How To Take Advantage Of Active Directory Support In Groupwise 2014



Similar documents
How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

ATT8367-Novell GroupWise 2014 and the Directory Labs

Installation and Configuration Guide

User Management Resource Administrator. Managing LDAP directory services with UMRA

Introduction to Directory Services

Using LDAP Authentication in a PowerCenter Domain

Skyward LDAP Launch Kit Table of Contents

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

NSi Mobile Installation Guide. Version 6.2

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Installation and Configuration Guide

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

Deploying System Center 2012 R2 Configuration Manager

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Installation and Configuration Guide

LAB 1: Installing Active Directory Federation Services

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

WhatsUp Gold v16.3 Installation and Configuration Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Installing Management Applications on VNX for File

etoken Enterprise For: SSL SSL with etoken

CA NetQoS Performance Center

Shavlik Patch for Microsoft System Center

LDAP Authentication and Authorization

RoomWizard Synchronization Software Manual Installation Instructions

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Integrating idrac7 With Microsoft Active Directory

Outpost Network Security

How to Logon with Domain Credentials to a Server in a Workgroup

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

User Source and Authentication Reference

WhatsUp Gold v16.2 Installation and Configuration Guide

BlackBerry Enterprise Service 10. Version: Configuration Guide

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

Setting Up SSL on IIS6 for MEGA Advisor

Integrating idrac 7 with Microsoft Active Directory

Moving the TRITON Reporting Databases

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

CA Nimsoft Service Desk

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Installation and Configuration Guide

Active Directory Integration

IIS, FTP Server and Windows

BT Office Anywhere Configuring Mobile Outlook Synchronisation with Exchange Server

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Netwrix Auditor. Administrator's Guide. Version: /30/2015

Managing Identities and Admin Access

Create, Link, or Edit a GPO with Active Directory Users and Computers

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

WhatsUp Gold v16.1 Installation and Configuration Guide

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Windows Server Update Services 3.0 SP2 Step By Step Guide

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Certificate Management

USING SSL/TLS WITH TERMINAL EMULATION

Trend Micro Worry-Free Remote Manager Agent Installation Guide

LepideAuditor Suite for File Server. Installation and Configuration Guide

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

HOTPin Integration Guide: DirectAccess

CA Performance Center

VERALAB LDAP Configuration Guide

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Citrix Systems, Inc.

Novell ZENworks 10 Configuration Management SP3

Content Filtering Client Policy & Reporting Administrator s Guide

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

ProxySG TechBrief LDAP Authentication with the ProxySG

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Defender Token Deployment System Quick Start Guide

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

Configuration Guide. BES12 Cloud

Security Provider Integration LDAP Server

Installing Policy Patrol on a separate machine

Configuration Guide BES12. Version 12.3

Administration Guide Novell Filr May 2014

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

For Active Directory Installation Guide

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Setup Guide Access Manager 3.2 SP3

Implementation notes on Integration of Avaya Aura Application Enablement Services with Microsoft Lync 2010 Server.

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec AntiVirus Corporate Edition Patch Update

NETWRIX FILE SERVER CHANGE REPORTER

Active Directory integration with CloudByte ElastiStor

How to Configure a Secure Connection to Microsoft SQL Server

FileMaker Server 11. FileMaker Server Help

Wavecrest Certificate

Transcription:

White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that Novell GroupWise 2014 adds support for Microsoft Active Directory. It even allows users from Active Directory, NetIQ edirectory or no directory at all to co-exist on the same post office. This makes it ideal for organizations that have undergone a merger and have user information stored in both edirectory and Active Directory. It also simplifies life for those who value the productivity, security and cost efficiency delivered by GroupWise, but want to migrate or consolidate their environment onto Active Directory. This paper provides technical insight and outlines the simple steps needed to take advantage of the new Active Directory support offered by GroupWise.

