Riva GroupWise for Active Directory - Admin Guide
Purpose of Riva GAD Purpose for Riva GroupWise for Active Directory Many organizations that have implemented Active Directory to manage user accounts, file & print, wish to continue to use GroupWise as their primary email environment. Presently, administrators must manage both AD accounts for file and print and edirectory accounts for GroupWise. This involves using a myriad of network administration tools that can include MMC, ConsoleOne, and imanager. Riva "GroupWise for Active Directory" is a policy management module in Riva that will permit using Active Directory user accounts as the primary Directory store for GroupWise. The end result is that user account management tools will be reduced to using MMC. This is accomplished by: Configuring the GroupWise System to use the same email domain that is configured for the AD domain. Configuring GroupWise post offices to use LDAP authentication to the AD domain controller for GroupWise authentication. As such, users authenticating from their GroupWise client will be validated against the AD user account instead of the edirectory account. Configure a Riva policy that will use Active Directory user accounts as the source for creating new GroupWise accounts and managing existing GroupWise accounts. All user account management will be done using MMC Active Directory Users and Computers. View On-Demand Presentations Riva Identity Integration for Active Directory and GroupWise Overview (11 min) Riva Identity Integration for Active Directory and GroupWise Demonstration (23 min)
System Requirements Riva GroupWise for Active Directory System Requirements The special nature of this policy module dictates some special system requirements: Riva will normally be installed on a Windows 2003 member server of the AD domain: o If the GroupWise system is being hosted on a Windows member server, the Riva can be installed on that server. o If the GroupWise system is hosted on a NetWare server or a SLES server, then the Riva server must be able to access the location of the wpdomain.db file of a domain through a mapped drive or UNC path with ability to read and write to the wpdomain.db file, OR, a secondary domain can be installed on the Windows server hosting Riva. Windows 2003 host server must meet the following requirements: o latest Novell windows client is installed. o applicable GroupWise client is installed. o.net 3.5 SP1 framework must be installed. o minimum 256 MB RAM. o minimum of 50 MB storage space for the Riva application (additional storage space should be available to hold the log files created by Riva). GroupWise system has to be configured (see Prepare the GW System): o the desired email domain name used in Active Directory must be added as a internet domain name hosted by the GroupWise system. o the Post Office has to be configured to use LDAP authentication to the AD domain controller. o the Post Office has to be configured to use the AD specified email domain name as the GW preferred email domain name. o Ensure that LDAP services on GWIA are not enabled or active when the GWIA agent is started/running.
Prepare the GW System Prepare the GroupWise System They key to making this work is to prepare the GroupWise system to use the same email domain settings as the Active Directory domain, and force the GroupWise Post Offices to use LDAP authentication to the Active Directory domain controller. This will ensure that existing edirectory/groupwise are linked to the Active Directory user accounts, and new AD user accounts are properly created in edirectory for GroupWise. Step 1 - Add the Desired Email Domain to the GroupWise System Step 2 - Configure the Post Office Preferred Email Domain Step 3 - Configure Post Office LDAP Authentication Step 4 - Ensure that LDAP Services for the GWIA are Disabled Step 1 - Add the Desired Email Domain to the GroupWise System 1. Open MMC and confirm the email domain name assigned to user accounts that will be created / synchronized to the GroupWise System (important note - you are limited to one email domain per GroupWise Post Office). In this example, the email domain used in Active Directory is DEV03-EX03.local 2. Open ConsoleOne and add the Active Directory email domain to the GroupWise system. o Select the "GroupWise System" in the tree pane. From the main menu, select "Tools" > "GroupWise System Operations" > "Internet Addressing".
o Click "Create" and add the Active Directory email domain name and click "OK". and click "OK". o In the "GroupWise Administrator" window select "Yes" or "No" to answer the question "Do you want to update the edirectory Internet EMail Address for all affected users. o Click "OK". Step 2 - Configure the Post Office Preferred Email Domain 1. In ConsoleOne, set the preferred email domain for the Post Office: o Select the Post Office object in the tree view under the GroupWise System. Right-click the Post Office and choose "Properties". o Under the "GroupWise" tab, select "Internet Addressing". o Use the "Internet domain name:" drop-down list and select the desired Active Directory email domain added in Step 1 above.
o Click "Apply". In the "GroupWise Administrator" window select "Yes" or "No" to answer the question "Do you want to update the edirectory Internet EMail Address for all affected users. o Click "Close". Step 3 - Configure the Post Office LDAP Authentication 1. In ConsoleOne, create a LDAP server in the GroupWise system: o Select the "GroupWise System" in the tree pane. From the main menu, select "Tools" > "GroupWise System Operations" > "LDAP Servers". o Click "Add" and enter the necessary information to add a LDAP server entry.
Click "OK". o In the "Configure LDAP Servers" window click "Close". 2. In ConsoleOne, set the LDAP authentication properties for the Post Office. o Select the Post Office object in the tree view under the GroupWise System. Right-click the Post Office and choose "Properties". o Under the "GroupWise" tab, select "Security". o Check "LDAP Authentication". o Click the "Select Servers" button. In the Select LDAP Servers window, highlight the correct LDAP server in the "Available Servers" pane and click the left arrow button. This will move the selected LDAP server to the "Selected Servers" pane. Click the "Close" button. o In the "GroupWise Security" window click the "Apply" and "Close" buttons.
3. You will need to restart the Post Office Agent (service) to enforce the email domain and LDAP authentication changes. Step 4 - Ensure that LDAP Services for GWIA are Disabled 1. In ConsoleOne, verify that LDAP service is not enabled for the GWIA: o In the edirectory tree pane, open the Domain object that contains the GWIA agent. Ensure that ConsoleOne is looking for "Gateways" objects. o Right-click the "GWIA" object and select "Properties". o Under the "LDAP" tab, ensure that "Enable LDAP service" is not checked.
o Click "Cancel". 2. (Optional) verify that the running GWIA agent (service) does not have the LDAP service enabled.
Install Riva GAD
Create Riva GAD Policy