Article

zwetr's picture

GroupWise Secure LDAP Authentication

Author Info

17 July 2007 - 4:28am
Submitted by: zwetr

Author Blog
Author Profile

Tags

Tags Map
article
Reads:

1940

Score:
0
0
 
Comments:

0

Problem

I need to successfully authenticate over secure LDAP to GroupWise, for GroupWise Windows and Web clients.

Solution

Note: GroupWise server 7.0.2 runs on OES Linux and is called GW. You can use the following this Cool Solution for additional information:
http://www.novell.com/coolsolutions/feature/19308....

Configuring LDAP

1. Start ConsoleOne.

2. Open the Properties of the LDAP group GroupWise object.

3. Select "TLS enabled for simple binds".

Creating the SSL Certificate

1. Start ConsoleOne.

2. Open Properties of the SSL Certificate DNS GroupWise object.

3. Under Certificates, select the trusted root certificate.

4. Export the trusted root certificate without private key, in .DER format, to gwroot.der.

5. Use the 8.3 notation and copy this file to you postoffice directory: /gw/grpwise/po

Tip: Put the servername in the root certificate file, such as "gwroot.der".

Setting Up GroupWise Secure LDAP

1. Start ConsoleOne.

2. Go to Tools > System Operations > LDAP Servers.

3. Select Enable SSL and enter the location of your postoffice directory (such as /gw/grpwise/po/gwroot.der).

Note: DO NOT BROWSE, but just directly enter /gw/grpwise/po/gwroot.der.

Restarting the Agents

1. Restart POA (on Linux):

/etc/init.d/grpwise postoffice.domain stop
/etc/init.d/grpwise postoffice.domain start

where postoffice is your postoffice name and domain is your domain name.

2. Restart LDAP (on Linux).

3. To stop nldap: nldap -u

4. To start nldap: nldp -l

5. Check POA logging 0n LDAP SSL.

1.1.2.    POA Logging
11:05:49 528   LDAP Settings:
11:05:49 528   Inactive Connection Timeout: 30 secs
11:05:49 528   Disable LDAP Password Change: No
11:05:49 528   LDAP Pool Server Reset Timeout: 5 mins
11:05:49 528   LDAP Server Quarantine Threshold: 2
11:05:49 528   Current LDAP Authentication mode: Load Balance Pool
11:05:49 528   Load Balance Pool Configuration:
11:05:49 528   Server Pool: LDAP bjzu-dom bjzu-po
11:05:49 528   LDAP Authentication Server IP Address: 10.10.10.200
11:05:49 528   LDAP Server Port: 636
11:05:49 528   LDAP SSL Enabled: Yes
11:05:49 528   LDAP SSL Key File Name: /gw/grpwise/po/gwroot.der 
11:05:49 528   LDAP User Authentication Method: Bind
1.1.3.         Client authenticatie LDAP SSL
17:18:42 416 C/S Login Windows  Net Id=username ::GW Id=username :: ::ffff:10.10.10.201
17:18:52 416 Initializing Secured LDAP session with 10.10.10.200 at port 636 using SSL Key file /gw/grpwise/po/gwroot.der

Now you have successfully authenticated over secure LDAP to GroupWise.


Author Info

17 July 2007 - 4:28am
Submitted by: zwetr

Author Blog
Author Profile

Tags

Tags Map


Related Articles


User Comments

© 2009 Novell, Inc. All Rights Reserved.