LDAP directories such as NetIQ eDirectory and Microsoft Active Directory provide two important services to your GroupWise system:
User Synchronization: User synchronization transfers modified user information from the LDAP directory to GroupWise for display in the GroupWise Address Book.
The LDAP directory is the primary location for user information. User information that is synced from the LDAP directory cannot be modified in the GroupWise Administration Console. GroupWise email addresses can optionally be synced into the LDAP directory.
The MTA performs user synchronization for all users in the domain serviced by the MTA. The MTA then replicates the user information to all domains in your GroupWise system.
For setup instructions, see Configuring User Synchronization for an LDAP Directory.
LDAP Authentication: LDAP authentication requires that GroupWise users provide their directory (network login) passwords instead of GroupWise passwords in order to access their mailboxes.
The POA performs LDAP authentication on behalf of the GroupWise client, the WebAccess Application, and the GWIA when these programs need to authenticate users to GroupWise.
For setup instructions, see Providing LDAP Authentication for GroupWise Users.
Complete the following tasks to configure your LDAP directory for use with GroupWise:
To set up a new LDAP directory for use the GroupWise:
In the GroupWise Administration Console, click System > LDAP Servers, and then click New Directory.
Ensure that you know the required information for the LDAP directory that you want to use with GroupWise.
For more information about SSL, see Configuring Server Certificates and TLS.
IMPORTANT:If you want to use a limited rights user for the eDirectory sync user and want to import group objects, the sync user needs to have read rights to the CN attribute for group objects.
Also, if you plan on using LDAP Authentication with Active Directory and want to allow your users to change their Active Directory password through GroupWise, you must configure SSL for the LDAP directory object.
Fill in the fields, and then click Test Connection to verify that you have provided accurate information about the LDAP directory.
Configure user synchronization.
For detailed instructions, see Configuring User Synchronization for an LDAP Directory.
Click OK to add the LDAP directory to GroupWise.
Click Close to return to the main Administration Console window.
Skip to Creating GroupWise Accounts by Importing Users from an LDAP Directory.
When you import GroupWise users from an LDAP directory such as NetIQ eDirectory or Microsoft Active Directory, you can select an MTA to synchronize updated user information from the LDAP directory into GroupWise. User synchronization is typically configured when the LDAP directory is established, but you can set it up or reconfigure it later as needed.
In the GroupWise Administration Console, click System > LDAP Servers, and then click the name of the LDAP directory.
User synchronization is configured in the bottom part of the General tab of the Directory object.
(Optional) In the Base DN field, specify the base context under which users to synchronize are located in the LDAP directory, for example:
ou=users,ou=org_unit,o=organization cn=users,dc=server_name,dc=company_name,dc=com
In the Sync Domain field, select the domain whose MTA you want to perform user synchronization with the LDAP directory.
Click Sync to send a task to the MTA to perform user synchronization.
Click OK to close the LDAP Servers and Directories dialog box.
If you are planning to import users from your LDAP directory into your GroupWise system, you can use LDAP authentication instead of GroupWise authentication to provide mailbox access. For instructions, see Providing LDAP Authentication for GroupWise Users.
If you are planning to import users from your LDAP directory into your GroupWise system, you can publish the GroupWise email addresses back to your LDAP directory. For instructions, see Publishing Email Addresses to Your LDAP Directory.