59.11 LDAP Switches

The GWIA can perform GroupWise authentication of POP3/IMAP4 clients through an LDAP server and can also perform LDAP queries for GroupWise information. see Section 53.3.1, Enabling LDAP Services.

The following sections describe the switches required to configure this functionality:

59.11.1 GroupWise Authentication Switches

When a POP3/IMAP4 user attempts to access a GroupWise mailbox on a post office that has been configured for LDAP authentication, the GWIA connects to the post office’s POA, which then connects to the LDAP server so that the LDAP server can authenticate the user.

This process works automatically if the GWIA’s link to the post office is client/server (meaning that it communicates through TCP/IP to the post office’s POA). If the GWIA is using a direct link to the post office directory rather than a client/server link to the post office’s POA, the GWIA must communicate directly with the LDAP server rather communicate through the POA.

The following switches are used to provide the GWIA with the required LDAP server information:

--ldapipaddr

Specifies the IP address of the LDAP server through which GroupWise authentication takes place.

Syntax: --ldapipaddr address

Example: --ldapipaddr 172.16.5.18

--ldapport

Specifies the port number being used by the LDAP server. The standard non-SSL LDAP port number is 389. The standard SSL LDAP port number is 636.

Syntax: --ldapport number

Example: --ldapport 389

--ldapssl

Instructs the GWIA to use a secure (SSL) connection with the LDAP server.

Syntax: --ldapssl

--ldapuser

Specifies a user that has rights to the LDAP directory. The user must have at least Read rights.

Syntax: --ldapuser user_name

Example: --ldapuser ldap

--ldappwd

Specifies the password of the user specified by the --ldapuser switch.

Syntax: --ldappwd password

Example: --ldappwd pwd1

59.11.2 LDAP Query Switches

The GWIA can function as an LDAP server, allowing LDAP queries for GroupWise user information contained in the directory. The following switches configure the GWIA as an LDAP server.

--ldap

Enables the GWIA as an LDAP server.

Syntax: --ldap

--ldapthrd

Specifies the maximum number of threads the GWIA can use for processing LDAP queries. The default is 10.

Syntax: --ldapthrd number

Example: --ldapthrd 5

--ldapcntxt

Limits the directory context in which the LDAP server searches. For example, you could limit LDAP searches to a single Novell organization container located under the United States country container.

If you restrict the LDAP context, you must make sure that users, when defining the directory in their email client, enter the same context (using the identical text you did) in the Search Base or Search Root field.

Syntax: --ldapcntxt "context"

Example: --ldapcntxt "O=Novell,C=US"

--ldaprefurl

Defines a secondary LDAP server to which you can refer an LDAP query if the query fails to find a user or address in your GroupWise system. For this option to work, the requesting Web browser must be able to track referral URLs.

Syntax: --ldaprefurl url

Example: --ldapurl ldap://ldap.provider.com

--ldaprefcntxt

Limits the directory context in which the secondary (referral) LDAP server searches.

Syntax: --ldaprefcntxt "context"

Example: --ldaprefcntxt "O=Novell,C=US"

--ldapserverport

Changes the LDAP listen port from the default of 389.

Syntax: --ldapserverport port_number

Example: --ldapserverport 390

--ldapserversslport

Changes the LDAP SSL listen port from the default of 636.

Syntax: --ldapserversslport port_number

Example: --ldapserversslport 637