Environment
Novell GroupWise 2014
Novell GroupWise 2012
Novell GroupWise 8
Novell GroupWise 7
Novell GroupWise 7
Situation
When configuring the Post Office to use LDAP authentication, the "Use SSL" option was checked, and the certificate from the eDirectory LDAP server was exported and copied to the post office.
The GroupWise client could not authenticate and displays an error:
The GroupWise client could not authenticate and displays an error:
"An LDAP error occurred"
In the Post Office Agent logs there was the following error:
HH:MM:SS D260 LDAP Error: 81 (gw_username)
HH:MM:SS D260 LDAP Error: 81 (gw_username)
HH:MM:SS D260 LDAP Error: Can't contact LDAP server (gw_username)
HH:MM:SS D260 Error: LDAP failure detected [D06B] User:gw_username (gw_username)
Resolution
The GroupWise POA seems to have trouble connecting via secure LDAP when the eDirectory server certificate or the"SSL CertificateDNS" certificate was exported via iManager. The POA does not recognize these as valid certificates, which causes the LDAP Error 81 when attempting to perform secure LDAP authentication to the eDirectory server on port 636.
The solution is to export and use a self-signed certificate from iManager (do not include the private key when exporting) and use that certificate (the exported cert.der file) when configuring the LDAP directory in the GroupWise configuration.
In iManager:
On the left side of the page, click Novell Certificate Server > Configure Certificate Authority
On the right side of the page, celect the "Certificates" tab
Check the box for "Self Signed Certificate" and click the word "Export"
Uncheck the box that says "Export private key"
Make sure that the "Export format" says DER and click "Next"
Click "Save the exported certificate"
Then when configuring the LDAP directory in GroupWise, specify the cert.der file that was exported from the self-signed certificate.