Understanding the Value of LDAP Authentication


For users to access their mailboxes, they need to use authentication credentials. In GroupWise the authentication credentials consist of the USERID/Mailbox ID and a password.

Here are the three most common conditions under which users do not need to enter a password in order to access their GroupWise mailboxes via the Windows client:

  • The user has the Novell client installed, and is authenticated to eDirectory on a Windows computer.

  • The post office security level is set to Low.

  • Novell's SecureLogin/Single Sign-On software is deployed, and so users must enter their GroupWise passwords just once, and Single Sign-On stores the GroupWise password.

Although with the GroupWise Windows client it might be easy to bypass the need to know, or even to create a GroupWise password, there are other circumstances that require the users to enter a password as part of their authentication credentials. These are some of the common circumstances:

  • The Novell client is not installed on a user's computer, and the post office security level is set to High. Some customers are implementing environments in which core "NetWare" services are provided via iFolder and iPrint, and so they do not have the Novell client installed.

  • The user needs to authenticate as a GroupWise WebAccess user.

  • The user needs to authenticate as a GroupWise wireless user.

Without LDAP enabled, a user's password is a GroupWise password, which doesn't necessarily correlate with the user's eDirectory password. The downside to this is that users must then remember two passwords, one for eDirectory and one for GroupWise. This can be particularly confusing for users who regularly use the GroupWise Windows clientwhereby they really do not need to know a GroupWise password. Users are faced with a GroupWise WebAccess login page, and they are dumbfounded as to why the password they enterwhich is their eDirectory passworddoes not allow them to access GroupWise WebAccess.

With LDAP authentication enabled, users can now use their eDirectory password to authenticate to GroupWise. They do not need to remember a GroupWise password; they need to remember only their LDAP or eDirectory passwords for authenticating to GroupWise. There are some other potential benefits to GroupWise using LDAP for authentication credentials, as mentioned here:

  • eDirectory password expiration capabilities will also affect GroupWise (you can control this feature if you want).

  • When a user changes his password in GroupWise, it can also change his eDirectory password (you can control this feature if you want).

Note

Most GroupWise customers will probably be using eDirectory's LDAP component to provide LDAP authentication services to the post office. However, GroupWise is flexible enough to allow you to use LDAP-compliant directories other than eDirectory.




NOVELL GroupWise 7 Administrator Solutions Guide
Novell GroupWise 7 Administrator Solutions Guide
ISBN: 0672327880
EAN: 2147483647
Year: 2003
Pages: 320
Authors: Tay Kratzer

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net