As I wrote earlier in an AppNote (http://www.novell.com/coolsolutions/appnote/18520.html), I think security in e-mail is one of the most important things to consider. You can create a GroupWise password policy with IDM, or you can use LDAP authentication for your GroupWise system. With the LDAP method, GroupWise uses the eDirectory password to authenticate to your GroupWise PostOffice.
In this article I explain how to set up LDAP authentication on a GroupWise system.
1. Create an LDAP server in the GroupWise configuation.
2. To select the primary domain in ConsoleOne, go to the menu bar and click Tools > GroupWise System Operations > LDAP Servers.
3. Click Add to create a new LDAP server.
4. Enter a name for the LDAP Server. I called mine "LDAP Test". Make sure that you select a correct LDAP Server IP Address.
5. Leave all the other settings as they are and click OK.
You will see this screen:
6. Select the LDAP Test server and click Edit.
7. In the next screen, click Select Post Offices.
8. From the available Post Offices, select a PO that needs to use LDAP authentication. I'm using the DOM01.LDAP Post Office.
9. Click Close.
10. Open the GroupWise view and select the Post Office you like to use LDAP Authentication.
11. Right-click on the Post Office and select Properties.
12. From the GroupWise Tab, select Security.
You will see this screen:
13. Make sure you select the LDAP Authentication checkbox.
14. Click the Select Server button.
15. Make sure LDAP Test Server is selected and moved under Selected Server window.
16. Click Close.
Testing the LDAP Authentication
Now you are ready to test your LDAP authentication. I test it with my GroupWise WebAccess interface.
1. Open your WebAccess login page. I log in with the username and eDirectory password.
You will notice that you can now log in now with your eDirectory password. If you try to log in with your GroupWise password, you will get an error.
Also, take a look at your POA Server screen when you are logged in:
You will see a line like this:
C/S Login WebAccess ::GW Id=ldap :: 10.100.20.254 [10.100.1.5]
This tells you that the WebAccess agent is logging in through an LDAP server.
If you see an error in the POA screen, you can change the login from normal to verbose or diagnostic.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.