Article

(View Disclaimer)

Did you use the GroupWise Monitor on a Windows Workstation; do you miss the nice old features (like showing all logged on users)?

The old monitor is still there (http://localhost:8200 but pretty useless without any access control) so what you want to add is SSL and an authentication against your eDirectory. I am using SLES11 in this example.

1. Install the GroupWise Monitor Agent (the Monitor Application is NOT needed)
2. Make sure you have Apache installed.
3. Activate the Apache module “proxy_http“.

As the root user type: "a2enmod proxy_http“

Uncomment the "proxy-http” line in "etc/apache/sysconfig.d/loadmodule.conf"

I recommend creating a new vhost in "/etc/apache2/vhosts.d/” lets name it "gwm” listening on port 4433. So create a file "/etc/apache2/vhosts.d/gwm.conf” with the following lines:

 
<IfDefine SSL>
<IfDefine !NOSSL>
 
Listen *:4433
 
<VirtualHost *:4433>
        ServerName ThisNameShouldMatchTheNameInTheCertificate 
        DocumentRoot "/srv/www/htdocs"
        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
 
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt/mycert.pem
        SSLCertificateKeyFile /etc/apache2/ssl.key/mykey.key
        SSLCertificateChainFile /etc/apache2/ssl.crt/mychain.pem
 
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>
        <Directory "/srv/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
 
        CustomLog /var/log/apache2/ssl_request_log   ssl_combined
 
        ProxyRequests Off
 
        <Location />
                SSLRequireSSL
                AuthName "Enter Username and password" 
                AuthType Basic
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative On
                AuthLDAPURL ldaps://YourLDAPServer/YourSearchBase?cn?sub?(objectClass=person)
                AuthLDAPBindDN cn=MyLDAPReader,o=novell
                AuthLDAPBindPassword "LDapReaderPassword"
                Require ldap-attribute groupmembership=cn=groupwisemonitor,o=novell
                ProxyPass http://127.0.0.1:8200/
                ProxyPassReverse http://127.0.0.1:8200/
        </Location>
 
 
</VirtualHost>
 
</IfDefine>
</IfDefine>

Some explanations:

ThisNameShouldMatchTheNameInTheCertificate: Replace with the name of your CN found in the certificate
mycert.pem, mykey.pem, mychain.pem: Your certificate, private key and your certificate chain. (this is optional and you could just delete the line)
YourLDAPServer: Hostname of your LDAP Server.
YourSearchBase: Your Searchbase (for example: "o=novell“)
MyLDAPReader, LdapReaderPassword: Username and password of a user object which is allowed to read group membership in your tree.
cn=groupwisemonitor,o=novell: The group which any user accessing the GWMonitor must be in.

4. Open port 4433 in the SuSE Firewall
5. Restart Apache "rcapache2 restart“

The URL of your GroupWise Monitor is now: https://yourhost:4433.
Have fun.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.