Using LDAP authentication with Retain

  • Document ID:7020290
  • Creation Date:23-Oct-2009
  • Modified Date:07-Aug-2017
    • Micro Focus Products:
      Retain Unified Archiving

Environment


Retain 1.7 and above
All supported Operating Systems for the Retain Server

Situation

How do I setup LDAP authentication for Retain? How do I login using LDAP? What effects will LDAP have on my users? How does LDAP effect external users? Will external users still be able to login to Retain?

Resolution



LDAP SETUP

NOTE:  Switching authentication methods will in no way affect the archiving processes or the searching messages in Retain.

There are a couple of different ways to utilize LDAP authentication with Retain.  Retain can authenticate users in full user@domain.com form directly to an LDAP server, in addition Retain can authenticate users with just their username, i.e. "user1", through LDAP using the POA as a kind of proxy, or a combination of the two.

user@domain.com method:

1)  Login to the Retain Server as the administrator and open Server Configuration | Accounts and check "Enable EMail Address Lookup?"




2)  Configure the LDAP server.



3) Remember to save the changes, then logout and attempt to login as one of the users with full user@domain.com form.
 



username method:

1) Open ConsoleOne, highlight the GroupWise System.  At the top bar, select Tools | GroupWise System Operations | LDAP Servers.



2) Add an LDAP Server



3)  Configure the LDAP Server, then Click "Select Post Offices".



4)  Move the applicable post offices from the left to the right.  Then close all dialog windows.



5)  Now login to Retain using just the username and the LDAP password (not the groupwise password as was previously used).




LOGIN DEFINITIONS
1.  If user@domain.com method is used, and LDAP is NOT configured for the post office - user@domain.com will allow login with LDAP password, username will allow login with GroupWise password.
2.  If user@domain.com method is used, and LDAP is configured for the post office - user@domain.com will allow login with LDAP password, username will allow login with LDAP password.

EXTERNAL USERS AND LDAP

Using the methods above will have the following effect on External Users in GroupWise.

1.  If user@domain.com method is used, and LDAP is NOT configured for the post office - externaluser@domain.com will allow login with LDAP password, externalusername will allow login with GroupWise password.
2.  If user@domain.com method is used, and LDAP is configured for the post office - externaluser@domain.com will allow login with LDAP password, externalusername will allow login with BOTH the GroupWise and LDAP passwords.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1507.