Collaboration White Paper Taking Advantage of Active Directory Support in GroupWise 2014 Insight and Guidance for Enabling Active Directory Support in GroupWise One of the main design goals of the new Active Directory support in GroupWise was to make it easy to implement. As a result, the steps for moving from edirectory to Active Directory are simple and straightforward. Technical Overview A key design attribute enabling this simplicity is that no schema modifications are necessary to implement GroupWise on Active Direc tory. To accomplish this, GroupWise no longer writes any GroupWise-specific information back into the directory other than email addresses. Additionally, all directory synchroni zation occurs via standard Lightweight Direc tory Access Protocol (LDAP) access. The GroupWise architectural components responsible for synchronizing users from Active Directory are essentially the same components required to synchronize users from edirectory: Message Transfer Agent (MTA) The MTA performs the periodic user synchronization to keep both GroupWise and Active Directory up to date. Most of the modifications that enable Active Directory support occurred in the MTA. These modifications were designed to ensure that the Active Directory schema and configuration communicate accurately with GroupWise. Post Office Agent (POA) The POA performs the LDAP authentication for GroupWise and did not require any modifications in terms of Active Directory support. Administration Service The administration service responsible for configuring the directory was enhanced to facilitate the importing of users and the re-association of edirectory-based GroupWise users to Active Directory-based users. MMC Plug-in To facilitate management of Active Directory users in GroupWise, the MMC plug-in can be installed into the Microsoft Management Console. This allows you to create users in Active Directory and easily assign those new users to a GroupWise post office using the MMC user creation wizard. One additional requirement of Active Directory support in GroupWise involves SSL authentication. You will need to configure and enable an SSL certificate to enable secure connection between GroupWise and Active Directory. How to Implement Active Directory Support in GroupWise Implementing Active Directory support in GroupWise can be broken down into the following categories: Best Practices for Implementing Active Directory Support Configuring the Connection between GroupWise and Active Directory Importing Active Directory Users Into GroupWise (Merger Scenario) or Migrating GroupWise Users from edirectory to Active Directory (Directory Consolidation Scenario) Verifying Successful Implementation Enabling LDAP over SSL 2

Best Practices for Implementing Active Directory Support Whether you re migrating edirectory users in your GroupWise environment to Active Directory or adding existing Active Directory users to GroupWise, before attempting any such moves it s essential to make sure your existing systems are functioning properly. Ensure that you have successfully deployed GroupWise 2014, applied the most recent updates, and confirmed that the system is in a stable condition. Your edirectory and Active Directory environments need to be stable as well. Making a directory change will not solve any directory problems you already have. Rather, it will likely complicate matters. Configuring the Connection between GroupWise and Active Directory The steps for implementing Active Directory support vary depending on your particular environment. But regardless of scenario, your first step will be to create a connection between GroupWise and Active Directory by performing the following initial configuration steps: 1. While logged into the GroupWise Administration Console for your primary domain, navigate to System and then to LDAP Servers. 2. Select the New Directory option. Figure 1. Connecting GroupWise with a new directory can easily be accomplished via the GroupWise Administration Console. 3. Set the Type to Active Directory. 4. Enter the appropriate information for your Active Directory server, including the name, IP address, port, LDAP user, LDAP user password, base Distinguished Name (DN), and sync domain: a. The LDAP user will be either a fully qualified Distinguished Name or principal account name for your Active Directory server. b. To prevent recursive searching through the Active Directory forest, the base DN should be set to include at least the domain components for your Active Directory server. 5. If you are using SSL, you will also need to provide the SSL certificate information for your Active Directory server. (Refer to the Enabling LDAP over SSL section of this paper.) 6. Mark Enable Synchronization and click OK. Importing Active Directory Users Into GroupWise or Migrating GroupWise Users from edirectory to Active Directory The remaining steps for implementing Active Directory support in GroupWise differ depending on whether you are introducing existing Active Directory users into a GroupWise environment for the first time or if you are migrating existing GroupWise users from edirectory to Active Directory. The first scenario usually occurs as a result of a merger and requires a simple import operation to bring the Active Directory users into GroupWise. The second scenario typically occurs as a result of a directory consolidation effort and requires the edirectory users to be re-created in Active Directory and then re-associated in GroupWise to reflect their new directory environment. Merger Scenario Importing Active Directory Users Into GroupWise To import existing Active Directory users into GroupWise, do the following: 1. From the System menu in the GroupWise Administration Console, select User Import. Figure 2. Existing Active Directory users can be imported into GroupWise through a few simple steps. 2. Select the directory you are importing from and then select the GroupWise post office where you want your Active Directory users to be imported. 3. Enter any appropriate context information for your directory and import action. 4. Enter any desired LDAP filter options and mark the appropriate search options. 5. Select Preview to review the list of users to be imported and make modifications to the list as needed, such as manually ex cluding users from the import operation. 6. Click Import Users to perform the import of your Active Directory users. Note: If you want to distribute the directory users to multiple post offices, you need to run the import once for each post office. You can use the LDAP context or the search filter option to place a subset of the Active Directory users onto a given post office. Additionally, since LDAP authentication is not enabled by default on GroupWise post offices, after importing Active Directory users www.novell.com 3

