Novell Home

My Favorites

Close

Please to see your favorites.

Enabling LDAP Authentication with GroupWise 6

(Last modified: 10Aug2004)

This document (10067375) is provided subject to the disclaimer at the end of this document.

fact

Novell GroupWise

GroupWise 6

GroupWise 6 SP1

goal

Enabling LDAP Authentication with GroupWise 6

Enabling LDAP Pooling with GroupWise 6

fix

Configuring the GW Post Office for LDAP using SSL:
Post Office Properties | GroupWise Drop Down | Security | Set Security to High | High Security Options | Check LDAP Authentication | LDAP Server check Use SSL | SSL Key File = the path and filename to the exported Trusted Root Certificate.(see below on generating this file) | LDAP Server Address = the ip and port of the LDAP Server.  Default Ports are 636 for SSL Encryption and 389 for Unencrypted (clear text) | LDAP Username and Password = not necessary but strongly suggested.  If used will increase performance if the LDAP server is located on a different server than the POA.  

NOTE:  It is best to have the SSL Key file located under the post office directroy.  This has resolved 65535 and D06B errors while authenticating to LDAP.  The POA will not have to authenticate to the server for the Key when set up in this fashion.

NOTE 1: When an LDAP username and password is used, an NDS user with an expired password will be able to use LDAP to authenticate.  The LDAP user stays bound and only does a compare of the password attribute.  If the user isn't cached, then it does a full LDAP bind and will see an expired password.  This has been reported to LDAP Development.

NOTE 2: To use the LDAP Username you need EDir 85 or higher. If you are using the bind per user (the LDAP user name and password are blank on the PO LDAP configuration) and you are using GroupWise 6.0 SP1 then it should work with any Version 3 LDAP server which includes NDS 8.

NOTE 3: The LDAP SDK always send data in clear text unless SSL is turned on.

Generating the SSL Key File (trusted root certificate):
Properties of the LDAP Server object | SSL Configuration Tab | make sure the Disable SSL Port is NOT checked and it matches the port used in the Post Office Security | LDAP Server Address.  Make note of the SSL Certificate name ie: SSL Certificate DNS.  Close the LDAP Server properties.   Go to the Properties of the NDS SSL Certificate (The name you noted above SSL Certificate DNS or whatever) | Certificates | Trusted Root Certificate | Export | choose a location and filename the POA will have access to. ie: x:\system\GWCert.Der. | Export.  Make note of this path and filename as it will need to be input in the Post Office Agent Properties | Security | SSL Key File as mentioned above.

Note: When the Trusted Root Certificate is Exported, it needs to have an 8.3 filename, or it will not work with GroupWise.

See Solution NOVL68233 for Common LDAP Errors reported on the POA.

LDAP pooling works with GroupWise 6 SP3.
 
To provide a pool of LDAP authentication servers for load balance and fault tolerance.  If the non pooling switches are specified, non pooling mode will take precedence of ldap pooling.  The absence of above ldap  switches and the presence of the following switches indicates that LDAP pooling is used. If you specify both, you can switch choice from
the POA's configuration web page.  You can configure the server information in this format.
     ldapippoolx-
     ldapportpoolx-
     LdapSslPoolx-
     LdapSslKeyPoolx-[ NLM requires the full path, \\server_name\vol\directory\filename.der]
  
   where x ranges from 1 to 5
 ------------------------------------------------------------------------
/ldapippool1-[address]
/ldapportpool1-[port number, default to 389 or 636 for ssl]
/ldapsslpool1-[enable | disable ]
/ldapsslkeypool1-[ full path for key file ]
 
/ldapippool2-[address]
/ldapportpool2-[port number]
/ldapsslpool2-[enable | disable ]
/ldapsslkeypool2-[\\server_name\vol\dir\file.der]
 
/ldapippool3-[address]
/ldapportpool3-[port number]
/ldapsslpool3-[enable | disable ]
/ldapsslkeypool3-[\\server_name\vol\dir\file.der]

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10067375
  • Solution ID: NOVL68232
  • Creation Date: 08Jan2002
  • Modified Date: 10Aug2004
    • NovellGroupware

      NetWare

Did this document solve your problem? Provide Feedback