Novell GROUPWISE 8 Users
IV
Users
Chapter 13, “Creating GroupWise Accounts,” on page 213
Chapter 14, “Managing GroupWise Accounts and Users,” on page 227
novdocx (en) 22 June 2009
IV
Users
211
novdocx (en) 22 June 2009
212 GroupWise 8 Administration Guide
13
Creating GroupWise Accounts
For users to be able to use GroupWise®, you must give them GroupWise accounts. A GroupWise
account defines the user in the GroupWise system by providing the user with a GroupWise user ID
and GroupWise mailbox.
®
You can give GroupWise accounts to Novell
eDirectory. You can also give GroupWise accounts to users who do not have eDirectory accounts.
Refer to the following sections for details:
Section 13.1, “Establishing a Default Password for All New GroupWise Accounts,” on
page 213
Section 13.2, “Creating GroupWise Accounts for eDirectory Users,” on page 214
Section 13.3, “Creating GroupWise Accounts for Non-eDirectory Users,” on page 224
Section 13.4, “Educating Your New Users,” on page 225
eDirectoryTM users during or after their creation in
novdocx (en) 22 June 2009
13
13.1 Establishing a Default Password for All New GroupWise Accounts
To save time and energy when you are creating new GroupWise accounts, you can establish a
default password to use for all new accounts.
®
1 In ConsoleOne
Password.
2 Type the password you want to use as the default, then click OK.
3 Explain to users how to set their own passwords in the GroupWise client, as described in:
“Assigning a Password to Your Mailbox” in the GroupWise 8 Windows Client User Guide
“Assigning a Password to Your Mailbox” in the GroupWise 8 Linux/Mac Client User
Guide
“Changing Your Password” in the GroupWise 8 WebAccess Client User Guide
, click To ol s > GroupWise System Operations > System Preferences > Default
Creating GroupWise Accounts
213
13.2 Creating GroupWise Accounts for eDirectory Users
Depending on your needs, you can choose from the following methods to create GroupWise
accounts for eDirectory users:
Creating a Single GroupWise Account: You can create a GroupWise account for a single
eDirectory user by editing the GroupWise information on his or her User object. This method
lets you create the GroupWise account on any post office, select the GroupWise user ID, and
configure optional GroupWise information. It provides the most flexibility in creating a user’s
GroupWise account.
Creating Multiple GroupWise Accounts: You can create GroupWise accounts for multiple
eDirectory users by editing the membership information on a Post Office object. This method
allows you to quickly add multiple users to the same post office at one time. However, you
cannot select the user’s GroupWise user ID; instead, the user’s eDirectory username is
automatically used as his or her GroupWise user ID. In addition, to configure other optional
GroupWise information for a user, you need to modify each User object.
Using a Template to Create GroupWise Accounts: You can create a template to apply to new
eDirectory User objects you create. The template can be configured to automatically assign the
user to a post office.
novdocx (en) 22 June 2009
Creating GroupWise Accounts by Importing Users: You can import information from ASCII-
delimited text files.
13.2.1 Creating a Single GroupWise Account
To create a GroupWise account for an eDirectory user:
1 In ConsoleOne, right-click the User object, then click Properties.
2 Click GroupWise > Account to display the Account page.
3 Fill in the following fields:
214 GroupWise 8 Administration Guide
Post Office: Select the post office where you want the user’s mailbox created.
Mailbox ID: The mailbox ID (also referred to as the GroupWise user ID or username) defaults
to the eDirectory username. You can change it if necessary.
Do not use any of the following invalid characters in the mailbox ID:
ASCII characters 0-31 Comma ,
Asterisk * Double quote “
At sign @ Extended ASCII characters that are graphical or typographical
symbols; accented characters in the extended range can be used
Backslash \ Parentheses ( )
Braces { } Period .
Colon :
4 Click Apply to create the account.
You must create the account by clicking Apply (or OK) before you can modify any of the other
fields, including the GroupWise password.
novdocx (en) 22 June 2009
5 If desired, modify any of the following optional fields:
Visibility: Select the level at which you want the user to be visible in the Address Book.
System enables the user to be visible to all users in your GroupWise system. Domain enables
the user to be visible to all users in the same domain as the user. Post Office enables the user to
be visible to all users on the same post office as the user. Setting the visibility level to None
means that no users can see the user in the Address Book. However, even if the user is not
displayed in the Address Book, other users can send messages to the user by typing the user’s
ID (mailbox ID) in a message’s To field.
