LDAP Authentication to Active Directory

  • 7022552
  • 12-Jan-2018
  • 12-Jan-2018

Environment

Retain Unified Archiving 4.3+

Situation

How can Retain authenticate users to LDAP that is on Active Directory?

Resolution

Using the GroupWise e-mail addresses stored in the Retain database, Retain can use LDAP to connect to an active directory, and have users authenticate to view their archived messages. The following conditions must be bet in order to authenticate to LDAP with Active Directory. 

  • The user must exist in GroupWise and have archives in Retain. 
  • Retain 4.3 or above must be installed. 
  • The e-mail addresses on Exchange/Office365 and GroupWise must be the same. New users in Exchange/Office 365 that do not have a GroupWise counterpart will not be able to authenticate.

Once the conditions have been met, proceed with setting up Retain to LDAP and Active Directory in Retain:

  1. Setup the LDAP in the GroupWise Module

a.     Go to Module Configuraton | Configure (GroupWise Module) | LDAP

b.    Enable the Email Address lookup and fill in the fields with the Active Directory information. 

  1.    2. Go to the /opt/beginfinite/retain/RetainServer/WEB-INF/classes/config directory (C:\Program Files/Beginfinite/retain/RetainServer/WEB-INF/classes/config- Windows)

a.     Edit the misc.properties.

Note: It is highly recommended to make a copy of the misc.properties file before making any changes.

b.    Look for the custom.ldap lines and use the example below to make the changes to enable the Active Directory lookup. 

custom.ldap.enable=1
custom.ldap.debug=1
custom.ldap.class=com.gwava.authenticate.gw.AlternativeGWLDAPAuthentication
custom.ldap.useuid=0
custom.ldap.applicationuid=0
custom.ldap.emailsystem=exchange
custom.ldap.attributes.requested=mail
custom.ldap.attributes.bind=email
 

                  c. Save the file

                  d. Restart tomcat

Once these settings are in place, users only need to use their e-mail address to log in to Retain and they will be able to view their archives. Retain will do a check to see if the GroupWise e-mail matches with that of the Exchange/Office365 e-mail and log them in if found.


Feedback service temporarily unavailable. For content questions or problems, please contact Support.