This section contains information to help you use the Identity Manager Driver for GroupWise.
If you run a server-based anti-virus software, you should configure it so that is does not scan the Groupwise directory structures such as domains and post offices. The anti-virus software causes file locking conflicts and can create problems for the GroupWise agents. If you need virus scanning on the GroupWise data, check the GroupWise Partner Products page.
It is important not to disable the driver. When a driver is disabled, eDirectory events are not cached.
The driver can only access eDirectory objects in the partitions on the server where the driver is installed.
Users, post offices, resources, and distribution lists must be in the same partition. (Or, the partitions containing these objects must all have replicas on the server running the driver.)
The driver must have read/write access to User objects, post offices, resources, groups, distribution lists, and create rights to the post office container in eDirectory. Normally, the driver should be given security equal to Admin.
If you are creating external post offices, the driver also needs read/write access to the domain.
If the option to synchronize Groups (creating, deleting, renaming, or making membership changes) is enabled, the driver creates a Distribution List in GroupWise when the user creates a Group in eDirectory and then links the two together. If the Group is renamed, the description modified, or users are added or removed to or from the Group, the driver synchronizes the changes with the Distribution List in GroupWise. This corresponds to similar functionality in the GroupWise snap-ins for ConsoleOne.
The default Placement policy adds the Distribution Lists to the post office specified when the driver is created. If you want the Distributions Lists to be added to a different post office, or various post offices depending on some criteria, you need to change the Placement policy. See Specifying Distribution Lists for more information.
By default, this occurs for all Groups created in eDirectory. You should add rules to the Create policy to limit what Groups (by containment or attribute value) are processed by the driver.
The driver synchronizes distribution list objects. The Filter, and Schema Mapping policy include the distribution list objects. The distribution list is updated and maintain by the driver just like the Group objects.
Use the steps in this section if it is necessary to remove the GroupWise account using the GroupWise snap-ins.
Do one of the following:
If an Identity Manager association exists, change the state to Disabled.
When the user has an Identity Manager association to the driver with the state set to Disabled, and an attribute is changed in eDirectory, Identity Manager disregards the modify request.
If an Identity Manager association does not exist, manually create one, set the associated object ID to any value, then set the state to Disabled.
When the user does not have an Identity Manager association and an attribute is changed on the eDirectory user, the GroupWise account is re-created. When a user has an Identity Manager association to the driver with the state set to Disabled, and an attribute is changed in eDirectory, Identity Manager discards the modify request.
Delete the GroupWise account.
To re-create the GroupWise account, delete the association.
Change an eDirectory attribute on the user that the driver watches for modifications or Resync.
Administrators sometimes delete the value of the GroupWise ID attribute (disassociate) from an eDirectory user and then re-associate (graft) it. This action resets the relationship between an eDirectory user and a GroupWise account. This action only involves the GroupWise snap-ins and does not involve the driver. Care should be taken when using this procedure. Changes made to the eDirectory user between the time the GroupWise ID is deleted and the user is re-associated are not synchronized to GroupWise. This is not a recommended procedure. Refer to the GroupWise Administration Guide for known issues and precautions.
Using the GroupWise snap-ins to rename users is not recommended. However, if the user is renamed using the GroupWise snap-ins, it must done with GroupWise 6 Support Pack 1 or higher. Otherwise, the driver could generate errors. Rename the user object in the authoritative data source and let the driver rename the account in GroupWise.
You can delete an eDirectory User and the corresponding GroupWise account with the GroupWise snap-ins. However, the recommended procedure is to remove the user from the authoritative data source and let the driver remove the account from GroupWise. The eDirectory user must have a valid Identity Manager association to the driver for this to work. The driver might log a warning or error if the account is deleted using the GroupWise snap-ins, because the object might have already been removed by the GroupWise snap-ins when the driver tries to delete it.