Collaboration White Paper Taking Advantage of Active Directory Support in GroupWise 2014 into a new GroupWise post office you will need to do the following to configure LDAP authentication: 1. From the GroupWise Administration Console, view the details of the GroupWise post office for your Active Directory users. 2. Navigate to the Security tab. 3. Enable LDAP authentication. Directory Consolidation Scenario Migrating edirectory Users to Active Directory A directory consolidation scenario can involve migrating existing edirectory users to Active Directory. This type of migration requires that you re-create these users in Active Directory, making sure that all the user objects for your GroupWise users exist in Active Directory before switching from edirectory to Active Directory in GroupWise. The steps for creating the Active Directory user objects are beyond the scope of this paper. However, for a successful switchover, it s critical that the value stored in the sam AccountName (account logon name/ user object) you establish in Active Directory for your individual users exactly matches their corresponding uniqueid (UID) value in edirectory. Making sure these user account names match precisely enables you to seamlessly and accurately form the new associations between your Active Directory users and GroupWise. For example, if user Joe Johnson has an edirectory UID of joe_ johnson, and the corresponding samaccountname in Active Directory is joe_ johnson, when you perform the bulk re-association task in GroupWise, it will be able to recognize and match the user objects and then automatically shift the GroupWise association from edirectory to Active Directory. Any users that do not have matching UID and samaccountname(s) will have to be re-associated manually. Once you have your users properly set up in Active Directory, configuring GroupWise to be associated with those Active Directory user objects rather than the user objects in your edirectory system involves the following steps: 1. From the System menu in the GroupWise Administration Console, navigate to Directory Associations. Figure 3. Once you have user objects created in Active Directory, you must change the directory association in GroupWise. 2. From the Directory pull-down options in the Directory Associations dialog, choose the Active Directory server and context that contain the users that need to be re-associated with GroupWise. 3. Enter any desired LDAP filter options and mark the appropriate search options. 4. Be sure to mark the Override existing association option.the default behavior in GroupWise is to match only unassociated users. So, unless the Override existing association option is marked, users previously associated with edirectory will remain associated with edirectory instead of being reassociated with Active Directory. 5. Select Preview to review the list of the users to be re-associated and make any needed modifications to the list. a. Note: As a best practice, it s recommended that you re-associate one or two test users before re-associating all users in your organization. You can use the Preview menu to filter out all the users except the test users. Once the test users have been reassociated using the remaining steps in this section, execute the steps in the Verifying Successful Implementation section to ensure that the process completed successfully. If the test users re-associated properly, return to the steps in this section to reassociate all the remaining users. 6. Click Associate. Verifying Successful Implementation Regardless of whether you are importing existing Active Directory users into GroupWise, migrating edirectory users to Active Directory, or a combination of both, you need to verify the success of those operations. Ver ifying a successful implementation of Active Directory support in Novell GroupWise 2014 can be broken down into three main areas: I. Verifying successful association of Active Directory users with GroupWise II. Verifying successful authentication III. Verifying complete user migration 4

