Novell Home

Authenticating GroupWise Users Against a Non-Novell LDAP Server

Novell Cool Solutions: Tip
By Jim Klein

Digg This - Slashdot This

Posted: 27 Jan 2005
 

Problem:

Authenticating GroupWise users against a non-Novell LDAP server.

Solution:

Most people know that you can authenticate GroupWise users against eDirectory using LDAP, and thus have a single password for Novell authentications. But what if you want to authenticate to another LDAP directory, such as OpenLDAP (on a non-eDirectory server, like Mac X or Linux with a Samba/OpenLDAP combo?) With a little configuration and a POA switch on GroupWise 6.5.2+ agents you can do just that.

The first thing to do is to edit the POA's configuration file and add the /noldapx flag to it, then restart the agent. Then follow Novell documentation instructions for setting Groupwise security to High and enabling LDAP authentication. The net effect of this is that Groupwise will search the LDAP servers DEFAULT context for a user's uid, by first searching the mail property for their email address. It will then do a bind using that uid to check for a proper password.

The important thing to note is that a default context is REQUIRED for this to work properly. To set this in OpenLDAP, edit your /etc/openldap/slapd.conf file (or wherever it is) and be sure you have a line similar to the following (replace with the context of your users, of course):

defaultsearchbase "ou=yourorgunit,dc=domain,dc=com"

So, in summary, three things are required, beyond the standard LDAP authentication settings:

  1. /noldapx switch in the POA configuration file
  2. Every user with a GroupWise account must have their mail property set to their email address.
  3. LDAP server must be setup to search a default context.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell