Environment
Novell GroupWise 7
Novell GroupWise 6.5
Novell GroupWise 6
Novell GroupWise 32 bit Client
LDAP Authentication
Situation
When eDir password reaches a date to change a password, there are
usually few grace logins available that were used by passing old
GroupWise password.
Resolution
When on a PO level security is set to high with the LDAP
authentication there is a good chance that either by
a user login in GrouoWise mailbox activity or by any PDA
scheduled synchronization with a GroupWise mailbox grace
logins can be used and then lock eDir account.
In order to prevent this you will need to change LDAP server
used setting. A purpose of this change is to use a "proxy" eDir
account that will be used to compare a password provided
during GroupWise login with a credentials stored in the eDir user
account. This compare authentication method does not use grace
logins
Here is a description based on Novell LDAP server:
- Start ConsoleOne and locate LDAP Group object.
- In General | LDAP Group General tab specify a Proxy Username. This must be an account that has rights to check eDir credentials of all intended GroupWise / eDir accounts. Use a navigation button to select the proxy account.
- Navigate LDAP Server object and in General | LDAP Server General click on Refresh NLDAP Server Now.
- In Tools | GroupWise System Operations select LDAP Servers item.
- Edit properties of existing LDAP sever entry or when creating a new LDAP server definition, a next configuration is the same. Change default User Authentication Method fromBindto Compare. After you make sure that the rest of IP or security settings is correct, assign it to the PO where you intend to configure LDAP authentication - click on Select Post Offices.
- In case of new LDAP authentication configuration check properties of the PO. In GroupWise | Security set Authentication into High and activate LDAP Authenticationcheck box. There is no need for any additional available LDAP configuration to provided unless intended.