The Internet Agent can perform GroupWise authentication of POP3/IMAP4 clients through an LDAP server and can also perform LDAP queries for GroupWise information. see Section 46.3.1, Enabling LDAP Services.
The following sections describe the switches required to configure this functionality:
When a POP3/IMAP4 user attempts to access a GroupWise mailbox on a post office that has been configured for LDAP authentication, the Internet Agent connects to the post office’s POA, which then connects to the LDAP server so that the LDAP server can authenticate the user.
This process works automatically if the Internet Agent’s link to the post office is client/server (meaning that it communicates through TCP/IP to the post office’s POA). If the Internet Agent is using a direct link to the post office directory rather than a client/server link to the post office’s POA, the Internet Agent must communicate directly with the LDAP server rather communicate through the POA.
The following switches are used to provide the Internet Agent with the required LDAP server information:
Specifies the IP address of the LDAP server through which GroupWise authentication takes place.
Syntax: /ldapipaddr-address
Example: /ldapipaddr-172.16.5.18
Specifies the port number being used by the LDAP server. The standard non-SSL LDAP port number is 389. The standard SSL LDAP port number is 636.
Syntax: /ldapport-number
Example: /ldapport-389
Instructs the Internet Agent to use a secure (SSL) connection with the LDAP server.
Syntax: /ldapssl
Specifies a user that has rights to the LDAP directory. The user must have at least Read rights.
Syntax: /ldapuser-username
Example: /ldapuser-ldap
Specifies the password of the user specified by the /ldapuser switch.
Syntax: /ldappwd-password
Example: /ldappwd-pwd1
The Internet Agent can function as an LDAP server, allowing LDAP queries for GroupWise user information contained in the directory. The following switches configure the Internet Agent as an LDAP server.
Enables the Internet Agent as an LDAP server.
Syntax: /ldap
Specifies the maximum number of threads the Internet Agent can use for processing LDAP queries. The default is 10.
Syntax: /ldapthrd-number
Example: /ldapthrd-5
Limits the directory context in which the LDAP server searches. For example, you could limit LDAP searches to a single Novell organization container located under the United States country container.
If you restrict the LDAP context, you must make sure that users, when defining the directory in their e-mail client, enter the same context (using the identical text you did) in the Search Base or Search Root field.
Syntax: /ldapcntxt-"context"
Example: /ldapcntxt-"O=Novell,C=US"
Defines a secondary LDAP server to which you can refer an LDAP query if the query fails to find a user or address in your GroupWise system. For this option to work, the requesting Web browser must be able to track referral URLs.
Syntax: /ldaprefurl-url
Example: /ldapurl-ldap://ldap.provider.com
Limits the directory context in which the secondary (referral) LDAP server searches.
Syntax: /ldaprefcntxt-"context"
Example: /ldaprefcntxt-"O=Novell,C=US"
Changes the LDAP listen port from the default of 389.
Syntax: /ldapserverport port_number
Example: /ldapserverport 390
Changes the LDAP SSL listen port from the default of 636.
Syntax: /ldapserversslport port_number
Example: /ldapserversslport 637