Novell Cool Solutions

Consultants Corner: Preparation for upgrade to GroupWise 2014

Gregg Hinchman

By:

June 13, 2014 1:28 pm

Reads:1,144

Comments:1

Score:5

Print/PDF

“Butterflies and Zebras, And Moonbeams and fairy tales” … I was on a recent project upgrading the GroupWise system to GroupWise 2014. As part of the upgrade, GroupWise 2014 wants an LDAP directory and/or server if you are connected to eDirectory. And as many of you may recall, in order to do proper MTA Synchronization between GroupWise and eDirectory, you need to have eDirectory User Synchronization set up properly.

Well these two things: upgrade to GroupWise 2014 and eDirectory User Synchronization have a relationship. If you have eDirectory User Synchronization set up and working properly before you upgrade to GroupWise 2014, then you will have no issue/error related to LDAP server/directory on the upgrade. Of course, after the upgrade to GroupWise 2014, you can fix the problem. But why not fix it before?!

This article will give you an example of proper eDirectory User Synchronization. I will address two different activities/features in GroupWise. LDAP Servers and eDirectory User Synchronization. GroupWise running on Linux with no eDirectory, requires an LDAP server set up, pointing to an eDirectory replica server.

First, create a new LDAP user in your eDirectory. I usually create them in either the GroupWise OU or the O of the tree. Once the user is created, make it trustee of Root and provide it with rights.

All Attributes Rights: Compare, Read, Write
Entry Rights: Browse and Create

NOTE: Please understand this is the simplest way to set up an ldap user. But its not the most secure..
Figure 1: LDAP User, Trustee of Root, All Attribute Rights

Figure 1: LDAP User, Trustee of Root, All Attribute Rights

Figure 2: LDAP User, Trustee of Root, Entry Rights

Figure 2: LDAP User, Trustee of Root, Entry Rights

Second, create an LDAP Server under Tools | GroupWise System Operations | LDAP Servers.

Here you want want to set up a simple LDAP server. Again it will be unsecure. But remember you can secure all of this later after its working.

  1. Select Add
  2. Fill in a Name, Description
  3. Under the LDAP Server Address, place an IP Address of an eDirectory server that has a replica on it.
    • Many organizations have a specific eDirectory LDAP server. Or you can point to a server that has a Read/Write replica of Root.
    • Also here you want to make sure the server you are pointing to does not require SSL/636 and TLS. These can be found turned on in the LDAP Server and LDAP Group object for the server you are pointing to for this setup.
  4. Set the Port to 389
  5. User Authentication Method Bind
  6. Select Post Offices do not set any.
  7. Select Ok.
Figure 3: Tools | GroupWise System Operations | LDAP Servers

Figure 3: Tools | GroupWise System Operations | LDAP Servers

Figure 4: Add LDAP Server

Figure 4: Add LDAP Server

Figure 5: Fill in Name, Description, LDAP Server Address, Select OK

Figure 5: Fill in Name, Description, LDAP Server Address, Select OK

Next, we need to move onto Tools | System Operations | eDirectory User Synchronization

In eDirectory User Synchronization:

  1. Select the Configure Agents option
  2. Select the MTA for the Primary Domain
  3. Select Set Up eDirectory Access, notice the State may say ‘disabled’

In Available LDAP Servers, Select the LDAP server you setup above

  1. Select the Set Preferred, if you have more than 1 LDAP server
  2. Browse to the LDAP User created previously and Select
  3. Set the Password used for the LDAP user
  4. Browse to the LDAP Group for the server named in the LDAP Servers from above
  5. Select OK
  6. Select the Primary Domain MTA
  7. Select Enable button on the right, then OK

At this point, the Primary domain is enabled to do eDirectory User Synchronization. Also, its at this point, I would recommend that the Primary domain MTA be the Sync Agent for all domains. Why? Well if you recall, the Primary domain is the ‘gold copy’ of your GroupWise system. Its from the Primary domain that all administration can be done and pushed ‘down to’ all other domains. So by making it the eDirectory Sync Agent for all domains, it will push down all changes to all domains.

