6.2 GroupWise Module
The GroupWise module allows Retain to archive messages from GroupWise. The GroupWise module must be fully configured before Retain can archive or communicate with the GroupWise mail system.
Other tools that work with the GroupWise Module:
-
GroupWise Client Plugin GroupWise Client Plugin.
-
GroupWise Webaccess Plugin GroupWise WebAccess Plugin.
-
Stubbing server Stubbing Server may be installed which can allow users to search Performing Retain Searches Within The GroupWise Client the Retain archive from their GroupWise client.
-
GroupWise Archive Migration Tool GroupWise Archive Migration Tool.
6.2.1 Prerequisites
Before beginning you will need to gather this information:
-
IP Address and SOAP port of a POA
-
A Trusted Key Name and Trusted Application Key
Setting up the Module
The GroupWise module page opens first with the Core Settings.
GroupWise
Browse to the GroupWise Administration page. Under System | Trusted Applications, create a key called Retain and export the key. You will need this for the SOAP section below.
We highly recommend enabling Message Retention Services in GroupWise, so users cannot delete messages before they are stored by Retain.
6.2.2 Core Settings
Normally all the checkboxes on this tab are always left selected. It is rare that you would ever deselect any of them. Two cases where you might, would be: troubleshooting (as instructed by Technical Support), and retiring an old email system.
The module needs to be enabled on this page to make it active in the Retain system.
The module can be given a name.
The Send Method option enables either the SMTP Forwarding or FTP features. For either feature to appear and function, the Module Forwarding tab must be configured on the Server Configuration page. See that section for more information.
The Enable Address Book Caching function allows Retain to regularly cache the online email systems address book and synchronize it with Retain. This is critical for administration, authentication, and archiving purposes. It is recommended to cache the Address Book once every 24 hours to keep the Retain storage system up to date. By default, maintenance is set to cache the Address Book once every 24 hours.
The Enable Authentication checkbox determines if end-user authentication is performed when the user logs into Retain. If it is deselected, the Retain system will NOT authenticate the user against the email system and the user will not be able to log in unless another authentication method is enabled.
The Enable Jobs checkbox determines if configured data retrieval jobs are ever passed to the Worker. Even if the individual job is fully configured and enabled, if this checkbox is switched off, no jobs configured for this module will be processed.
Set Storage Flags
If you have Retention Services enabled, which we highly recommend, you will need the Retention or Purge flags updated depending on which one you are using. Generally, you would use Retention flag for Retain and the Purge flag for your backup software, such as Reload.
You would enable Retention Services in GroupWise Administration under Domain or Post Office. Then in Client Options, Integrations, Retention, and Enable Message Retention Service.
This would be used in conjunction with a Trusted App Key which the GroupWise module needs for the SOAP tab.
The Send Method option enables either the SMTP Forwarding or FTP features. For either feature to appear and function, the Module Forwarding tab must be configured on the Server Configuration page. See that section for more information.
6.2.3 SOAP
Provide the POA Host Name and SOAP port. IP addresses are acceptable, but host names are preferred as IP addresses may change. SSL is supported, but comes at the price of speed, and will slow down the archiving process. Create a Trusted Application key for Retain, either manually from GroupWise Administration, System, Trusted Applications in GroupWise 2014 or above or Console One for GroupWise 2012 or lower.
The SOAP access information must be provided, and the connection tested and verified before the system can connect. After providing the required information, click the 'Test Connection' button. The results are displayed. A successful result must be reached before Retain can archive messages from GroupWise.
If mail server Redirection is required for mail servers which are not contained on the local WAN and must have the connection addresses manually specified, the appropriate information may be modified in the redirection table. Most installations will not require any modification.
6.2.4 LDAP
LDAP can be used to authenticate users against other directory services such as eDirectory or Active Directory.
LDAP may be used for individual users wishing to access their respective archives. If LDAP is setup and desired to be used for Retain user authentication, it must be fully configured in the GroupWise module.
Utilizing LDAP allows users to log into their respective archives using the user’s full email address. This authentication requires that the email attribute be marked indexed in GroupWise.
Active Directory Authentication - Prerequisites
Active Directory LDAP Services setup
LDAP Authentication setup in GroupWise
Go into GroupWise Administration/System and open LDAP Servers
Create a New Directory with the IP address of your AD server
Set the LDAP user name (for example, Administrator) and password
Set the Base DN (for example,DC=sf,DC=gwava,DC=net)
Choose the Sync Domain (the GW domain)
Enable Synchronization.
Create a New LDAP Server
Select the Directory
Enter the IP) address of the AD server.
Under the Post Offices tab, select a post office
Go to Post Offices and choose the post office that will be using LDAP.
Under the Security tab choose LDAP Authentication and select Preferred LDAP Servers
Go to System and open Directory Associations
Enable Search Sub Tree
Associate Mailboxes with their LDAP Names
Retain
LDAP allows the users to authenticate against Active Directory, using their email address, by following these steps:
-
Fill out the LDAP tab
Enable EMail Address lookup
Provide the LDAP Server hostname or IP address
Provide the LDAP Port (usually 389 or 636)
Enable Use SSL, if necessary
Provide the LDAP Admin User's distinguishedName in the form CN=Administrator,CN=Users,DC=company,DC=com
Provide the Password for LDAP Admin User
Provide the Top Search Context, usually the distinguishedName of the domain in the form DC=company,DC=com
-
Edit the file ~\Beginfinite\Retain\RetainServer\WEB-INF\classes\config\misc.properties
Change the following lines:
custom.ldap.enable=1
custom.ldap.class=com.gwava.authenticate.gw.AlternativeGWLDAPAuthentication
-
Restart tomcat
6.2.5 Proxy
Users who have been given proxy to another account in GroupWise may be granted access to proxy accounts in the Retain archive as well.
For performance reasons, Retain caches proxy verifications for a period of days (default is 7 days). Revocation of proxy access might not be reflected immediately in Retain. The caching period may be reduced or even disabled, (a value of ‘0’ disables caching), but this is not recommended.