89.1 eDirectory Rights

By default, ConsoleOne is configured to automatically provide a GroupWise user’s required eDirectory rights when you add the user to a post office. You can, however, configure GroupWise Administrator to not assign rights automatically, in which case you would need to manually assign eDirectory rights.

The following sections provide information about how to configure ConsoleOne to automatically set GroupWise users’ eDirectory rights and how to manually set these rights:

89.1.1 Configuring ConsoleOne to Automatically Set eDirectory Rights When Creating User Accounts

By default, the GroupWise Administrator snap-in for ConsoleOne is configured to automatically set the eDirectory rights required by a GroupWise user. This is done when you create the user’s GroupWise account.

For GroupWise Administrator to be able to set these rights, you must have sufficient administrative rights to eDirectory. If you don’t have sufficient rights to manually set the user’s access rights, GroupWise Administrator does not have sufficient rights to set them automatically. In general, we recommend that you be an Admin equivalent. For more information, see Section 87.0, GroupWise Administrator Rights.

If you choose not to grant eDirectory rights automatically, you should manually set the rights to ensure that users have appropriate access. For instructions, see Section 89.1.2, Manually Granting eDirectory Rights.

To configure whether or not GroupWise Administrator automatically assigns rights to users when you create GroupWise accounts:

  1. In ConsoleOne, click Tools > GroupWise System Operations > System Preferences to display the GroupWise System Preferences dialog box.

    GroupWise System Preferences dialog box
  2. To have GroupWise Administrator automatically set access rights, select the Set Access Rights Automatically When Creating a GroupWise User option.

    or

    To turn off this option, deselect the Set Access Rights Automatically When Creating a GroupWise User option.

  3. Click OK to save your changes.

89.1.2 Manually Granting eDirectory Rights

At startup, the GroupWise client must know the following:

  • The post office where the user has an account.

  • Whether to connect to the user’s post office in direct access mode or client/server access mode.

The user can supply this information in the GroupWise Startup dialog box that appears or use the /ph-path_to_post_office, /ipa-IP_address, /ipp-TCP_port, and /@u-user_ID startup options.

If you do not want users to be required to supply this information, you can give users rights to the eDirectory objects shown below. When a user has rights to the objects, the GroupWise client can read the object’s information in eDirectory to determine the user’s post office and access mode. This must have users to be logged in to eDirectory.

Object and Properties

Rights

  • User object
  •      NGW:Post Office
  • Browse
  • Read
  • Post Office object
  •      NGW:Location
  •      NGW:Access Mode
  • Browse
  • Read
  • Read
  • POA object
  •      NGW:Type
  •      Network Address
  • Browse
  • Read
  • Read

GroupWise Name Server (ngwnameserver)

The following information applies to users running the GroupWise client in client/server access mode.

If you do not want to provide eDirectory rights to GroupWise users as explained above, or if you have GroupWise users who don’t log in to eDirectory, you can set up a GroupWise name server. A GroupWise name server enables users to access their post office without knowing the IP address and port number of the POA.

The GroupWise name server is a DNS host entry for one of the POAs in your GroupWise system. At startup, the GroupWise client automatically looks for the GroupWise name server. When a user reaches the POA designated as the GroupWise name server, the POA redirects the user to the IP address and port number of the POA that services the user’s post office.

The primary GroupWise name server must be named ngwnameserver. You can set up one backup GroupWise name server and name it ngwnameserver2. Both POAs must use the default TCP port of 1677.

To set up a GroupWise name server:

  1. Use your tool of choice for modifying DNS.

  2. Create an entry for the IP address of the POA you want to designate as the primary GroupWise name server, then give it the hostname ngwnameserver.

  3. Create an entry for the IP address of the POA you want to designate as the backup GroupWise name server, then give it the hostname ngwnameserver2.