The GWIA can perform GroupWise authentication of POP3/IMAP4 clients through an LDAP server and can also perform LDAP queries for GroupWise information. see Section 53.3.1, Enabling LDAP Services.
The following sections describe the switches required to configure this functionality:
When a POP3/IMAP4 user attempts to access a GroupWise mailbox on a post office that has been configured for LDAP authentication, the GWIA connects to the post office’s POA, which then connects to the LDAP server so that the LDAP server can authenticate the user.
This process works automatically if the GWIA’s link to the post office is client/server (meaning that it communicates through TCP/IP to the post office’s POA). If the GWIA is using a direct link to the post office directory rather than a client/server link to the post office’s POA, the GWIA must communicate directly with the LDAP server rather communicate through the POA.
The following switches are used to provide the GWIA with the required LDAP server information:
Specifies the IP address of the LDAP server through which GroupWise authentication takes place.
Syntax: --ldapipaddr address
Example: --ldapipaddr 172.16.5.18
Specifies the port number being used by the LDAP server. The standard non-SSL LDAP port number is 389. The standard SSL LDAP port number is 636.
Syntax: --ldapport number
Example: --ldapport 389
Instructs the GWIA to use a secure (SSL) connection with the LDAP server.
Syntax: --ldapssl
Specifies a user that has rights to the LDAP directory. The user must have at least Read rights.
Syntax: --ldapuser user_name
Example: --ldapuser ldap
Specifies the password of the user specified by the --ldapuser switch.
Syntax: --ldappwd password
Example: --ldappwd pwd1
The GWIA can function as an LDAP server, allowing LDAP queries for GroupWise user information contained in the directory. The following switches configure the GWIA as an LDAP server.
Enables the GWIA as an LDAP server.
Syntax: --ldap
Specifies the maximum number of threads the GWIA can use for processing LDAP queries. The default is 10.
Syntax: --ldapthrd number
Example: --ldapthrd 5
Limits the directory context in which the LDAP server searches. For example, you could limit LDAP searches to a single Novell organization container located under the United States country container.
If you restrict the LDAP context, you must make sure that users, when defining the directory in their email client, enter the same context (using the identical text you did) in the Search Base or Search Root field.
Syntax: --ldapcntxt "context"
Example: --ldapcntxt "O=Novell,C=US"
Defines a secondary LDAP server to which you can refer an LDAP query if the query fails to find a user or address in your GroupWise system. For this option to work, the requesting Web browser must be able to track referral URLs.
Syntax: --ldaprefurl url
Example: --ldapurl ldap://ldap.provider.com
Limits the directory context in which the secondary (referral) LDAP server searches.
Syntax: --ldaprefcntxt "context"
Example: --ldaprefcntxt "O=Novell,C=US"
Changes the LDAP listen port from the default of 389.
Syntax: --ldapserverport port_number
Example: --ldapserverport 390
Changes the LDAP SSL listen port from the default of 636.
Syntax: --ldapserversslport port_number
Example: --ldapserversslport 637