6.1 Setting Up an LDAP Directory
LDAP directories such as NetIQ eDirectory and Microsoft Active Directory provide two important services to your GroupWise system:
-
User Synchronization: User synchronization transfers modified user information from the LDAP directory to GroupWise for display in the GroupWise Address Book.
The LDAP directory is the primary location for user information. User information that is synced from the LDAP directory cannot be modified in the GroupWise Admin console. GroupWise email addresses can optionally be synced into the LDAP directory.
The MTA performs user synchronization for all users in the domain serviced by the MTA. The MTA then replicates the user information to all domains in your GroupWise system.
For setup instructions, see Section 6.1.2, Configuring User Synchronization for an LDAP Directory.
-
LDAP Authentication: LDAP authentication requires that GroupWise users provide their directory (network login) passwords instead of GroupWise passwords in order to access their mailboxes.
The POA performs LDAP authentication on behalf of the GroupWise client, the WebAccess Application, and the GWIA when these programs need to authenticate users to GroupWise.
For setup instructions, see Providing LDAP Authentication for GroupWise Users.
Complete the following tasks to configure your LDAP directory for use with GroupWise:
6.1.1 Creating the LDAP Directory Object
To set up a new LDAP directory for use the GroupWise:
-
In the GroupWise Admin console, click , then click .
-
Ensure that you know the required information for the LDAP directory that you want to use with GroupWise.
For more information about SSL, see Section 90.2, Server Certificates and SSL Encryption.
IMPORTANT:If you want to use a limited rights user for the eDirectory sync user and want to import group objects, the sync user needs to have read rights to the CN attribute for group objects.
Also, if you plan on using LDAP Authentication with Active Directory and want to allow your users to change their Active Directory password through GroupWise, you must configure SSL for the LDAP directory object.
-
Fill in the fields, then click to verify that you have provided accurate information about the LDAP directory.
-
Configure user synchronization.
For detailed instructions, see Section 6.1.2, Configuring User Synchronization for an LDAP Directory.
-
Click to add the LDAP directory to GroupWise.
-
Click to return to the main Admin console window.
-
Skip to Section 52.2, Creating GroupWise Accounts by Importing Users from an LDAP Directory.
6.1.2 Configuring User Synchronization for an LDAP Directory
When you import GroupWise users from an LDAP directory such as NetIQ eDirectory or Microsoft Active Directory, you can select an MTA to synchronize updated user information from the LDAP directory into GroupWise. User synchronization is typically configured when the LDAP directory is established, but you can set it up or reconfigure it later as needed.
-
In the GroupWise Admin console, click , then click the name of the LDAP directory.
User synchronization is configured in the bottom part of the General tab of the Directory object.
-
(Optional) In the field, specify the base context under which users to synchronize are located in the LDAP directory, for example:
ou=users,ou=org_unit,o=organization cn=users,dc=server_name,dc=company_name,dc=com
-
In the field, select the domain whose MT you want to perform user synchronization with the LDAP directory.
-
Click to send a task to the MTA to perform user synchronization.
-
Click to close the LDAP Servers and Directories dialog box.