Access Method; Ldap Username; Accessing S/Mime Certificates In An Ldap Directory - Novell GROUPWISE 8 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for GROUPWISE 8 - ADMINISTRATION:
- Manual (81 pages) ,
- Quick manual (10 pages) ,
- Troubleshooting manual (182 pages)
Table of Contents
Advertisement
When you understand these LDAP capabilities, you are ready to set up LDAP authentication for
your GroupWise users. See
Users," on page
76.3.1 Access Method
On a server-by-server basis (ConsoleOne > Tools > GroupWise System Operations > LDAP
Servers), you can specify whether you want each LDAP server to respond to authentication requests
using a bind or a compare.
Bind: With a bind, the POA essentially logs in to the LDAP server. When responding to a bind
request, most LDAP servers enforce password policies such as grace logins and intruder
lockout, if such policies have been implemented by the LDAP directory.
Compare: With a compare, the POA provides the user password to the LDAP server. When
responding to a compare request, the LDAP server compares the password provided by the
POA with the user's password in the LDAP directory, and returns the results of the comparison.
Using a compare connection can provide faster access because there is typically less overhead
involved because password policies are not being enforced.
Regardless of whether the POA is submitting bind requests or compare requests to authenticate
GroupWise users, the POA can stay connected to the LDAP server as long as authentication requests
continue to occur before the connection times out. This provides quick response as users are
accessing their mailboxes.
76.3.2 LDAP Username
On a post office-by-post office basis (ConsoleOne > Post Office object > Properties > GroupWise >
Security), you can decide what username you want the POA to use when accessing the LDAP server.
LDAP Username Login: If you want the POA to access the LDAP server with specific rights
to the LDAP directory, you can provide a username for the POA to use when logging in. The
rights of the user determine what information in the LDAP directory will be available during
the authentication process.
Public or Anonymous Login: If you do not provide a specific LDAP username as part of the
post office LDAP configuration information, then the POA accesses the LDAP directory with a
public or anonymous connection. Only public information is available when using such a login.
76.4 Accessing S/MIME Certificates in an LDAP
Directory
Just as the POA can access user password information in an LDAP directory, the GroupWise
Windows client can access recipients' digital certificates in an LDAP directory. See
to Search for Recipient Encryption
User
Guide.
When a certificate is stored on an LDAP server, the GroupWise Windows client searches the LDAP
server every time the certificate is used. Certificates from LDAP servers are not downloaded into the
local certificate store on the user's workstation. To facilitate this process, the user must select a
default LDAP directory in the LDAP address book (Windows client > Address Book > Novell LDAP
Address Book > Directories > Set as Default) and enable searching (Windows client > Tools >
Options > Security > Send Options > Advanced Options > Search for recipient encryption
1170 GroupWise 8 Administration Guide
Section 36.3.4, "Providing LDAP Authentication for GroupWise
514.
Certificates" in "E-Mail" in the
"Using LDAP
GroupWise 8 Windows Client
Advertisement
Table of Contents
Troubleshooting
