I was able to set up a test post office to authenticate a user via LDAP over SSL on 636 to my Active Directory 2008 R2 schema version. I'm having problems getting it to reset the AD password from GroupWise client or WebAccess. I have a hundred or more users that we host only email for and no directory services. Since they don't connect to my active directory for anything else, I want them to be able to change their AD passwords in our AD through the GroupWise client or Webaccess.

This is the error I get on my POA when I try to reset the password from GroupWise:

08:01:10 744 LDAP Error: 34 (username)
08:01:10 744 LDAP Error: Invalid DN syntax (username)
08:01:10 744 Error: LDAP failure detected [D06B] User:username (username)

From the research I've done for this error, it seems like it's an issue between the "LDAP Authentication" field in ConsoleOne, GroupWise Account, and the distinguished name for the same user in Active Directory. I've tried username@domain.com in this LDAP Auth field. It allows me to login OK, but won't let me change the password. I've also tried fully distinguished name for my user which I've pulled right out of an LDAP browser into Active Directory for this user, CN=user name,OU=div,OU=org,DC=domain and placed this in my LDAP Authentication field and get the same Error 34. If I remove everything from the LDAP authentication field, I can't login.

I've checked to make sure the box isn't checked to disable LDAP password changes in the PO properties.

I'm stumped and I can't move in this direction until I get this fixed. I'm not sure if Novell will support this if I open a ticket.