Ask The Experts: GroupWise [38]

Q:   I do not want to use the eDirectory admin user for the MTA user synchronisation via LDAP in GroupWise. What rights does the user account need?

A:  You can create a new user in eDirectory that can be used in GroupWise, and this user needs Compare and Read to All Attribute Rights on the user objects that it needs to synchronise. This you can set in iManager on the containers holding the user that must be synchronised, here you assign the Compare and Read to All Attribute Rights for the user the MTA uses, as shown in figure 1.

38-qa-gw-mta-ldap-2
Figure 1: Setting rights in iManager for the LDAP sync account

Q:  Can I setup my GMS in a way the users only use their email address to setup the device?

A:   Yes - with autodiscovery.  This means the device will use the host portion of the email address to find the GMS server based on DNS records.  The configuration is all done on your DNS server.

As it will only function over SSL you must meet some criteria :

  • A valid (and trusted) SSL certificate must be available on the GMS server
  • The mobile device must be able to follow the certificate chain to the root CA certificate
  • The GMS servers must have a wildcard certificate or an SSL certificate with Subject Alternative Names (SANs) as a single certificate must be valid for all GMS servers.

When the above is in place you can setup the DNS records needed for the autodiscovery to work:

  1. CNAME for autodiscover.  Create a CNAME record with the alias autodiscover for the GMS server.
    alias:  autodiscover.company.com
    cname:  gms.company.com
  2. SRV record for autodiscover.  The service record for autodiscover will provide the connection info to the device
    service: _autodiscover
    protocol: _tcp
    port: 443
    target: gms.company.com
    When done the the SRV record for autodiscover should be like this   _autodiscover._tcp.acme.com
  3. SRV record for the internal GMS server(s),  The service record for GMS servers will provide the connection/redirection to the right GMS server
    service: _ngms
    protocol: _tcp
    port: 443
    target: gms.company.com
    When done the SRV record(s) for the internal GMS should be in this format: _ngms._tcp.company.comMake sure you create a separate SRV record for each internal server otherwise users will not be redirected to the right GMS server. When all is configured correctly the users can setup their account on their device by only using user@company.com and they will be redirected to the right GMS server automatically.Q: I need some helpdesk or password reset tool for GroupWise?A:  There are a few tools/applications available based on the REST API that can be used.  These are not officially supported and written by Micro Focus but are a great addition to the gwadmin toolkit used by system administrators. These tools are available from https://github.com/mblackhamgw.As you will notice this is Morris Blackham’s site for some of the tools he has developed to highlight the versatility of the GroupWise Admin REST API and made available to the world.  The utilities are:
  • gwtopdown - a GroupWise top down rebuild utility written in Python
  • gwpassword - a web app written using PHP to allow GroupWise user password changes
  • gwhelpdesk - a web app written with python using the popular Django framework.  It runs on an OpenSUSE server.

 

This article was first published in OHM Issue 38 (2017/3), p37.

 

Leave a Reply