Skip to main content

Novell GroupWise

Connector name

agtgrpw

Connector type

Executable / Python script / etc

Type (UI field value)

Groupwise Domain

Target system versions supported / tested

Bravura Security Fabric performs operations on Novell GroupWise using the native GroupWise client installed on the Bravura Security Fabric server. This client includes a COM application programming interface (API), which exposes user administration functionality.

Bravura Identity can provision GroupWise users, including creating their home mail folders and attaching users to a global address book.

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Installation / setup

The GroupWise Client must be installed on the Bravura Security Fabric server as a "Standard" installation, rather than as a "Workstation" installation. The GroupWise agent uses the NCP protocol to connect to GroupWise servers. Nothing is installed on Novell GroupWise servers.

Note

The agtgrpw agent establishes and closes a connection to Novell each time it is run. Only one connection can be active at any given time, so when the agent is run, it automatically terminates the NetWare connection from Windows.

The following Bravura Security Fabric operations are supported by the agent for Novell GroupWise (agtgrpw):

  • administrator reset password

  • create account

  • delete account

  • update attributes

  • list account attributes

  • List:

    • accounts

    • attributes

The following sections show you how to:

  • Install the required software components

  • Define an account for the target system administrator in Novell GroupWise

  • Set the Novell GroupWise target system address in Bravura Security Fabric

  • Create template accounts using Netware Administrator

This chapter also describes how Bravura Identity handles special attributes, which are used when creating or modifying accounts on Novell GroupWise.

Preparation

Before you begin, you must:

  • Document the NDS tree name where the GroupWise domain resides.

  • Know the network directory path (UNC) for the GroupWise mail domain where Bravura Security Fabric performs operations.

    For example: \\testserv5\sys\mail\gwdom

  • Install the GroupWise client software on the Bravura Security Fabric server.

  • Create an administrative account on the GroupWise domain that Bravura Security Fabric can use to perform operations.

  • Create a system account to access the UNC path to the GroupWise domain, if GroupWise is installed on a Windows system.

  • Create at least one test account on the GroupWise domain, whose password will be verified, changed and reset during testing. Document the login ID and password of every such account.

Installing the client software

Install these components in the following order:

  1. Novell Client for Windows

  2. GroupWise Client for Windows

    Due to the specific installation requirements, it is recommended that you always target GroupWise from Bravura Security Fabric proxy server.

Configuring a target system administrator

Bravura Security Fabric uses a designated account on the Novell GroupWise target system to create and manage objects.

Administrators for Novell GroupWise directories are defined in the parent Novell NDS context.

To create an administrative account on a Novell Directory Services (NDS) server, first create a user on the NDS directory that you want to manage, then add the user as a trustee for the directory:

  1. Open Netware Administrator at <volume name>\sys\public\win32\nwadmin.exe.

  2. Expand the tree list to see the directory level object that you want the user to manage.

    For example, select Root if you want the user to manage the entire directory.

  3. Right-click on the object name and select Add Trustee.

    Netware Administrator displays the Select Object dialog box.

  4. Select the user you want to add as a trustee and click OK to close the Select Object dialog box.

  5. Click the appropriate checkboxes in the Object Rights section of the Add Trustee dialog box. These rights define the access permissions the user has at the selected directory level.

  6. Click the appropriate checkboxes in the Property Rights section. These rights define what actions the user can perform at the selected directory level.

  7. Click OK.

Ensure that you set and note the account’s password. You will be required to enter the account’s login ID and password when you add the GroupWise target system to Bravura Security Fabric .

If GroupWise is installed on a Windows system, Bravura Security Fabric also requires access to the UNC path using a system account. A share is established to access information required to perform the supported operations. If Groupwise is installed on a Novell NDS system, a system account is not required; GroupWise and NDS use the same Admin ID.

Targeting a GroupWise domain

For each GroupWise domain, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems).

  • The target system type is Groupwise Domain .

  • The target system address uses the following options:

    Tree Groupwise Tree name

    Domain UNC path to mail directory

    Config file (Optional) Configuration file to manage passwords on multiple domains. See Targeting multiple domains .

  • The administrative credentials are the ID and password of the administrative account that you created earlier.

    If GroupWise is installed on a Windows system, enter the name and password of the system account and identify it as a System password .