Ah…but then its a single point of failure! Yes, it is, but not of a major point. Its also easier to administer. And in the properties of the domains, under Scheduled Events, only the Primary domain needs this set. All other domains can have it ‘unchecked’.

To set all other MTA’s eDirectory Sync Agent to the Primary Domain:

  1. Choose and highlight a domain MTA you will change
  2. Select Change Assignment, in eDirectory User Synchronization Configuration
  3. Select the Primary Domain MTA with status set to Enabled
  4. Select OK
  5. Select the next domain you choose to change, and repeat til all domains are using the Primary Domain MTA.

The final step on setting eDirectory User Synchronization Configuration is in the properties of the MTA, Scheduled Events.

  1. Right click on each MTA
  2. On the GroupWise tab, select Scheduled Events
  3. DE-Select Default eDirectory User Synchronization Event for ALL non-Primary domain MTA’s
  4. Select Default eDirectory User Synchronization Event for the Primary domain MTA and set a schedule

Best to run this event at least one time each day after hours. However, if you have a changing environment. One that changes users information quite a bit each day, should have a couple events set. Maybe run one every 4 hours. Mind you, you can always right click, GroupWise Utiltiies, Synchronize to also sync changes.

Figure 6: Tools | GroupWise System Operations | eDirectory User Synchronization

Figure 6: Tools | GroupWise System Operations | eDirectory User Synchronization

Figure 7: Select Configure Agents

Figure 7: Select Configure Agents

Figure 8: Select Set Up eDirectory Access; Note: Disabled State

Figure 8: Select Set Up eDirectory Access; Note: Disabled State

Figure 9: Select LDAP Server, Set Preferred, Add LDAP User, LDAP Password, LDAP Group

Figure 9: Select LDAP Server, Set Preferred, Add LDAP User, LDAP Password, LDAP Group

Figure 10: Browse to LDAP Group for Server holding eDirectory Replica

Figure 10: Browse to LDAP Group for Server holding eDirectory Replica

Figure 11: Select Enable, Note: State Enabled, eDirectory Access is Yes

Figure 11: Select Enable, Note: State Enabled, eDirectory Access is Yes

Figure 12: Primary Domain now does eDirectory User Synchronization

Figure 12: Primary Domain now does eDirectory User Synchronization

Figure 13: Select Change Assignment to set all domain MTA's Sync Agent to be the Primary Domains MTA

Figure 13: Select Change Assignment to set all domain MTA’s Sync Agent to be the Primary Domains MTA

Figure 14: Example: Note DOM1 is the Primary Domain, its MTA is now the Sync Agent for all domains

Figure 14: Example: Note DOM1 is the Primary Domain, its MTA is now the Sync Agent for all domains

Figure 15: Set Scheduled Event ON for Primary domain, OFF for all other domains, in MTA Properties of each domain

Figure 15: Set Scheduled Event ON for Primary domain, OFF for all other domains, in MTA Properties of each domain

Summary:

At this point, I have walked you thru basic setup of LDAP server as well and proper “Best Practice” eDirectory User Synchronization Configuration. Even if you already have these set up, this article should prove a good review and part of your preparation for upgrading to GroupWise 2014. That leaves me with this:

“Fly on Little Wing” and enjoy your GroupWise 2014 upgrade.

Got comments or article ideas? Need help GroupWise? Drop me a line at: Gregg@HinchmanConsulting.com. “The Force is strong in this one.”

2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...

Tags: , ,
Categories: GroupWise, Technical

1

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

1 Comment

  1. By:tkratzer

    Excellent job Greg. As usual. Thanks, I’m upgrading a customer’s GroupWise 2012 system that is in GWAVA’s cloud.

    GroupWise 2014 is awesome!

Comment

RSS