LDAP directories such as NetIQ eDirectory and Microsoft Active Directory provide two important services to your GroupWise system:
User Synchronization: User synchronization transfers modified user information from the LDAP directory to GroupWise for display in the GroupWise Address Book.
The LDAP directory is the primary location for user information. User information that is synced from the LDAP directory cannot be modified in the GroupWise Admin console. GroupWise email addresses can optionally be synced into the LDAP directory.
The MTA performs user synchronization for all users in the domain serviced by the MTA. The MTA then replicates the user information to all domains in your GroupWise system.
For setup instructions, see Section 6.1.2, Configuring User Synchronization for an LDAP Directory.
LDAP Authentication: LDAP authentication requires that GroupWise users provide their directory (network login) passwords instead of GroupWise passwords in order to access their mailboxes.
The POA performs LDAP authentication on behalf of the GroupWise client, the WebAccess Application, and the GWIA when these programs need to authenticate users to GroupWise.
For setup instructions, see Providing LDAP Authentication for GroupWise Users.
Complete the following tasks to configure your LDAP directory for use with GroupWise:
To set up a new LDAP directory for use the GroupWise:
In the GroupWise Admin console, click , then click .
Ensure that you know the required information for the LDAP directory that you want to use with GroupWise.
For more information about SSL, see Section 90.2, Server Certificates and SSL Encryption.
IMPORTANT:If you want to use a limited rights user for the eDirectory sync user and want to import group objects, the sync user needs to have read rights to the CN attribute for group objects.
Also, if you plan on using LDAP Authentication with Active Directory and want to allow your users to change their Active Directory password through GroupWise, you must configure SSL for the LDAP directory object.
Fill in the fields, then clickto verify that you have provided accurate information about the LDAP directory.
Configure user synchronization.
For detailed instructions, see Section 6.1.2, Configuring User Synchronization for an LDAP Directory.
Clickto add the LDAP directory to GroupWise.
Clickto return to the main Admin console window.
When you import GroupWise users from an LDAP directory such as NetIQ eDirectory or Microsoft Active Directory, you can select an MTA to synchronize updated user information from the LDAP directory into GroupWise. User synchronization is typically configured when the LDAP directory is established, but you can set it up or reconfigure it later as needed.
In the GroupWise Admin console, click , then click the name of the LDAP directory.
User synchronization is configured in the bottom part of the General tab of the Directory object.
(Optional) In thefield, specify the base context under which users to synchronize are located in the LDAP directory, for example:
In thefield, select the domain whose MT you want to perform user synchronization with the LDAP directory.
Clickto send a task to the MTA to perform user synchronization.
Clickto close the LDAP Servers and Directories dialog box.
If you are planning to import users from your LDAP directory into your GroupWise system, you can use LDAP authentication instead of GroupWise authentication to provide mailbox access. For instructions, see Section 15.3.4, Providing LDAP Authentication for GroupWise Users.
If you are planning to import users from your LDAP directory into your GroupWise system, you can publish the GroupWise email addresses back to your LDAP directory. For instructions, see Section 53.8.2, Publishing Email Addresses to Your LDAP Directory.