Anonymous_User Absent Member.
Absent Member.
647 views

Changing user source in running system and other complications

Hello,

running full GW 2014R2 and GMS 2014
the docs are very silent at this point.
Project: we´re moving our users from eDir to AD.
Environment: old PO on OES11, new PO on WinServer 2012
Groupwise is set to ldap authentication, at this moment against edir.
Change is planned to AD sync and auth.
GMS is also set to ldap authentication.

What problems we´re running in, if we change GMS to groupwise user
source and authentication?
Is there a relation between auth mode in Groupwise and GMS?
Will auth in future running in two steps: mobile device -> GMS -> AD?

Worst case:
Should I kill the complete GMS installation and start over? Bad idea,
because it´s a live system...

Any hints much appreciated
Gotthard


--
Gotthard Anger
Anwenderbetreuung Netzwerkadministration
Landeskirchenamt der EKM
gotthardanger@no-mx.forums.novell.com
http://forums.novell.com/member.php?u=35038

Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
Mails for this address will only be read if you trigger me before.
Labels (1)
0 Likes
7 Replies
snielson1 Absent Member.
Absent Member.

Re: Changing user source in running system and other complic

GMS "should" only care about the groupwise user ID if the user is already added to GMS.
Meaning.. even if you look at the database, and see the old eDirectory context, GMS shouldn't care about that path, and only use the user ID to perform a SOAP loginRequest on the GroupWise ID.

However with that being said, I've seen some systems choke on the database still containing the old context, and those systems required a full removal of all users.
With a AD user backend, you are required to use GroupWise authentication. This will send the auth from the GMS to GroupWise post office, and use whatever you have set up at that point.
Device > GMS > GroupWise > AD (ONLY if the post office is using LDAP auth)

I would recommend a new server (leaving your current live), and configure the new server how you want it, including all users. Once all the users are in the 'synced' state, you could:
1. Change the IPs to "swap" the servers. Devices will reconnect automatically
2. If you use hostname to configure the devices to your GMS server, simply change the DNS records. Again devices will reconnect without user interaction (With quarantine disabled of course)

Shane Nielson Kind of alright at doing stuff with the computer thing
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: Changing user source in running system and other complic

If GMS is set for LDAP auth, I would change it to GW auth now, while eDirectory is still in use. This should cause no problems. Then then when you switch to AD Auth at the POA, the GMS stays the same, and just asks the POA. No problem. If the passwords are different though, the GMS will ask the user to confirm.
0 Likes
snielson1 Absent Member.
Absent Member.

Re: Changing user source in running system and other complic

dzanre;2422786 wrote:
If GMS is set for LDAP auth, I would change it to GW auth now, while eDirectory is still in use. This should cause no problems. Then then when you switch to AD Auth at the POA, the GMS stays the same, and just asks the POA. No problem. If the passwords are different though, the GMS will ask the user to confirm.


If you do decide to change to GW auth now, I would also make sure all users are associated to the directory, and the POA is already using LDAP auth. Otherwise users may get a prompt on devices for a different password (directory password doesn't match GroupWise password)

Shane Nielson Kind of alright at doing stuff with the computer thing
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Changing user source in running system and other complications

Hello,

I have changed my server to groupwise auth.
Works so far.

One question remains: I can´t set a ldap group to automatic add users to
GMS?

Go

Am 15.03.2016 um 05:26 schrieb snielson:
> dzanre;2422786 Wrote:
>> If GMS is set for LDAP auth, I would change it to GW auth now, while
>> eDirectory is still in use. This should cause no problems. Then then
>> when you switch to AD Auth at the POA, the GMS stays the same, and just
>> asks the POA. No problem. If the passwords are different though, the
>> GMS will ask the user to confirm.

>
> If you do decide to change to GW auth now, I would also make sure all
> users are associated to the directory, and the POA is already using LDAP
> auth. Otherwise users may get a prompt on devices for a different
> password (directory password doesn't match GroupWise password)
>
>



--
Gotthard Anger
Anwenderbetreuung Netzwerkadministration
Landeskirchenamt der EKM
gotthardanger@no-mx.forums.novell.com
http://forums.novell.com/member.php?u=35038

Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
Mails for this address will only be read if you trigger me before.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Changing user source in running system and other complic

Hi Go,

Once switched to GroupWise authentication you need to create a GroupWise distribution list and use that to automatically add users to GMS. At least that's how I do it and it's working perfectly.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Changing user source in running system and other complic

Hi Go,

Perhaps the docs are of assistance: https://www.novell.com/documentation/groupwisemobility2014r2/gwmob2014r2_guide_admin/data/admin_usermgt_group.html

Please let us know how it goes.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Changing user source in running system and other complications

Tomatoes on my eyes...

Thx

Gotthard

Am 21.03.2016 um 09:16 schrieb laurabuckley:
>
> Hi Go,
>
> Perhaps the docs are of assistance:
> https://www.novell.com/documentation/groupwisemobility2014r2/gwmob2014r2_guide_admin/data/admin_usermgt_group.html
>
> Please let us know how it goes.
>
> Cheers,
>
>



--
Gotthard Anger
Anwenderbetreuung Netzwerkadministration
Landeskirchenamt der EKM
gotthardanger@no-mx.forums.novell.com
http://forums.novell.com/member.php?u=35038

Mails an diese Adresse werden nur nach vorheriger Ansage gelesen!
Mails for this address will only be read if you trigger me before.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.