  • Set the Program to generate a list of target systems to the sub-host plugin name, if targeting multiple domains.

    Bravura Pass includes the discgrpw sub-host plugin, to manage multiple secondary GroupWise domains. See Targeting multiple domains for more information.

Targeting multiple domains

Although Bravura Pass can manage passwords on multiple GroupWise Domains by targeting each separate domain, this can become difficult to manage if there are a large number of domains. Alternatively, Bravura Pass can target a single primary domain and use the discgrpw sub-host plugin to manage multiple secondary domains.

To target multiple GroupWise domains using discgrpw:

  • Write a configuration file placed in the \<instance>\psconfig\ directory containing the UNC path for each secondary domain in the format:

    \\domainpath1

    \\domainpath2

    The configuration file cannot be installed on a Windows share.

  • Enter the name of the configuration file in the Config file field in the target system address wizard.

  • In the Program to generate a list of target systems field, type: discgrpw.exe.

See Target systems composed of multiple servers for more information about discgrpw.

Handling account attributes

The attributes that define accounts are unique to specific applications; you must therefore create your own set of account attributes. You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module account attributes menu.

See Account attributes in the Bravura Security Fabric configuration documentation for more information.

Creating a template account

Use the following procedure to create a user account on a Novell GroupWise domain.

Users must have a Novell NDS account in the same context before you can create a Novell GroupWise account.

When a product administrator uses a template to create a Novell GroupWise account, Bravura Identity creates a user account in the same Post Office as the template user account.

See your Novell systems administrator or Novell documentation for more information.

To create a template Novell GroupWise user account:

  1. Create a new user account on the Novell NDS parent server.

  2. Open Netware Administrator at: <volume name>\sys\public\win32\nwadmin.exe .

  3. Expand the tree list to see the Novell GroupWise Post Office (third level or lower branch) to which you want to add a Novell NDS user account.

  4. Right-click on the Post Office name and select Details.

    Netware Administrator displays the Post Office Details dialog box.

  5. Select the Membership page.

  6. Click Add.

    Netware Administrator displays the Select Object dialog box.

  7. Search for and select the Novell NDS user account for which you want to add a Novell GroupWise account.

  8. Click OK to close the Select Object dialog box.

  9. Click OK to close the Post Office dialog box.

Configuring agent behavior

If the GroupWise connector (agtgrpw) fails to retrieve user lists (typically due to mail infrastructure problems), you can configure Bravura Security Fabric to list users by enumerating each PostOffice rather than from the domain directly. To do this:

  1. Log in to the Manage the system (PSA) module.

  2. Click Manage the system > Maintenance > Connector behavior and navigate to the Groupwise connector behavior configuration page.

  3. Enable GRPW LIST PO.

  4. Click Update.

Troubleshooting

If you experience any errors, verify that:

  • The Novell Client is installed on the Bravura Security Fabric server, rather than the Microsoft Client for Novell Networks.

  • You can log into each mail domain from the Bravura Security Fabric server using the administrator ID and password you created.

  • If the GroupWise agent reports the following error message:

    Invalid Domain name,

    then the address you entered for the server is incorrect. Be sure that the network path is a UNC rather than a drive letter.

  • If the GroupWise agent reports the following error message:

    RESOLVE_SVC_PARTIAL,

    then the administrator login ID is not a fully-qualified NDS name, and the system cannot find the specified administrator. Change the login ID to a fully qualified NDS name.

  • If the GroupWise agent reports the following error message:

    ERR_FAILED_AUTHENTICATION,

    then the administrator’s password is wrong. Change the password in the target system configuration screen.

  • If the GroupWise agent reports the following error message:

    the user doesn’t have account on the domain,

    then the user has a different login ID on the GroupWise domain than elsewhere on the network. This should be resolved using an alternate login ID. See Updating profiles with alternate login IDs.

    Another possibility is that the user had an account in the past in the GroupWise domain, but it has been removed.

  • If the GroupWise agent reports error message

    wrong username or password,

    then the user performing a password change on his own account provided an incorrect current password.

  • If the agtgrpw program’s log file shows the error "Failed to create instance," make sure that the GroupWise client was installed as a "Standard" installation and not as a "Workstation" installation.

In this section: