How to prevent from eDir account being locked by GroupWise login.

  • 3662226
  • 16-Nov-2007
  • 27-Apr-2012


Novell GroupWise 7
Novell GroupWise 6.5
Novell GroupWise 6
Novell GroupWise 32 bit Client
LDAP Authentication


When eDir password reaches a date to change a password, there are usually few grace logins available that were used by passing old GroupWise password.


When on a PO level security is set to high with the LDAP authentication there is a good chance that either by a user login in GrouoWise mailbox activity or by any PDA scheduled synchronization with a GroupWise mailbox grace logins can be used and then lock eDir account.
In order to prevent this you will need to change LDAP server used setting. A purpose of this change is to use a "proxy" eDir account that will be used to compare a password provided during GroupWise login with a credentials stored in the eDir user account. This compare authentication method does not use grace logins
Here is a description based on Novell LDAP server:
  • Start ConsoleOne and locate LDAP Group object.
  • In General | LDAP Group General tab specify a Proxy Username. This must be an account that has rights to check eDir credentials of all intended GroupWise / eDir accounts. Use a navigation button to select the proxy account.
  • Navigate LDAP Server object and in General | LDAP Server General click on Refresh NLDAP Server Now.
  • In Tools | GroupWise System Operations select LDAP Servers item.
  • Edit properties of existing LDAP sever entry or when creating a new LDAP server definition, a next configuration is the same. Change default User Authentication Method fromBindto Compare. After you make sure that the rest of IP or security settings is correct, assign it to the PO where you intend to configure LDAP authentication - click on Select Post Offices.
  • In case of new LDAP authentication configuration check properties of the PO. In GroupWise | Security set Authentication into High and activate LDAP Authenticationcheck box. There is no need for any additional available LDAP configuration to provided unless intended.