Cool Solutions

GroupWise Secure LDAP Authentication


July 17, 2007 5:28 am






I need to successfully authenticate over secure LDAP to GroupWise, for GroupWise Windows and Web clients.


Note: GroupWise server 7.0.2 runs on OES Linux and is called GW. You can use the following this Cool Solution for additional information:

Configuring LDAP

1. Start ConsoleOne.

2. Open the Properties of the LDAP group GroupWise object.

3. Select “TLS enabled for simple binds”.

Creating the SSL Certificate

1. Start ConsoleOne.

2. Open Properties of the SSL Certificate DNS GroupWise object.

3. Under Certificates, select the trusted root certificate.

4. Export the trusted root certificate without private key, in .DER format, to gwroot.der.

5. Use the 8.3 notation and copy this file to you postoffice directory: /gw/grpwise/po

Tip: Put the servername in the root certificate file, such as “gwroot.der”.

Setting Up GroupWise Secure LDAP

1. Start ConsoleOne.

2. Go to Tools > System Operations > LDAP Servers.

3. Select Enable SSL and enter the location of your postoffice directory (such as /gw/grpwise/po/gwroot.der).

Note: DO NOT BROWSE, but just directly enter /gw/grpwise/po/gwroot.der.

Restarting the Agents

1. Restart POA (on Linux):

/etc/init.d/grpwise postoffice.domain stop
/etc/init.d/grpwise postoffice.domain start

where postoffice is your postoffice name and domain is your domain name.

2. Restart LDAP (on Linux).

3. To stop nldap: nldap -u

4. To start nldap: nldp -l

5. Check POA logging 0n LDAP SSL.

1.1.2.    POA Logging
11:05:49 528   LDAP Settings:
11:05:49 528   Inactive Connection Timeout: 30 secs
11:05:49 528   Disable LDAP Password Change: No
11:05:49 528   LDAP Pool Server Reset Timeout: 5 mins
11:05:49 528   LDAP Server Quarantine Threshold: 2
11:05:49 528   Current LDAP Authentication mode: Load Balance Pool
11:05:49 528   Load Balance Pool Configuration:
11:05:49 528   Server Pool: LDAP bjzu-dom bjzu-po
11:05:49 528   LDAP Authentication Server IP Address:
11:05:49 528   LDAP Server Port: 636
11:05:49 528   LDAP SSL Enabled: Yes
11:05:49 528   LDAP SSL Key File Name: /gw/grpwise/po/gwroot.der 
11:05:49 528   LDAP User Authentication Method: Bind
1.1.3.         Client authenticatie LDAP SSL
17:18:42 416 C/S Login Windows  Net Id=username ::GW Id=username :: ::ffff:
17:18:52 416 Initializing Secured LDAP session with at port 636 using SSL Key file /gw/grpwise/po/gwroot.der 

Now you have successfully authenticated over secure LDAP to GroupWise.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.