Purpose of Riva GAD
Purpose for Riva GroupWise for Active Directory
Many organizations that have implemented Active Directory to manage user accounts, file & print, wish to continue to use GroupWise as their primary email environment. Presently, administrators must manage both AD accounts for file and print and eDirectory accounts for GroupWise. This involves using a myriad of network administration tools that can include MMC, ConsoleOne, and iManager.
Riva "GroupWise for Active Directory" is a policy management module in Riva that will permit using Active Directory user accounts as the primary Directory store for GroupWise. The end result is that user account management tools will be reduced to using MMC. This is accomplished by:
·
Configuring the GroupWise System to use the same email domain that is configured for the AD domain.·
Configuring GroupWise post offices to use LDAP authentication to the AD domain controller for GroupWiseauthentication. As such, users authenticating from their GroupWise client will be validated against the AD user account instead of the eDirectory account.
·
Configure a Riva policy that will use Active Directory user accounts as the source for creating new GroupWiseaccounts and managing existing GroupWise accounts. All user account management will be done using MMC Active Directory Users and Computers.
View On-Demand Presentations
Riva Identity Integration for Active Directory and GroupWise Overview (11 min)
System Requirements
Riva GroupWise for Active Directory System Requirements
The special nature of this policy module dictates some special system requirements:
·
Riva will normally be installed on a Windows 2003 member server of the AD domain:o
If the GroupWise system is being hosted on a Windows member server, the Riva can be installed on that server.o
If the GroupWise system is hosted on a NetWare server or a SLES server, then the Riva server must be able to access the location of the wpdomain.db file of a domain through a mapped drive or UNC path with ability to read and write to the wpdomain.db file, OR, a secondary domain can be installed on the Windows server hosting Riva.·
Windows 2003 host server must meet the following requirements:o
latest Novell windows client is installed.o
applicable GroupWise client is installed.o
.Net 3.5 SP1 framework must be installed.o
minimum 256 MB RAM.o
minimum of 50 MB storage space for the Riva application (additional storage space should be available to hold the log files created by Riva).·
GroupWise system has to be configured (see Prepare the GW System):o
the desired email domain name used in Active Directory must be added as a internet domain name hosted by the GroupWise system.o
the Post Office has to be configured to use LDAP authentication to the AD domain controller.o
the Post Office has to be configured to use the AD specified email domain name as the GW preferred email domain name.Prepare the GW System
Prepare the GroupWise System
They key to making this work is to prepare the GroupWise system to use the same email domain settings as the Active Directory domain, and force the GroupWise Post Offices to use LDAP authentication to the Active Directory domain controller. This will ensure that existing eDirectory/GroupWise are linked to the Active Directory user accounts, and new AD user accounts are properly created in eDirectory for GroupWise.
·
Step 1 - Add the Desired Email Domain to the GroupWise System·
Step 2 - Configure the Post Office Preferred Email Domain·
Step 3 - Configure Post Office LDAP Authentication·
Step 4 - Ensure that LDAP Services for the GWIA are DisabledStep 1 - Add the Desired Email Domain to the GroupWise System
1. Open MMC and confirm the email domain name assigned to user accounts that will be created / synchronized to the GroupWise System (important note - you are limited to one email domain per GroupWise Post Office).
In this example, the email domain used in Active Directory is DEV03-EX03.local
2. Open ConsoleOne and add the Active Directory email domain to the GroupWise system.
o
Click "Create" and add the Active Directory email domain name and click "OK".and click "OK".
o
In the "GroupWise Administrator" window select "Yes" or "No" to answer the question "Do you want to update the eDirectory Internet EMail Address for all affected users.o
Click "OK".Step 2 - Configure the Post Office Preferred Email Domain
1. In ConsoleOne, set the preferred email domain for the Post Office:
o
Select the Post Office object in the tree view under the GroupWise System. Right-click the Post Office and choose "Properties".o
Under the "GroupWise" tab, select "Internet Addressing".o
Click "Apply". In the "GroupWise Administrator" window select "Yes" or "No" to answer the question "Do you want to update the eDirectory Internet EMail Address for all affected users.o
Click "Close".Step 3 - Configure the Post Office LDAP Authentication
1. In ConsoleOne, create a LDAP server in the GroupWise system:
o
Select the "GroupWise System" in the tree pane. From the main menu, select "Tools" > "GroupWise System Operations" > "LDAP Servers".Click "OK".
o
In the "Configure LDAP Servers" window click "Close".2. In ConsoleOne, set the LDAP authentication properties for the Post Office.
o
Select the Post Office object in the tree view under the GroupWise System. Right-click the Post Office and choose "Properties".o
Under the "GroupWise" tab, select "Security".o
Check "LDAP Authentication".o
Click the "Select Servers" button. In the Select LDAP Servers window, highlight the correct LDAP server in the "Available Servers" pane and click the left arrow button.3. You will need to restart the Post Office Agent (service) to enforce the email domain and LDAP authentication changes.
Step 4 - Ensure that LDAP Services for GWIA are Disabled
1. In ConsoleOne, verify that LDAP service is not enabled for the GWIA:
