Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual page 6

It is easy for GroupWise users to reset their own passwords (Windows or Cross-Platform client >
Tools > Options > Security > Password). However, if this method is used when users are in Caching
or Remote mode, this changes the password on the local Caching or Remote mailboxes, but does not
change the password on the Online mailboxes. To change the Online mailbox password while in
Caching or Remote mode, users must use a method they might not be familiar with (Windows client
> Accounts > Account Options > Novell GroupWise Account > Properties > Advanced > Online
Mailbox Password).
It is also easy for WebAccess users to reset their own passwords (WebAccess client > Options >
Password). However, you might not want users to be able to reset their GroupWise passwords from
Web browsers. In ConsoleOne, you can prevent WebAccess client users from resetting their
GroupWise passwords (ConsoleOne > GroupWiseWebAccess object > Application > Settings).
Windows and Cross-Platform client users cannot be prevented from changing their GroupWise
passwords.
Synchronizing GroupWise Passwords and LDAP Passwords
There is no automatic procedure for synchronizing GroupWise passwords and eDirectory
passwords. However, if you use LDAP authentication, synchronization becomes a moot point
because GroupWise users are authenticated through an LDAP directory (such as eDirectory) rather
than by using GroupWise passwords. See Section 70.1.4, "Using LDAP Passwords Instead of
GroupWise Passwords," on page 1114.
70.1.4 Using LDAP Passwords Instead of GroupWise
Passwords
Instead of using GroupWise passwords, users' password information can be validated using an
LDAP directory. In order for users to use their LDAP passwords to access their GroupWise
mailboxes, you must define one or more LDAP servers in your GroupWise system and configure the
POA for each post office to perform LDAP authentication, as described in Section 36.3.4,
"Providing LDAP Authentication for GroupWise Users," on page 501.
When LDAP authentication is enabled, you can control whether users can use the GroupWise client
to change their LDAP passwords (ConsoleOne> Post Office object > GroupWise > Security). If you
allow them to, GroupWise users can change their passwords through the Security Options dialog
box (Windows and Cross-Platform client > Tools > Options > Security) or on the Passwords page
(GroupWise WebAccess client > Options > Password). If you do not allow them to change their
LDAP passwords in the GroupWise client, users must use a different application in order to change
their LDAP passwords.
You and users can use some of the same methods to bypass LDAP passwords as you can use for
bypassing GroupWise passwords. See "Accepting eDirectory Authentication Instead of GroupWise
Passwords" on page 1112 and "Allowing Windows to Cache GroupWise Passwords" on page 1113.
For more information about LDAP passwords, see Section 72.3, "Authenticating to GroupWise with
Passwords Stored in an LDAP Directory," on page 1127.
70.1.5 Bypassing Mailbox Passwords to Respond to Corporate
Mandates
Sometimes it is necessary to access user mailboxes to meet corporate mandates such as virus
scanning, content filtering, or e-mail auditing that might be required during litigation. These types of
1114 GroupWise 7 Administration Guide