines to the nginx.conf file:

server {

        listen       443 ssl;


        ssl_session_timeout  5m;

        ssl_certificate      /etc/ssl/certs/nginx_proxy_certificate.cer;

        ssl_certificate_key  /etc/ssl/private/nginx_proxy.key;

        location /soap {


                proxy_ssl_trusted_certificate   /etc/nginx/sslcerts/mailserver.cer;

                proxy_ssl_verify              on;



In the lines listed above, specify the relevant values for the following parameters:

    • listen: listening port number


    • server name: Nginx Proxy host name


    • ssl certificate: location of the Nginx Proxy certificate


    • ssl certificate key : location of the Nginx Proxy key


    • proxy pass: soap mail URL and soap port on which the GroupWise server is configured


    • proxy ssl trusted certificate: location of the GroupWise server certificate


    • proxy ssl verify: on/off

Save the nginx.conf file and restart the nginx service.

Configuring the LDAP Proxy

Edit the nlpconf.xml file to configure the LDAP Proxy

Configuring the Listeners 

Listeners are the network interfaces on which LDAP Proxies listen for incoming requests. Using the proxy you can configure any number of listeners to listen on multiple interfaces. To configure a listener on a secure port, perform the following steps:

    1. Configure the LDAP Proxy listener with an X.509 certificate.


    1. Export the library path by using the /opt/novell/ldapproxy/bin/nlppath command.


    1. Import the certificates and keys present in the PKCS#12files by using the nlpcert utility: nlpcert -i ldap_proxy_cert.pfx -o private-cert.pem


    1. Copy the private-cert.pem to the /etc/opt/novell/ldapproxy/conf/ssl/private/ directory and ensure that the content within the nlpconf.xml is as follows:
      <listener id-listener="listener1">

      <service protocol="ldaps">







For more information about Listeners click here.

Configuring the Back- End Server

A back-end server is a directory server to which the LDAP Proxy Server is connected. To configure a back-end server on a secure port, perform the following steps:

    1. Obtain the root CA certificate in the pem format and copy it to the /etc/opt/novell/ldapproxy/conf/ssl/trustedcert/


    1. Replace x.x.x.x within the <addr-ipv4> tags with your LDAP server IP address and ensure that the content within the  nlpconf.xml is as follows:
      <list-backend-server health-check-interval-secs="60">

             <backend-server id-backend-server="Backend1">

                   <service protocol="ldaps">







    1. Save the nlpconf.xml file and restart the nlpd service.

For more information about back-end servers click here.

For verification you need to follow these steps:

    1. Configure ZENworks Mobile Workspace LDAP with the LDAP Proxy i.e. and verify that authentication goes through.


    1. In ZENworks Mobile Workspace, navigate to Domain >PIM and add the Nginx Proxy hostname, i.e., as the  GroupWise server.


    1. Enroll a device to ZENworks Mobile Workspace and check if mails are being received.



How To-Best Practice
Support Tip
Comment List