Article

(View Disclaimer)

Problem

I need to successfully authenticate over secure LDAP to GroupWise, for GroupWise Windows and Web clients.

Solution

Note: GroupWise server 7.0.2 runs on OES Linux and is called GW. You can use the following this Cool Solution for additional information:
http://www.novell.com/coolsolutions/feature/19308....

Configuring LDAP

1. Start ConsoleOne.

2. Open the Properties of the LDAP group GroupWise object.

3. Select "TLS enabled for simple binds".

Creating the SSL Certificate

1. Start ConsoleOne.

2. Open Properties of the SSL Certificate DNS GroupWise object.

3. Under Certificates, select the trusted root certificate.

4. Export the trusted root certificate without private key, in .DER format, to gwroot.der.

5. Use the 8.3 notation and copy this file to you postoffice directory: /gw/grpwise/po

Tip: Put the servername in the root certificate file, such as "gwroot.der".

Setting Up GroupWise Secure LDAP

1. Start ConsoleOne.

2. Go to Tools > System Operations > LDAP Servers.

3. Select Enable SSL and enter the location of your postoffice directory (such as /gw/grpwise/po/gwroot.der).

Note: DO NOT BROWSE, but just directly enter /gw/grpwise/po/gwroot.der.

Restarting the Agents

1. Restart POA (on Linux):

/etc/init.d/grpwise postoffice.domain stop
/etc/init.d/grpwise postoffice.domain start

where postoffice is your postoffice name and domain is your domain name.

2. Restart LDAP (on Linux).

3. To stop nldap: nldap -u

4. To start nldap: nldp -l

5. Check POA logging 0n LDAP SSL.

1.1.2.    POA Logging
11:05:49 528   LDAP Settings:
11:05:49 528   Inactive Connection Timeout: 30 secs
11:05:49 528   Disable LDAP Password Change: No
11:05:49 528   LDAP Pool Server Reset Timeout: 5 mins
11:05:49 528   LDAP Server Quarantine Threshold: 2
11:05:49 528   Current LDAP Authentication mode: Load Balance Pool
11:05:49 528   Load Balance Pool Configuration:
11:05:49 528   Server Pool: LDAP bjzu-dom bjzu-po
11:05:49 528   LDAP Authentication Server IP Address: 10.10.10.200
11:05:49 528   LDAP Server Port: 636
11:05:49 528   LDAP SSL Enabled: Yes
11:05:49 528   LDAP SSL Key File Name: /gw/grpwise/po/gwroot.der 
11:05:49 528   LDAP User Authentication Method: Bind
1.1.3.         Client authenticatie LDAP SSL
17:18:42 416 C/S Login Windows  Net Id=username ::GW Id=username :: ::ffff:10.10.10.201
17:18:52 416 Initializing Secured LDAP session with 10.10.10.200 at port 636 using SSL Key file /gw/grpwise/po/gwroot.der 

Now you have successfully authenticated over secure LDAP to GroupWise.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.