Moved all NW POs to SUSE Linux boxes. We were continuing to use existing NW LDAP servers for user authentication on the POs. This week, I started the process of "switching" the Post Office to do LDAP user authentication using SUSE Linux OES2 servers.

For the most part this failed big time for almost all Post Offices. Each time I changed the properties of the Post Office to use the SUSE Linux LDAP servers, I would get these errors.

12:30:33 192 Initializing Secured LDAP session with 10.10.10.115 at port 636 using SSL Key file /opt/novell/groupwise/agents/lib/nldap/student10.der (Flynns)
12:30:33 192 LDAP Error: 81 (Flynns)
12:30:33 192 LDAP Error: Can't contact LDAP server (Flynns)
12:30:33 192 Error: Attempt to do client/server actions with no access [D04F] User:Flynns (Flynns)
12:30:35 488 SOAP command:[loginRequest] requested from ::ffff:10.10.2.175 User session(Greenwt)
12:30:36 192 *** NEW APP CONNECTION, Tbl Entry=127, Check ID=1321446436
12:30:36 192 C/S Login Windows Net Id=Bilbob.FacStaff.TMC ::GW Id=Bilbob :: ::ffff:10.20.10.111
12:30:36 192 Initializing Secured LDAP session with 10.10.10.114 at port 636 using SSL Key file /opt/novell/groupwise/agents/lib/nldap/student10.der (Bilbob)
12:30:36 192 LDAP Error: 81 (Bilbob)
12:30:36 192 LDAP Error: Can't contact LDAP server (Bilbob)
12:30:36 192 Error: Attempt to do client/server actions with no access [D04F] User:Bilbob (Bilbob)

Created new certificates did not help.

Eventually I got the Post Office to work with LDAP authentication using the SUSE Linux LDAP servers (Example:)

(see it working on an existing post office)

Server Pool: LDAP on ADMIN10 SERVER
LDAP Authentication Server IP Address 10.10.10.114
LDAP Server Port 636
LDAP SSL Enabled Yes
LDAP SSL Key File Name /opt/novell/groupwise/agents/lib/nldap/student10.der
LDAP User Authentication Method Bind
LDAP Server Status Good
Total Hits on an Established Bind: 532
Total Number of New Binds: 384
Total LDAP Requests to this Server: 916
Total Number of Failed Bind: 0
Server Pool: LDAP on TMCSUSE2 SERVER
LDAP Authentication Server IP Address 10.10.10.39
LDAP Server Port 636
LDAP SSL Enabled Yes
LDAP SSL Key File Name /opt/novell/SSL/admin10.der
LDAP User Authentication Method Bind
LDAP Server Status Good
Total Hits on an Established Bind: 545
Total Number of New Binds: 375
Total LDAP Requests to this Server: 920
Total Number of Failed Bind: 0


After a LOT of trial and error, what "magically" ended up working for me was to REBUILD the Post Office and then the LDAP authentication via the SUSE Linux servers started working. Why I don't know nor do I understand.

BUT I have ONE remaining Post Office that is refusing to use the LDAP servers on the Linux boxes. The other Post Office are doing LDAP authentication via the SUSE LDAP servers I set up in GroupWise BUT this one Post Office, I can go get it to work. I just rebuilt the domain and this post office for a second time, hoping it would word today, and started up the post office but NO good. When I look at the LDAP Authentication page I see the BAD state on the two LINUX LDAP servers.

Load Balance Pool Configuration: **Server Pool: LDAP on STUDENT10 SERVERLDAP Authentication Server IP Address10.10.10.115LDAP Server Port636LDAP SSL EnabledYesLDAP SSL Key File Name/opt/novell/groupwise/agents/lib/nldap/student10.derLDAP User Authentication MethodBindLDAP Server StatusBadTime left before Server resets288Last Quarantine Error code81Last Down Time11-16-11 12:30:33Total Hits on an Established Bind:0Total Number of New Binds:4Total LDAP Requests to this Server:4Total Number of Failed Bind:1Server Pool: LDAP on ADMIN10 SERVERLDAP Authentication Server IP Address10.10.10.114LDAP Server Port636LDAP SSL EnabledYesLDAP SSL Key File Name/opt/novell/groupwise/agents/lib/nldap/student10.derLDAP User Authentication MethodBindLDAP Server StatusBadTime left before Server resets7Last Quarantine Error code81Last Down Time11-16-11 12:30:36Total Hits on an Established Bind:0Total Number of New Binds:4Total LDAP Requests to this Server:4Total Number of Failed

So then I go back into C1 and add my two NW LDAP servers to the pool and everything is fine again.

I want to shut down these two NW boxes and are only doing LDAP but I can't until I can get this ONE post office to do LDAP authentication on other than my two NW servers.