GWeDirectory Association | Novell GroupWise 7 Administrator Solutions Guide

GW/eDirectory Association

This section discusses the options available when you select the GW/eDirectory Association option from the GroupWise Utilities menu.

Graft GroupWise Objects

The Graft Wizard helps you add GroupWise attributes to eDirectory user objects, and add GroupWise objects to the eDirectory tree. Recall that GroupWise has its own directory independent of eDirectory. The graft function is used on the occasions that a GroupWise object isn't in eDirectory, or is somehow not associated with its eDirectory object. Throughout this book, you can find instances in which you will be told to use the graft function. If you are creating a GroupWise system from scratch, you will not need to use this tool, because your eDirectory user objects will automatically be grafted to the GroupWise mailboxes you create.

Invalid Associations

The Invalid Association utility allows you to identify whether you have any invalid associations between your GroupWise directory store and eDirectory. Here are the steps you should take to use this utility:

Highlight an eDirectory OU in ConsoleOne with users in it whom you are searching through in order to find invalid associations.

Select Invalid Associations.

The utility will look for objects in that eDirectory OU that have the following type of a problem:

eDirectory says that it has an object GBROWN.OU1.ACME that points to the GroupWise object GBROWN.PO1.DOMAIN1.
GroupWise reports that GBROWN.PO1.DOMAIN1 is associated with GBROWN.OU2.ACME.

The Invalid Association utility will then come up with a wizard that helps you resolve this potential issue. This issue could likely happen if you have regrafted objects, and somehow you grafted the users into an OU in which they did not originally exist, or your GroupWise system spans multiple eDirectory trees and there are user objects that GroupWise is pointing to in the wrong tree.

Disassociate GroupWise Attributes

The Disassociate GroupWise Attributes feature is the opposite of a graft. This feature is used when you want to disassociate a GroupWise object from its eDirectory object. This is often used for troubleshooting purposes. For example, you suspect that an eDirectory object has some corruption in it, and you want to delete the object from eDirectory but not from GroupWise. This is a perfect scenario to disassociate the eDirectory object from its GroupWise object.

As illustrated in Chapter 3, "Understanding the GroupWise Directory," and Chapter 5, "Working with GroupWise Objects," when GroupWise is first installed into a network, it adds attributes to, or extends, the eDirectory user object. This makes administration of user accounts much simpler.

Unfortunately, the synchronization between eDirectory and the GroupWise domain and post office databases is not perfect. Sometimes, particularly after a user moves, the eDirectory user object contains inaccurate GroupWise attributes, and the user mailbox can no longer be administered from ConsoleOne.

Here is where the Disassociate GroupWise Attributes tool comes into the game. This tool strips all the GroupWise information from the highlighted user's eDirectory object.

The Disassociate GroupWise Attributes tool has no interface window of its own. To remove GroupWise attributes from a user, do the following:

1.	Select the user object in either the eDirectory or the GroupWise view.
2.	Pull down the Tools menu and choose GroupWise Utilities, GW/eDirectory Association, Disassociate GroupWise Attributes.

If you were to use Display Object tool under Tools, GroupWise Diagnostics, on a user whose GroupWise attributes had been removed, you would find that none of the attributes with NGW in their names (the GroupWise schema extensions) was populated. Also, "GDS" (GroupWise directory services) information would appear. The eDirectory object would no longer be linked to a GroupWise object.

When GroupWise attributes have been removed, the user's mailbox still exists. All that has happened, in practical terms, is that the link between the GDS and eDirectory systems has been broken for this user.

Convert External Entity to User

The Convert External Entity to User tool allows you to take a GroupWise external entity user who does not currently have an eDirectory account and convert that user to a GroupWise user with an eDirectory account. By converting an external entity into a full eDirectory user, the user can leverage services from eDirectoryfor example, LDAP authentication or password expiration.

Tip

You can select multiple external entities in eDirectory and convert them all to full eDirectory users in one step.

Convert User to External Entity

The Convert User to External Entity feature allows you to take a GroupWise user who also has an eDirectory account and convert that user and eDirectory account so that it's an external entity. External entities have a green shirt (rather than a red shirt on a typical eDirectory user object), and external entities have no eDirectory rights. External entities do not use an eDirectory license, which is typically the motivation behind making a user an external entity. So if you are sure that this user does not need eDirectory rights or services, go ahead and make the user an external entity.

Tip

You can select multiple eDirectory user objects and convert them all to external entities in one step as well.

Note

If you are using LDAP authentication, external entity users cannot authenticate to eDirectory via LDAP. That being the case, you must assign a GroupWise password to external entities to allow them to get into GroupWise.