Configuring LDAP Services

The Internet Agent supports the Lightweight Directory Access Protocol (LDAP) standard. With LDAP enabled, the GroupWise® Internet Agent functions as an LDAP server, allowing LDAP queries for GroupWise user information contained in the Novell® eDirectoryTM. You can also configure which GroupWise fields (Given Name, Last Name, Phone, and E-Mail) are visible to an LDAP query.

IMPORTANT:  For users to perform LDAP searches for GroupWise user information, they need to define the GroupWise Address Book as a directory in their e-mail client. When doing so, they will use the Internet Agent's DNS hostname or IP address for the LDAP server address


Enabling LDAP Services

To enable and configure LDAP services for mail client access:

  1. In ConsoleOne®, right-click the Internet Agent object, then click Properties.

  2. Click LDAP > Settings to display the LDAP Settings page.


    LDAP Settings property page
  3. Fill in the fields:

    Enable LDAP Service: Turn on this option to allow LDAP queries. LDAP service is on by default. This setting corresponds to the Internet Agent's /ldap switch.

    Number of LDAP Threads: The LDAP Threads setting lets you specify the maximum number of threads that will process LDAP queries. The default is 10 threads. This setting corresponds with the Internet Agent's /ldapthrd switch.

    LDAP Context: Use this option to limit the directory context in which the LDAP server will search. For example, if you want to limit LDAP searches to the Novell organization container located under the United States country container, enter O=Novell,C=US. This setting corresponds with the Internet Agent's /ldapcntxt switch.

    If you enter an LDAP context, you must make sure that users, when defining the directory in their e-mail client, enter the same context (using the identical text you did) in the Search Base or Search Root field.

    You can leave the settings empty in both locations.

    LDAP Referral URL: Use this option to define a secondary LDAP server to which you can refer an LDAP query if the query fails to find a user or address in your GroupWise system. For this option to work, the requesting Web browser must be able to track referral URLs. This setting corresponds with the Internet Agent's /ldaprefurl switch.

  4. Continue with the next section, Configuring Public Access.


Configuring Public Access

After you've enabled LDAP services, you can configure which GroupWise fields will be visible to LDAP searches and also set search restrictions. By default, no fields are visible.

  1. If the Internet Agent object's property page is not open, right-click the Internet Agent object, then click Properties.

  2. Click Access Control > LDAP Public Settings.


    LDAP Public Settings page
  3. Fill in the fields:

    LDAP Defaults: Select one of the following defaults for public access: Allow Access or Prevent Access. If you select Allow Access, the GroupWise fields (in the Visible Fields lists) will default to Visible for an LDAP search. If you select Prevent Access, the GroupWise fields will default to Not Visible.

    Visible Fields: You can override the default visibility for a GroupWise field (Given Name, Last Name, Phone, and E-Mail) by selecting the field and then clicking the appropriate visibility button (Visible or Not Visible). For example, if you've selected Allow Access as the LDAP default, but you don't want users' telephone numbers to be visible, you can mark the Phone field as Not Visible.

    Number of Entries to Return: Select the maximum number of entries to return. The default is 100.

    How Many Seconds to Search: Select the maximum amount of time (in seconds) you want the Internet Agent to spend searching. The default is 120 seconds.

    Idle Minutes before Timeout: Specify the number of minutes to allow the search to continue without finding a matching address entry. The default is 5 minutes.

  4. Click OK to save the changes.