I Verifying Successful Association of Active Directory Users with GroupWise To verify that Active Directory properly synchronizes with GroupWise, perform the following synchronization test: 1. From within Active Directory, verify that users GroupWise email addresses were published properly into Active Directory. 2. Modify the phone number of a user from within Active Directory. 3. In the GroupWise Administration Console, connect to the MTA of the domain responsible for synchronizing the directory objects. 4. Ensure that an HTTP username and password is set. 5. Click Launch MTA Web Console and enter the appropriate username and password when prompted. 6. From the Configuration tab, select Directory user synchronization. 7. Mark the Perform GroupWise Directory Synchronization Now button and click Submit. 8. To verify that the user phone number was properly applied to the user object in GroupWise, do the following: a. Navigate to the most recent log file and search for directory synchronization events. You will be able to identify them as a cluster of log entries that begin with something to the effect of Synchronizing Directory XXX. The entries will show all of the users that were checked or updated by the synchronization process. b. Log into the GroupWise Administration Console and verify that the user s details, such as phone number, were updated there as well. II Verifying Successful Authentication To ensure that the newly re-associated users can log in to GroupWise using LDAP authentication, do the following: 1. Launch the GroupWise client and use one of the Active Directory users to attempt to log in to the GroupWise post office using LDAP authentication. 2. Verify that the user properly authenticates to GroupWise and can access email. III Verifying Complete User Migration You can use the user list search capability in the GroupWise Administration Console to determine if all your users have actually been associated with your Active Directory environment and confirm that you have no remaining edirectory users associated with GroupWise. To perform this verification, click on Users in the left column and enter a search expression that looks for any users associated with a directory that is not equal to your Active Directory server. The search expression might look similar to the following: directory = null or directory!= MyActiveDirectory Such a search will return the list of users that have no directory association or have a directory association different from the Active Directory identified in the search expression. If desired, you can choose to search just for unassociated users or just for non-active Directory users by executing only half of the above search expression, including either the parameter set before or after the or. Some unassociated users that appear in the returned search list might be orphan users that no longer belong to your organization; thus, you did not create user objects for them in Active Directory. In these instances, you can choose to disable their GroupWise accounts. Your search results may also include users whose edirectory UIDs did not match their corresponding sam Account Name(s) in Active Directory. As a result, they weren t auto matically associated with GroupWise. To manually associate these Active Directory users with GroupWise, do the following: 1. In the GroupWise Administration Console, navigate to the user details for the individual GroupWise user. 2. Select Associate Item under the More menu option. 3. Browse the Active Directory server for the corresponding user object and link the GroupWise user to that Active Directory user object. Once you are certain that you have successfully associated all your GroupWise users with Active Directory, you can choose to delete your edirectory directory object in GroupWise if desired. However, caution should be used if you are considering decommissioning your edirectory server once the migration is complete. If you are using any other Novell services, they might depend on the user information stored in edirectory. You might even have third-party or internally developed services that leverage your edirectory server. Make sure that no other services or applications used within your organization rely on edirectory before you consider shutting it down. Enabling LDAP Over SSL Novell GroupWise connects with Active Directory via LDAP. By default, LDAP communicates in an insecure manner. This means that unless you secure your Active Directory communications, GroupWise user credentials will be transmitted over the wire in clear text. www.novell.com 5

