You can configure the MTA to synchronize user information in the GroupWise Address Book with user information in an LDAP directory such as NetIQ eDirectory or Microsoft Active Directory. You can also configure the MTA to allow the Outlook Client and Mac Mail to access the System Address Book by enabling an LDAP server.
When you import GroupWise users from an LDAP directory such as NetIQ eDirectory or Microsoft Active Directory, you can select an MTA to synchronize updated user information from the LDAP directory into GroupWise. User synchronization is typically configured when the LDAP directory is established, but you can set it up or reconfigure it later as needed.
For instructions, see Configuring User Synchronization for an LDAP Directory.
The GroupWise LDAP Server allows other GroupWise application a way to access to the GroupWise System Address Book:
It enables Messenger to authenticate and manage GroupWise users.
It enables GroupWise Mobility Service to auto provision users. For more information, see Preparing GroupWise as the User Source for Your Mobility System
in the GroupWise Mobility Service 18 Installation Guide.
It allows lookups and queries via LDAP for Outlook client users connecting through GroupWise Mobility Service. For more information, see Configuring GroupWise Address Lookup in the Microsoft Outlook Client
in the GroupWise Mobility Service 18 Administration Guide.
To enable GroupWise LDAP:
In the GroupWise Admin Console, browse to and click the MTA.
Click the LDAP tab.
Select Enable LDAP.
(Optional) Enable SSL.
If SSL is enabled after the port is changed, the port will be reset to the default.
IMPORTANT:If you are using Messenger, you must have SSL enabled.
(Optional) Specify a Port number.
The default port for non-SSL is 389. The default port for SSL is 636.
(Conditional) If SSL is enabled, you can select to Use the MTA Certificate and Key or upload your own certificate and key file. When using your own files, the certificate must use one of the following formats: DER, PEM, PFX, CRT, B64, or CER.
(Optional) Select Set Password to specify a password for the key file.
(Optional) If you are using Messenger, select Enable synchronization and review the settings for when Messenger synchronizes users. Also review the query settings that manage the results for user searches.
Restart the GroupWise Admin Service on the MTA server.
There are two types of GroupWise LDAP attributes: sortable and returnable.
|
GroupWise LDAP Attribute |
GroupWise Equivalent |
|---|---|
|
givenName |
First Name |
|
surname |
Last Name |
|
|
Preferred Email Address |
|
cn |
Object Name |
|
entryUUID |
GroupWise GUID |
|
organizationUnit |
Container (ie Post Office or Domain) |
|
objectClass |
Valid values for GroupWise: organization, organizationUnit, inetOrgPerson, user, group, groupOfNames, resource, groupwiseresource |
|
GroupWise LDAP Attribute |
GroupWise Equivalent |
|---|---|
|
dn |
GroupWise distinguished name (ie cn=object name, ou=post office, ou=domain) |
|
initials |
Middle Initial |
|
generationQualifier |
Qualifier |
|
description |
Description |
|
title |
Title |
|
company |
Company |
|
organization |
System Name |
|
department |
Department |
|
telephoneNumber |
Phone Number |
|
mobile |
Mobile Number |
|
homePhone |
Home Phone |
|
otherTelephone |
Other Phone |
|
pager |
Pager Number |
|
facsimileTelephoneNumber |
Fax Number |
|
physicalDeliveryOfficeName |
Location |
|
postOfficeBox |
Post Office Box |
|
street |
Street Address |
|
l |
City |
|
st |
State |
|
state |
State |
|
postalCode |
Zip or Postal Code |
|
gwLdapId |
GroupWise LDAP ID |
|
gwLdapDn |
GroupWise LDAP DN |
|
gwDirectoryId |
GroupWise Directory ID |
You cannot run a Contains search.
Any filter beginning with a “*” will fail.
In Outlook, auto-complete will only work if you manually add the users as a contact. This is an Outlook limitation.
You cannot currently use a GroupWise created certificate for SSL.
You must restart the gwadmin service on the MTA server after enabling the LDAP server capabilities for it to be active.