squartec Contributor.
Contributor.
812 views

Messenger LDAP Servers

So we upgraded from Messenger 3.03 to GW Messenger 2018 in November. I kept getting errors on import, so opened an SR, and we got it working. When it imported users from the 3.03 DB, it seemed to have brought over all the users from Edir, not just the ones in the messenger system. The Novell tech couldn't tell me why that happened.
We use edir for authentication.

So I have a few questions, about how the LDAP associations work, as I'm a bit confused.
In Messenger service -> LDAP servers, I see three listed:

EdirServer (points to edir server)
PrimaryDOMAIN_LDAP (points to primary domain server)
OUR_TREE (Points to edir server)

After the initial import,the LDAPID is for users is Edirserver.
Newly created users LDAPID is PrimaryDomain_LDAP
If i associate users to their groupwise account, the LDAPID is OUR_TREE.

1) In Messenger, Settings, Account Management - I have automatic creation of users enabled. When a new user is created, it is using the Groupwise PrimaryDomain_LDAP server as the SYNC LDAP ID, but it's causing some troubles as the information isn't correct (ie it's not fully populating the name of the user) and it's not deleting users when the groupwise account is deleted (obviously). So it becomes a management nightmare.
There is no option to select another LDAP server. Is there a way for users to be created using another LDAP server? If not is it best to disable the auto create/delete accounts for GW uses in that tab and add users manually ?

2) When configuring messenger, I enabled LDAP on the PrimaryDomain MTA. Why does messenger need this? Can I turn this off?

3)Also, after the initial import, as expected all of the users in messenger are not associated back to their gw accounts. Is there an easy way to associate them rather than do it one by one?? (associating all those users one by one would be a nightmare.) I am assuming It would be easier to have them associated so when a user is deleted, it will delete the messenger account as well.
Why would you not associate them to gw accounts?


Thanks in advance,
C
Labels (1)
0 Likes
4 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Messenger LDAP Servers

squartec,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
mguldner1 Absent Member.
Absent Member.

Re: Messenger LDAP Servers

I just wanted to open a thread with quite exactly these questions. Can somebody (from Micro Focus?) answer these?

The users that have been migrated from Messenger 3x are working fine, they are configured to use eDirectory-LDAP. All users that are new since then are configured to use GW-LDAP - they can login to Messenger, but they don't have firstname and lastnames; the do only appear with their username. In GroupWise all names an other information are successfully sychronized from eDirectory.

Why do new users, that are associated with eDirectory in GroupWise, use GW-LDAP instead of eDirectory-LDAP?

If GW-LDAP is used, why are firstname and lastname not beeing synchronized?

Thanks,
Mirko
0 Likes
mguldner1 Absent Member.
Absent Member.

Re: Messenger LDAP Servers

mguldner;2499290 wrote:


If GW-LDAP is used, why are firstname and lastname not beeing synchronized?



I found that LDAP sync does not work:

Messenger log:

15:48:04 700 DIR Starting sync for LDAP/gw_hs-og_LDAP.
15:48:04 700 DIR Sync for LDAP/gw_hs-og_LDAP returned error [0xD10E].
15:48:04 700 DIR Sync for LDAP/gw_hs-og_LDAP processed 0 records, updated 0, expired 0 users.
15:48:04 700 DIR Sync finished for LDAP/gw_hs-og_LDAP.

On the other side, in gwldap.log, I don't see anything. But I think that the connection to the GW LDAP server works, because users are able to login.

I don't find any information about this error [0xD10E] - any ideas?

Thanks,
Mirko
0 Likes
mguldner1 Absent Member.
Absent Member.

Re: Messenger LDAP Servers

I found that it works when I disable SSL on the GW-LDAP.

But its not the problem mentioned in the readme:

In order to connect to GroupWise to sync users, Messenger uses GroupWise LDAP which is configured on the MTA. If the certificate specified for GroupWise LDAP uses the same CA as GroupWise, there are no issues with syncing users. If the CA is not the same, Messenger will not trust it, users will not sync, and users will not be able to authenticate. To fix this issues, append the GroupWise LDAP’s CA certificate to the end of the /etc/ssl/ca-bundle.pem file on the Messenger server.


The certificate is the same as for the MTA. And users are able to authenticate. Just synchronisation does not work.

I checked if the CA is in /etc/ssl/ca-bundle.pem - it is. I also tried to add the intermediate certtificates - problem stays. ldapsearch from the messenger server to GW LDAP works fine.

Any ideas what is still wrong?

Thanks,
Mirko
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.