Using Ldap Passwords Instead Of Groupwise Passwords - Novell GROUPWISE 8 - ADMINISTRATION Administration Manual

Intruder detection for the GroupWise WebAccess client is built in and is not configurable. After five
failed login attempts, the user is locked out for 10 minutes. If a user is locked out, the user must wait
for the lockout period to end (unless you want to restart the WebAccess Agent).
Resetting GroupWise Passwords
In ConsoleOne, you can remove a user's password from his or her mailbox if the password has been
forgotten and needs to be reset (User object > Tools > GroupWise Utilities > Client Options >
Security > Password). If necessary, you can remove the passwords from all mailboxes in a post
office (Post Office object > Tools > GroupWise Utilities > Mailbox/Library Maintenance > Reset
Client Options) This resets all or users' client options settings, not just the passwords.
It is easy for GroupWise users to reset their own passwords (Windows or Linux/Mac client > Tools
> Options > Security > Password). However, if this method is used when users are in Caching or
Remote mode, this changes the password on the local Caching or Remote mailboxes, but does not
change the password on the Online mailboxes. To change the Online mailbox password while in
Caching or Remote mode, users must use a method they might not be familiar with (Windows client
> Accounts > Account Options > Novell GroupWise Account > Properties > Advanced > Online
Mailbox Password).
It is also easy for WebAccess users to reset their own passwords (WebAccess client > Options >
Password). However, you might not want users to be able to reset their GroupWise passwords from
Web browsers. In ConsoleOne, you can prevent WebAccess client users from resetting their
GroupWise passwords (ConsoleOne > GroupWiseWebAccess object > Properties > Application >
Settings). Windows and Linux/Mac client users cannot be prevented from changing their
GroupWise passwords.
Synchronizing GroupWise Passwords and LDAP Passwords
There is no automatic procedure for synchronizing GroupWise passwords and eDirectory
passwords. However, if you use LDAP authentication, synchronization becomes a moot point
because GroupWise users are authenticated through an LDAP directory (such as eDirectory) rather
than by using GroupWise passwords. See Section 74.1.4, "Using LDAP Passwords Instead of
GroupWise Passwords," on page 1154.
74.1.4 Using LDAP Passwords Instead of GroupWise
Passwords
Instead of using GroupWise passwords, users' password information can be validated using an
LDAP directory. In order for users to use their LDAP passwords to access their GroupWise
mailboxes, you must define one or more LDAP servers in your GroupWise system and configure the
POA for each post office to perform LDAP authentication, as described in Section 36.3.4,
"Providing LDAP Authentication for GroupWise Users," on page 514.
When LDAP authentication is enabled, you can control whether users can use the GroupWise client
to change their LDAP passwords (ConsoleOne > Post Office object > Properties > GroupWise >
Security). If you allow them to, GroupWise users can change their passwords through the Security
Options dialog box (Windows and Linux/Mac client > Tools > Options > Security) or on the
Passwords page (GroupWise WebAccess client > Options > Password). If you do not allow them to
change their LDAP passwords in the GroupWise client, users must use a different application in
order to change their LDAP passwords.
1154 GroupWise 8 Administration Guide