eDirectory Single Sign-On (SSO) not working despite all documented required configuration being done correctly

  • 7020996
  • 20-Jun-2017
  • 20-Jun-2017

Environment

Novell GroupWise 2014 R2 Support Pack 2

Situation

GroupWise Windows client users are prompted for a password when attempting to login to their GroupWise mailbox, when all documented configuration requirements have been properly met for eDirectory Single Sign-On.

Resolution

An improper value in an eDirectory user(s) object attributes, as seen in iManager, was modified to resolve this issue.

The GroupWise users are members of an eDirectory template object created in ConsoleOne when they originally had GroupWise 8.  The GroupWise users were inheriting the template user attributes.

In iManager, properties of a problem user, General tab, "Other" menu selection, under "Valued Attribute" , there was listed an attribute called "NGW: User ID", the improper value listed was "DClark". 

 Once all "NGW:" attributes were removed under "Valued Attributes" the problem went away and users could successfully use eDir SSO with GroupWise.

Since this eDirectory template was later deleted and a new template created in iManager, this is also a solution to the issue.

Cause

Corrupted eDirectory template object in which users inherited eDirectory user attributes.

Additional Information

Note:  The value "DClark" was not the correct user id of the user authenticated to eDirectory on the Windows workstation or the GroupWise UserID.

In the GroupWise Post Office Agent ( POA ) we could see :

16:36:05:000 2B4E C/S Login Windows Net Id=CN=QGTestUser OU=Metro, O=HQ ::GW Id=DClark :: 192.168.1.10

16:36:05:000 2B4E Novell client credentials reeceived:

16:36:05:000 2B4E    Name = CN=QGTestUser,OU=Metro,O=HQ

16:36:05:000 2B4E    Tree = ourTree

16:36:05:000 2B4E     LDAP GUID = <Guid value>

16:36:05:000 2B4E     System GUID = <Guid value>

16:36:05:000 2B4E Redirecting user DCLARK to 192.168.1.121:1677

-----------------------------

-----------------------------