86.2 Using LDAP Authentication for GroupWise Users

LDAP authentication provides a more secure method of mailbox access than standard GroupWise authentication, which is the default when you set up your GroupWise system. Therefore, you should implement LDAP authentication, as described in Section 36.3.4, Providing LDAP Authentication for GroupWise Users.

On the Post Office object, the LDAP username that you provide on the Security property page should be granted only browser rights in the eDirectory tree. The password for the LDAP user should be long and randomly generated.

On the LDAP Server object, Require TLS for All Operations should be selected on the SSL/TLS Configuration property page. On the LDAP Group object, Require TLS for Simple Binds with Password should be selected.

On your LDAP servers, the trusted root certificate file should be write protected so that it cannot be tampered with.