Collaboration White Paper Taking Advantage of Active Directory Support in GroupWise 2014 To secure your LDAP communications between GroupWise and Active Directory, you can use Secure Sockets Layer (SSL) / Transport Layer Security (TLS) by installing a properly formatted certificate from either a Microsoft certificate authority (CA) or a third-party CA. When setting up a trusted root certificate in an Active Directory environment using the Microsoft CA, it s recommended that you always follow published best practices from Microsoft. You should consult with your Active Directory administrator on whether to enable LDAP SSL or export the SSL certificate from your production environment. Microsoft provides various resources on how to enable LDAP over SSL, such as the online resource found at: social.technet.microsoft.com/ wiki/contents/articles/2980.ldap-overssl-ldaps-certificate.aspx While not a recommended best practice for production environments, you can use the following procedure to familiarize yourself with the process of creating and configuring a certificate in a lab environment. 1. From the Add Roles and Features Wizard within the Microsoft Management Console (MMC), install an AD Certificate Service Role on one of your AD Domain Controllers. a. Note: Installing an Active Directory Certificate Service Role on an Active Directory Domain Controller is a practice that Microsoft does not recommended. However, in a lab environment with a simple Active Directory forest with one domain controller, it s a convenient way of creating and configuring a certificate. 2. Highlight Server Roles and select Active Directory Certificate Services under Roles, and then click Next. 3. When prompted to add features required for Active Directory Certificate Services, mark Include management tools and click Add Features. 4. Accept the defaults on the subsequent steps until you re presented with the Select role services screen. Mark the Certificate Authority option and click Next to install the role. Other options can be installed if desired, but are not necessary. 5. After the role installs, configure the certificate services by clicking on the option Configure Active Directory Services on th 6. On the Credentials screen for the AD CS Configuration, verify that the correct credentials are listed and then click Next. a. Note: The user needs to be a domain administrator. 7. On the Setup Type screen, select Certificate Authority as the role to configure and then select Enterprise CA as the type. Using the Enterprise CA type will configure the LDAP service to use SSL without requiring any further steps. a. Note: Typically, you would next select a Root CA, but if you already have a CA configured, you don t necessarily need to install a new one. 8. For the remaining steps in the wizard, you can select the default settings. Once the configuration completes, you need to restart the server. 9. After the server reboots, you need to export the certificate so it can be used with GroupWise. From within MMC, highlight Add/Remove Snapin under the File menu and select Certificates. 10. In the subsequent screens, select Computer Account and then select Local Computer. 11. At the Console Root folder, expand the folders to the path Certificates (Local Computer)\Personal\Certificates) and then right-click the certificate that was issued to the local server (not the CA certificate). 12. Select Export under All Tasks and click Next. 13. Click Next again until presented with the Export Private Key dialog. Mark the No, do not export the private key option and click Next. 14. For the Export File Format, mark DER encoded binary X.509 (.CER) and click Next. 15. Enter a path and filename with a.cer extension and click Finish. 16. Now that the certificate is ready to be used by GroupWise, open the GroupWise Administration Console on that Windows server, navigate to LDAP Servers under the System menu, select your Active Directory server to edit, and from the General tab browse to your exported certificate file by clicking on the pencil icon by the SSL Certificate field. Selecting your certificate file will upload it to the domain.db file. 17. On the General tab, re-enter the LDAP user password and click Test Connection. If you re presented with a Connection Successful message, then the certificate import executed properly. If the connection fails, select the Details link to view the error supplied by the LDAP service. 6

Active Directory Support and More To learn more about how to take advantage of the new Active Directory support in Novell GroupWise 2014, contact Novell or your Novell authorized partner. Upgrading to GroupWise 2014 also enables you to take advantage of a wide array of other new features, including the new Web administration console, delegated admin functions, system overview page, new client interface and enhancements, and much more. For technical inquiries about GroupWise 2014, contact Novell Technical Services, your sales engineer or your Novell authorized partner. www.novell.com 7

By engaging Novell Services for Premium Support, Consulting or Training, we can help you get the most of your product investment to suit your business needs. Please contact us today, or contact your local Novell Solutions Provider: Premium Support and Consulting: 1 800 714 3400 U.S./Canada 1 801 861 4272 Worldwide crc@novell.com Training: 1 800 233 3382 U.S./Canada 1 801 861 3381 Worldwide training@novell.com Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA www.novell.com 462-002194-002 02/14 2014 Novell, Inc. All rights reserved. Novell, the Novell logo and GroupWise are registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information