Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
1745 views

Console Administrator?

We're implementing Mobility Service for the first time starting with LDAP as our User Source. We have an LDAP service account we're using to administrate the web console with. We want to test GroupWise as our method for User Source but when doing so, our LDAP account of course no longer functions as 'admin' to the Mobility console. Seemingly we must then login to the console with GroupWise credentials. This succeeds but only as a user without admin rights. Even our GroupWise Administrator can't login as himself and achieve anything but user options.

What then becomes the console administrator account? We can't seem to locate a GroupWise service account or eDir admin account that will do the trick.
Labels (1)
0 Likes
11 Replies
Absent Member.
Absent Member.

Hi,

After to change your GMS to GroupWise Provisioning, you should be able to login into webadmin using the root and password user of the server.

Regards.
0 Likes
Absent Member.
Absent Member.

youngjforge wrote:

> We're implementing Mobility Service for the first time starting with
> LDAP as our User Source. We have an LDAP service account we're using
> to administrate the web console with. We want to test GroupWise as
> our method for User Source but when doing so, our LDAP account of
> course no longer functions as 'admin' to the Mobility console.
> Seemingly we must then login to the console with GroupWise
> credentials. This succeeds but only as a user without admin rights.
> Even our GroupWise Administrator can't login as himself and achieve
> anything but user options.


It should still work. With my test 2.0.1 server, I have authentication
in the user source set to GroupWise, yet I can still login as one of
the LDAP users defined in /etc/datasync/configengine/configengine.xml.
In particular one of those users is the admin user of the tree and that
user does not have an account in my GW2014 system. If you look at
configengine.xml on your server, go to the <admins> section, is your
LDAP service account listed?

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thank you, very helpful (and obvious). We just weren't thinking along those lines. Now in this mode, should I expect to configure the user device with GroupWise credential? or their eDir credential? The LDAP mode called for their eDir. Our goal is to configure via GroupWise credential; we're trying to avoid having to know/provide the device their eDir credential while we first configure the device on their behalf.
0 Likes
Absent Member.
Absent Member.

youngjforge wrote:

> Thank you, very helpful (and obvious). We just weren't thinking along
> those lines. Now in this mode, should I expect to configure the user
> device with GroupWise credential? or their eDir credential? The LDAP
> mode called for their eDir. Our goal is to configure via GroupWise
> credential; we're trying to avoid having to know/provide the device
> their eDir credential while we first configure the device on their
> behalf.


If GMS is configured for GW authentication, then when configuring the
e-mail account on the device you would use GW credentials. Of course
if GW itself is configured to use LDAP credentials, then the GW/LDAP
credentials are one and the same.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks again. Still no luck with using GW credentials, so we're trying to figure out if our GroupWise itself is using LDAP in this capacity as you suggest. Strange though, our users absolutely have separate and distinct eDir versus GroupWise credentials and their LDAP seems to be tied to their eDir. Can you please shed any more light on this?
0 Likes
Absent Member.
Absent Member.

youngjforge wrote:

>
> Thanks again. Still no luck with using GW credentials, so we're
> trying to figure out if our GroupWise itself is using LDAP in this
> capacity as you suggest. Strange though, our users absolutely have
> separate and distinct eDir versus GroupWise credentials and their
> LDAP seems to be tied to their eDir. Can you please shed any more
> light on this?


If the users use different passwords to authenticate to GW than they do
to eDir then obviously LDAP authentication isn't being used. But that
still shouldn't impact admin logins to GMS. If the correct admins are
specified in configengine.xml but can't login to GMS, then you may want
to dive into the logs in /var/log/datasync to see what failure is being
reported when they try to login.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Sorry, I wasn't being clear. We've gotten past admin logins well enough (thanks to you), but now just can't make user authentications when configuring devices based on their GW credential. Refuses to accept anything but their eDir credential despite GMS' User Source configured as GroupWise (versus LDAP).
0 Likes
Absent Member.
Absent Member.

youngjforge wrote:

>
> Sorry, I wasn't being clear. We've gotten past admin logins well
> enough (thanks to you), but now just can't make user authentications
> when configuring devices based on their GW credential. Refuses to
> accept anything but their eDir credential despite GMS' User Source
> configured as GroupWise (versus LDAP).


Oh.... sorry, I misunderstood. Hmm, I know you said users have
separate GW passwords from their eDir passwords. Are you 100% sure of
this? Take a look at the post office settings and verify that LDAP
authentication isn't enabled. Assuming you are on GW2012 or earlier,
here's how to check.

https://www.novell.com/documentation/groupwise2012/gw2012_guide_admin/data/ak8h8gs.html#ahi3yjz

If LDAP auth is disabled in the PO, then my next question is whether or
not you've restarted GMS since changing the authentication from LDAP to
GW.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Thanks again. You suggested rebooting at the exact same time I finally though to do that. Voila! GroupWise credential authentication.

Now that I've gotten thru that I have a new issue that may/may not best be described in this forum/thread. Our GMS is now working for all but one user and particularly only where synching address books is concerned. He synchs fine to mailbox/calendar. Tried everything I know including re-initializing user, re-synching device, ConsoleOne mailbox maintenance, having user create brand new address book to synch, etc., none of which allows any of his books to synch. I'm stumped. Any thoughts?
0 Likes
Absent Member.
Absent Member.

youngjforge wrote:

> Now that I've gotten thru that I have a new issue that may/may not
> best be described in this forum/thread. Our GMS is now working for
> all but one user and particularly only where synching address books is
> concerned. He synchs fine to mailbox/calendar. Tried everything I
> know including re-initializing user, re-synching device, ConsoleOne
> mailbox maintenance, having user create brand new address book to
> synch, etc., none of which allows any of his books to synch. I'm
> stumped. Any thoughts?


Any chance for this one user the contacts folder has been moved as a
subfolder underneath another one? If so, try moving it back to the top
level.

--
Your world is on the move. http://www.novell.com/mobility/
BrainShare 2014 is coming. http://www.novell.com/brainshare/

Joe Marton Emeritus Knowledge Partner
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Found it to be normally placed under Frequent Contacts as others are who are working. Regardless moved it up to the root location. Interestingly, noticed the "Mailbox" was not at the top of the structure so I moved it to the top. Did both, re-initialized and re-added account at device and voila! I may never know precisely the issue. Thanks for the help.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.