7020996: eDirectory Single Sign-On (SSO) not working despite all documented required configuration being done correctly

This document (7020996) is provided subject to the disclaimer at the end of this document.

Environment

Novell GroupWise 2014 R2 Support Pack 2

Situation

GroupWise Windows client users are prompted for a password when attempting to login to their GroupWise mailbox, when all documented configuration requirements have been properly met for eDirectory Single Sign-On.

Resolution

An improper value in an eDirectory user(s) object attributes, as seen in iManager, was modified to resolve this issue.

The GroupWise users are members of an eDirectory template object created in ConsoleOne when they originally had GroupWise 8. The GroupWise users were inheriting the template user attributes.
In iManager, properties of a problem user, General tab, “Other” menu selection, under “Valued Attribute” , there was listed an attribute called “NGW: User ID”, the improper value listed was “DClark”.
Once all “NGW:” attributes were removed under “Valued Attributes” the problem went away and users could successfully use eDir SSO with GroupWise.
Since this eDirectory template was later deleted and a new template created in iManager, this is also a solution to the issue.

Cause

Corrupted eDirectory template object in which users inherited eDirectory user attributes.

Additional Information

Note: The value “DClark” was not the correct user id of the user authenticated to eDirectory on the Windows workstation or the GroupWise UserID.

In the GroupWise Post Office Agent ( POA ) we could see :

16:36:05:000 2B4E C/S Login Windows Net Id=CN=QGTestUser OU=Metro, O=HQ ::GW Id=DClark :: 192.168.1.10
16:36:05:000 2B4E Novell client credentials reeceived:
16:36:05:000 2B4E Name = CN=QGTestUser,OU=Metro,O=HQ
16:36:05:000 2B4E Tree = ourTree
16:36:05:000 2B4E LDAP GUID = <Guid value>
16:36:05:000 2B4E System GUID = <Guid value>
16:36:05:000 2B4E Redirecting user DCLARK to 192.168.1.121:1677
—————————–
—————————–

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Leave a Reply