53.3 Configuring LDAP Services

The GWIA supports the Lightweight Directory Access Protocol (LDAP) standard. With LDAP enabled, the GroupWise GWIA functions as an LDAP server, allowing LDAP queries for GroupWise user information contained in the GroupWise Address Book. You can also configure which GroupWise fields (Given Name, Last Name, Phone, and E-Mail) are visible to an LDAP query.

IMPORTANT:For users to perform LDAP searches for GroupWise user information, they need to define the GroupWise Address Book as an LDAP directory in their email client. When doing so, they use the GWIA’s DNS hostname or IP address for the LDAP server address

53.3.1 Enabling LDAP Services

To enable and configure LDAP services for mail client access:

  1. In ConsoleOne, right-click the GWIA object, then click Properties.

  2. Click LDAP > Settings to display the LDAP Settings page.

    LDAP Settings property page

  3. Fill in the fields:

    Enable LDAP Service: Turn on this option to allow LDAP queries. LDAP service is off by default. This setting corresponds to the GWIA’s --ldap switch.

    Number of LDAP Threads: The LDAP Threads setting lets you specify the maximum number of threads that process LDAP queries. The default is 10 threads. This setting corresponds with the GWIA’s --ldapthrd switch.

    LDAP Context: Use this option to limit the directory context in which the LDAP server searches. For example, if you want to limit LDAP searches to the Novell organization container located under the United States country container, enter O=Novell,C=US. This setting corresponds with the GWIA’s --ldapcntxt switch.

    If you enter an LDAP context, you must make sure that users, when defining the directory in their email client, enter the same context (using the identical text you did) in the Search Base or Search Root field.

    You can leave the settings empty in both locations.

    LDAP Referral URL: Use this option to define a secondary LDAP server to which you can refer an LDAP query if the query fails to find a user or address in your GroupWise system. For this option to work, the requesting Web browser must be able to track referral URLs. This setting corresponds with the GWIA’s --ldaprefurl switch.

  4. Continue with the next section, Configuring Public Access.

53.3.2 Configuring Public Access

After you have enabled LDAP services, you can configure which GroupWise fields are visible to LDAP searches and also set search restrictions. By default, no fields are visible.

  1. If the GWIA object’s property page is not open, right-click the GWIA object, then click Properties.

  2. Click Access Control > LDAP Public Settings.

    LDAP Public Settings page

  3. Fill in the fields:

    LDAP Defaults: Select one of the following defaults for public access: Allow Access or Prevent Access. If you select Allow Access, the GroupWise fields (in the Visible Fields lists) default to Visible for an LDAP search. If you select Prevent Access, the GroupWise fields default to Not Visible.

    Visible Fields: You can override the default visibility for a GroupWise field (Given Name, Last Name, Phone, and E-Mail) by selecting the field and then clicking the appropriate visibility button (Visible or Not Visible). For example, if you have selected Allow Access as the LDAP default, but you don’t want users’ telephone numbers to be visible, you can mark the Phone field as Not Visible.

    Number of Entries to Return: Select the maximum number of entries to return. The default is 100.

    How Many Seconds to Search: Select the maximum amount of time (in seconds) you want the GWIA to spend searching. The default is 120 seconds.

    Idle Minutes before Timeout: Specify the number of minutes to allow the search to continue without finding a matching address entry. The default is 5 minutes.

  4. Click OK to save the changes.