6.2 Setting Up an LDAP Server

You must configure one or more LDAP servers, in addition to an LDAP directory, when one or both of the following situations exist:

  • You want to configure a pool of LDAP servers to provide redundancy for LDAP authentication.

  • You want to provide GroupWise users in a remote location with a local LDAP server and directory replica to facilitate prompt LDAP authentication.

Add one of more LDAP servers to your GroupWise system, then configure a pool of LDAP servers for each post office.

6.2.1 Adding an LDAP Server

To add an LDAP server to make your LDAP directory more accessible:

  1. In the GroupWise Admin console, click System > LDAP Servers, then click New LDAP Server.

    New LDAP Server dialog box
  2. Ensure that you know the required information for the LDAP server that you want to set up for use with your LDAP directory.

  3. Fill in the fields on the General tab, then click the Post Offices tab.

    LDAP Server object Post Offices tab
  4. Select one or more post offices in the Available Post Offices list, then click the arrow button to move them into the Selected Post Offices list.

  5. Click OK to add the new LDAP server to your GroupWise system.

    LDAP Servers and Directories list
  6. Click Close to return to the main Admin console window.

  7. Continue with Configuring a Pool of LDAP Servers.

6.2.2 Configuring a Pool of LDAP Servers

When you configure multiple LDAP servers, all configured LDAP servers make up the initial LDAP server pool. By default, the POA can contact any server in the pool when authenticating a GroupWise user that belongs to a post office. This provides load balancing and fault tolerance because each LDAP server in the pool is contacted equally often by the POA.You might prefer that the POA for a post office first contact specific LDAP servers, contacting other servers in the pool only if none of the preferred LDAP servers are available.

  1. In the GroupWise Admin console, ensure that you have more than one LDAP server set up for use with GroupWise.

  2. Browse to and click the name of a post office, then click the Security tab.

    Post Office object Security tab
  3. Select LDAP Authentication to activate the pool settings.

  4. (Optional) Adjust the pool settings as needed for your network environment.

  5. Select one or more LDAP servers in the Available LDAP Servers list, then click the arrow button to move them into the Selected LDAP Servers list.

  6. Click OK to save the security settings for the post office.

Corresponding Startup Switches: You can also use the ‑‑ldappoolresettime startup switch in the POA startup file to configure the timeout interval.

6.2.3 Specifying Failover LDAP Servers (Non-SSL Only)

If the POA does not need to use an SSL connection to your LDAP servers, you can use the ‑‑ldapipaddr switch to list multiple LDAP servers. Then, if the primary LDAP server fails to respond, the POA tries the next LDAP server in the list, and so on until it is able to access the LDAP directory. This provides failover LDAP servers for the primary LDAP server but does not provide load balancing, because the primary LDAP server is always contacted first.

  1. In the GroupWise Admin console, ensure you have provided the basic LDAP information on the Post Office object Security tab.

    For background information, see Providing LDAP Authentication for GroupWise Users.

  2. Edit the POA startup file (post_office.poa) with an ASCII text editor.

    For more information about the POA startup file, see Section 20.0, Using POA Startup Switches.

  3. Use the ‑‑ldapipaddr startup switch to list addresses for multiple LDAP servers. Use a space between addresses.

    For example:

    /ldapipaddr-172.16.5.18 172.16.15.19 172.16.5.20

    IMPORTANT:Do not include any LDAP servers that require an SSL connection. There is currently no way to specify multiple SSL key files unless you are using pooled LDAP servers. For more information, see Configuring a Pool of LDAP Servers.

  4. Save the POA startup file, then exit the text editor.

  5. Stop the POA, then start the POA so that it reads the updated startup file.