GroupWise Login Algorithm.
(Last modified: 16Dec2002)
This document (10009325) is provided subject to the disclaimer at the end of this document.
goal
GroupWise Login Algorithm.
fact
Novell GroupWise 5.0.
Novell GroupWise 5.1.
Novell GroupWise 5.2.
Novell GroupWise 5.5.
Novell GroupWise 32-bit Client
Client/Server Access Mode.
Direct Access Mode.
symptom
Launch GroupWise client.
User cannot launch GroupWise client.
GroupWise Client is not starting client server always defaults to direct.
GroupWise client keeps going to NGWNAMESERVER.
Post office is setup for both client server and direct.
GroupWise client cannot authenticate the user to the post office on first launch.
fix
Two items of information are required to establish a GroupWise client session, GroupWise User ID, Post Office Location. The following information will show how each of these is specified or discovered by the GroupWise Login routine.
NOTE: the NDS lookups are currently supported by Microsoft Windows and MAC Clients
GroupWise User ID
Five ways to determine which User is logging in
The order is as follows:
1) Client Specified User ID - User ID specified on command line with /@u or was entered at the Login dialog
2) Client Specified Login ID - Login ID specified on command line with /la. The command line dictates the Login ID, GroupWise looks for corresponding User ID
3) NDS Login ID - User ID or Login ID has not been specified on the command line, the NDS Login ID is retrieved by the Engine using the NDS WhoAmI routine. GroupWise looks for a corresponding User ID
4) Windows/Network Login ID - Login ID retrieved using a call such as Windows' WnetGetUser(). GroupWise looks for corresponding User ID
5) Cached User ID - User ID stored by the GroupWise Client in the Registry. GroupWise looks corresponding User ID.
If a User ID is still not known but a Login ID is specified (step #2) or discovered (step #3 or #4) a lookup will be attempted. The first lookup will be in the NDS User object using the Login ID as the User's Distinguished Name. If a User ID is still not found the second lookup is tried in the Post Office's Host database using the Login ID as the Net ID. If all of these steps are unsuccessful at retrieving a User ID then the login will fail.
POST OFFICE Location
There are four items that can be used to locate a Post Office. For each of these the Engine supports multiple TCP/IP Addresses and a single Path to Host. They are tried in the following order until a Post Office is located:
1) Command Line / Login Dialog - locations specified on the command line with the /ipa, /ipp, and/or /ph switch or were entered at the Login dialog
2) NDS Lookup - location is retrieved from NDS. First lookup is the NDS User object, the User ID as the User's GroupWise Object ID attribute. Second lookup is NDS GroupWise Post Office object using the User's GroupWise Post Office attribute as the Distinguished Name. The GroupWise Access Mode and Location attributes are retrieved, based on the Access Mode, the platform specific Location is used for the Path to Host. Third lookup, if allowed by the Access Mode, will be for the subordinate NDS GroupWise Agent object servicing the post office. The Network Address attribute will be read and used as the TCP/IP Address and Port.
3) Cache - TCP/IP address or file path stored by the GroupWise Client in the Registry.
4) Default Name Server, Client/Server Access only (TCP/IP) - last the TCP/IP default name servers "ngwnameserver" and "ngwnameserver2" and use the default port, 1677.
Post Office authentication process:
1) Connection is established, Access Modes are looked up in the Host database. If not connected to the user's Post Office or if the Post Office is not supporting the current connection mode, a new TCP/IP Address and Port or Path to Host will be looked up, the connection is closed and tried again.
2) Client/Server (TCP/IP) connection is tried first, then Direct (Path to Host).
3) If TCP/IP has been disabled, the connection will probably time out. This can take a while and is based on the retry configuration. It will also time out if the Post Office Agent is down or TCP/IP is configured incorrectly.
NDS Object & Attribute Rights
The following are the minimum object and attribute rights necessary for the NDS lookups to succeed:
1) User (NDS) Object - Browse
NGW: Object ID - Read & Compare
NGW: Post Office - Read
Surname (NDS) - Read
2) GroupWise Post Office Object - Browse
NGW: Access Mode - Read
NGW: Location - Read
3) GroupWise Agent Object - Browse
(Subordinate of the GW Post Office Object)
NGW: Type - Read
Network Address (NDS) - Read
Automating Client Login and Post-Office detection system wide.
There are two ways of doing this. It is recommended that you implement both of the options below. The NDS option will provide autodetection for users who are logged in to NDS. The DNS implementation is for Non-NDS users and is a last resort when the NDS detection isn't possible.
NOTE: The steps below are independent but can work together...
NDS implementation (Best solution)
NDS Detection of Post-Office
The GroupWise Client does a lookup on the object properties outlined above for the Post-Office and one or all of the agents associated with the Post-Office. NDS-based detection will override the cached IP address held by the local machine. This makes a user move easier.
DNS Implementation Redirection:
For Workstations that do not have NDS available, you add two entries in DNS and follow the steps outlined below :
1. Define an IP address for each Post Office Agent that will allow Client/Server connections within the GroupWise system. This information is entered in the Network Address field for the NDS Post Office Agent object.
NOTE: If you use DNS Host Names vs. the actual IP address, each of these names will need to be defined within DNS and associated with an IP address.
2. Define two entries in the DNS lookup table used by the desktops executing GroupWise. These entries are NGWNAMESERVER and NGWNAMESERVER2. Enter a valid IP address for any Post-Office within the GroupWise system.
Summary: After the two steps mentioned above (NDS and DNS Implementation), a user executes the GroupWise client (while Logged in to NDS), the client will auto-detect what Post Office the user resides on using the algorithm above. Entries in DNS for NGWNAMESERVER and NGWNAMESERVER2 are used as a last resort. If the client is not logged in to NDS, like a desktop using the Microsoft requester, and cannot autodetect the Post Office information, then it will query DNS for the NGWNAMESERVER entries. Once the NGWNAMESERVER entry is located, then the client will connect via Client/Server to the Post Office Agent. The NGWNAMESERVER Post Office Agent will then redirect the client to its home Post-Office.
No information is required in NDS to specify which Post Office Agent is NGWNAMESERVER. Any Post Office Agent within the system can be used. Once the client successfully loads using Client/Server, the IP address of the home Post Office for the user is cached in the registry of the local machine. The client can then load communicating directly to its home Post Office Agent without having to go back to NGWNAMESERVER.
NOTE: The Post Office Agent Redirection lists also allow a user to input any valid Post Office Agent IP address or DNS hostname (associated with a Post Office Agent) within the GroupWise system. The Post Office Agent will then redirect the client to its home Post Office and cache the correct IP address locally
10009325.
document
| Document Title: | GroupWise Login Algorithm. |
| Document ID: | 10009325 |
| Solution ID: | 1.0.896306.1986579 |
| Creation Date: | 25Jan1999 |
| Modified Date: | 16Dec2002 |
| Novell Product Class: | Groupware NetWare |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.