by Rob Van Kooten and Jan-Arie Snijders
This time we want to discuss how LDAP is managed following the latest changes in GroupWise 2014 R2 and one new feature of the client.
LDAP
With GroupWise 2014R2 the GWIA no longer contains an LDAP server. This is now replaced by an LDAP server in the gwadmin service. You can configure this in the LDAP tab of the MTA object from the gwadmin-console (see figure 1). The configuration is done on the MTA object but the GroupWise component handling this is the gwadmin service, and you will see that the listening port defined is connected to java (gwadmin service) and not the MTA object when using netstat.
This service can be used by any LDAP client as long as you follow a few guidelines:
- Authentication against the LDAP server can be achieved using an userID and email address. This must be provided to the LDAP server as shown below
cn=userID
mail=user@domain.com - The search base must be defined as the name of your GW system by using the prefix o=. This value can be found in gwadmin under System > Information (Figure 2)
o=gwsystem
Figure 2: Finding your GroupWise system name - With the connection made you can use any LDAP tool to export users. The example below is the output using the following ldapsearch command line:
ldapsearch -D “cn=rvkooten” - w novell -p 400 -h 147.2.77.101 -b “o=gwsystem”
# RvKooten, PO1, DOM1, gwsystem
dn: cn=RvKooten,ou=PO1,ou=DOM1,o=gwsystem
mail: r.k@vodka.com
sn: van Kooten
cn: RvKooten
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: user
homePhone: 123
givenName: Rob
mobile: 456
telephoneNumber: 789
facsimileTelephoneNumber: 222
displayName: Rob van Kooten
When the user has an image connected this is also exported.
Using the ldapsearch command line tool you can specify filters, for example:
ldapsearch -H ldap://10.10.10.10:389 -D cn=rvkooten -w novell -b o=gwsystem “(&(mail=m*)(sn=b*))” mail
This searches for mail attributes starting with ‘m’ AND last name starting with ‘b’ and only return the mail attribute.
ldapsearch -H ldap://10.10.10.10:389 -D cn=rvkooten -w novell -b o=gwsystem “(|(givenName=rob)(sn=jones))” givenName sn
This will search for first name of ‘rob’ OR last name of ‘jones’ and return the first and last names.
In all filters you can use the common operators such as | for OR or & for AND.
Any LDAP client can be used to connect to this LDAP server now and make use of the GroupWise system addressbook. This will be useful for POP3/IMAP users or the native Mac users that are using GroupWise Calendar Server for CalDAV/CardDAV and also need the GW addressbook.
GW2014 R2 Client
With the latest GW2014 R2 client you can give users the option to prevent items from being deleted regardless of the system cleanup settings. Some users need/want to protect items in certain folders from being removed when the regular cleanup is done.
This is a new option you can enable in the gwadmin-console on the domain, postoffice or user level in Client options > Environment > Cleanup. Here there is a new checkbox called Allow user to protect items from auto cleanup that can be set.
In turn this will make a new option available in the GW client on folders created by the users. The user can now in the properties of a folder using the option Protect items in this folder from auto cleanup (Figure 3).
This will prevent items from being removed from this folder, and it gives the user more control over what is and what is not removed by the default cleanup actions defined on the GroupWise system.
This article was first published in OHM, Issue 33, 2016/2, p35-36