6.2 GroupWise Module
The GroupWise module allows Retain to archive messages from GroupWise. The GroupWise module must be fully configured before Retain can archive or communicate with the GroupWise mail system.
Other tools that work with the GroupWise Module:
-
A Stubbing Server can be installed which allows users to search ( Performing Retain Searches Within The GroupWise Client) the Retain archive from their GroupWise client.
6.2.1 Prerequisites of the GroupWise Module
Before beginning you should gather the following information:
-
IP Address and SOAP port of a POA
-
A Trusted Key Name and Trusted Application Key
Browse to the GroupWise Administration page. Under System | Trusted Applications, create a key called Retain and export the key. You need this for the SOAP section below.
-
Enable Message Retention Services in GroupWise, so that users cannot delete messages before they are stored by Retain.
Setting up the GroupWise Module
The GroupWise module page opens first with the Core Settings.
6.2.2 Core Settings Tab
Normally all the checkbox options on this tab are enabled. It is rare that you would ever deselect any of them. Two cases where you might, would be: troubleshooting (as instructed by Technical Support), and retiring an old email system.
The module needs to be enabled on this page to make it active in the Retain system.
The module can be given a name.
The Send Method option enables either the SMTP Forwarding or FTP features. For either feature to appear and function, the Module Forwarding tab must be configured on the Server Configuration page. See that section for more information.
The Enable Address Book Caching function allows Retain to regularly cache the online email systems address book and synchronize it with Retain. This is critical for administration, authentication, and archiving purposes. It is recommended to cache the Address Book once every 24 hours to keep the Retain storage system up to date. By default, maintenance is set to cache the Address Book once every 24 hours.
The Enable Authentication checkbox determines if end-user authentication is performed when the user logs into Retain. If it is deselected, the Retain system cannot authenticate the user against the email system and the user cannot log in unless another authentication method is enabled.
The Enable Jobs checkbox determines whether data can be retrieved and passed to the Worker. Even if the individual job is fully configured and enabled, if this option is disabled, no jobs configured for this module are run.
Set Storage Flags Section
If you have Retention Services enabled, which we highly recommend, you should update the Retention and/or Purge flags updated, depending on what you are using. Generally, you would use Retention flag for Retain and the Purge flag for your backup software, such as GroupWise Disaster Recovery.
You would enable Retention Services in GroupWise Administration under Domain or Post Office. Then in Client Options, Integrations, Retention, and Enable Message Retention Service.
This would be used in conjunction with a Trusted App Key which the GroupWise module needs for the SOAP tab.
The Send Method option enables either the SMTP Forwarding or FTP features. For either feature to appear and function, the Module Forwarding tab must be configured on the Server Configuration page. See that section for more information.
6.2.3 SOAP Tab
Provide the POA Host Name and SOAP port. IP addresses are acceptable, but host names are preferred as IP addresses may change. SSL is supported, but it slows down the archiving process. Create a Trusted Application key for Retain, either manually from GroupWise Administration, System, Trusted Applications in GroupWise 2014 or above or Console One for GroupWise 2012 or earlier.
The SOAP access information must be provided, and the connection tested and verified before the system can connect. After providing the required information, click the 'Test Connection' button. The results are displayed. A successful result must be reached before Retain can archive messages from GroupWise.
If mail server Redirection is required for mail servers which are not contained on the local WAN and must have the connection addresses manually specified, the appropriate information may be modified in the redirection table. Most installations do not require any modifications.
6.2.4 LDAP Tab
LDAP can be used to authenticate users against other directory services such as eDirectory or Active Directory.
LDAP may be used for individual users wishing to access their respective archives. If LDAP is set up and desired to be used for Retain user authentication, it must be fully configured in the GroupWise module.
Utilizing LDAP allows users to log into their respective archives using the user’s full email address. This authentication requires that the email attribute be marked indexed in GroupWise.
Using Active Directory Authentication
Before you use Active Directory Authentication, you must have LDAP Authentication configured in GroupWise and configure Retain to use Active Directory Authentication:
GroupWise Configuration for AD LDAP Authentication
-
Make sure you have Active Directory configured as an LDAP directory and an LDAP server in the GroupWise Admin Console. Also, make sure the following are set in the GroupWise Admin Console:
-
On the LDAP Directory, must be selected.
-
On the LDAP server > tab, select the Post Office that you are using for LDAP.
-
Go to > Select the Post Office that you are using for LDAP > . Select and make sure the LDAP server is listed in the column in the .
Follow the steps in LDAP Directories and Servers in Your GroupWise System in the GroupWise 18 Administration Guide if you need help setting up the LDAP directory or LDAP server.
-
-
Make sure that your GroupWise mailboxes are associated with their LDAP users by following the steps in Associating GroupWise Users with an LDAP Directory in the GroupWise 18 Administration Guide .
Retain Configuration for AD LDAP Authentication
-
In the GroupWise Module > LDAP tab, enter in the information for your LDAP server. Make sure Enable EMail Address Lookup is selected.
NOTE:The LDAP Admin User must be entered using the following form:
CN=Administrator,CN=Users,DC=company,DC=com
The Top Search Context is usually the distinguished name of the domain and must be entered using the following form:
DC=company,DC=com
-
Edit the ~Beginfinite\Retain\RetainServer\WEB-INF\classes\config\misc.properties file on the server changing the following lines:
custom.ldap.enabled=1 custom.ldap.class=com.gwava.authenticate.gw.AlternativeGWLDAPAuthentication
-
Restart tomcat on the Retain server.
6.2.5 GroupWise Proxy Accounts
Users who have been given proxy to another account in GroupWise may be granted access to proxy accounts in the Retain archive as well.
For performance reasons, Retain caches proxy verifications for a period of days (default is 7 days). Revocation of proxy access might not be reflected immediately in Retain. The caching period may be reduced or even disabled, (a value of ‘0’ disables caching), but this is not recommended.