External Sync Override: This option applies only if your GroupWise system links to and
synchronizes with an external system, as described in “Connecting to Other GroupWise
Systems” in the GroupWise 8 Multi-System Administration Guide.
Synchronize According to Visibility: The user information is synchronized to external
systems only if visibility is set to System.
Synchronize Regardless of Visibility: The user information is synchronized to external
systems regardless of the object visibility.
Don’t Synchronize Regardless of Visibility The user information is not synchronized to
external systems.
Account ID: This option applies only if you have a GroupWise gateway that supports
accounting. For more information about gateway accounting, see your GroupWise gateway
documentation (http://www.novell.com/documentation/gwgateways).
File ID: This three-letter ID is randomly generated and is non-editable. It is used for various
internal purposes within the GroupWise system, including ensuring that files associated with
the user have unique names.
Expiration Date: If you want the user’s GroupWise account to no longer work after a certain
date, specify the expiration date. This date applies to the user’s GroupWise account only; it is
independent of the eDirectory account expiration date (User object > Restrictions > Login
Restrictions). For more information, see Section 14.10.2, “Expiring a GroupWise Account,” on
page 255.
Creating GroupWise Accounts 215
Gateway Access: This option applies only if you have GroupWise gateways that support
access restrictions. For more information, see your GroupWise gateway documentation (http://
www.novell.com/documentation/gwgateways).
Disable Logins: Select this option to prevent the user from accessing his or her GroupWise
mailbox. For more information, see Section 14.9, “Disabling and Enabling GroupWise
Accounts,” on page 252.
LDAP Authentication: This option applies only if you are using LDAP to authenticate users
to GroupWise, as described in Section 36.3.4, “Providing LDAP Authentication for GroupWise
Users,” on page 514, and if the LDAP server is not a Novell LDAP server. If this is the case,
specify the user’s LDAP authentication ID.
Restore Area: This field applies only if you are using the GroupWise backup and restore
features. If so, this field indicates the location where the user’s mailbox is being backed up. For
details, see Chapter 32, “Restoring GroupWise Databases from Backup,” on page 427.
View Client Options: Click View Client Options as a convenient shortcut for Too ls >
GroupWise Utilities > Client Options in order to modify client options for the currently
selected user. For more information, see Chapter 69, “Setting Defaults for the GroupWise
Client Options,” on page 1085.
Change GroupWise Password: Click this option to assign a password to the user’s
GroupWise account or change the current password. The user is prompted for this password
each time he or she logs in to GroupWise.
To be able to skip this option by setting a default password, see Section 13.1, “Establishing a
Default Password for All New GroupWise Accounts,” on page 213.
Delete GroupWise Account: Click this option to delete the user’s GroupWise account. This
includes the user’s mailbox and all items in the mailbox. The user’s eDirectory account is not
affected. For more information, see Section 14.10, “Removing GroupWise Accounts,” on
page 253
E-Mail Address: Displays the default e-mail address for the user. Click the drop-down list to
specify a custom e-mail address.
GroupWise Resource objects and Distribution List objects have this field on their Identification
page. User objects have this GroupWise field on their General page along with other eDirectory
user information.
6 Click Apply to save the changes.
7 Click GroupWise > General > Identification to display the user’s current eDirectory
information.
This information appears in the GroupWise Address Book, as described in Chapter 6,
“GroupWise Address Book,” on page 91. If you keep private information in the Description
field of the User object, you can prevent this information from appearing the GroupWise
Address Book. See Section 6.1.6, “Preventing the User Description Field from Displaying in
the Address Book,” on page 96.
novdocx (en) 22 June 2009
8 Make sure that the user’s eDirectory information is current, then click OK.
13.2.2 Creating Multiple GroupWise Accounts
If you have multiple eDirectory users who will have GroupWise accounts on the same post office,
you can use the Post Office object’s Membership page to quickly add the users and create their
accounts. Each user’s GroupWise user ID will be the same as his or her eDirectory username.
216 GroupWise 8 Administration Guide
To create GroupWise accounts for multiple eDirectory users:
1 In ConsoleOne, right-click the Post Office object, then click Properties.
2 Click GroupWise > Membership to display the Membership page.
novdocx (en) 22 June 2009
3 Click Add, select the eDirectory user you want to add to the post office, then click OK to add
the user to the post office’s membership list.
By default, the user’s eDirectory username is used as the GroupWise ID.
A GroupWise user ID cannot contain any of the following invalid characters:
ASCII characters 0-31 Comma ,
Asterisk * Double quote “
At sign @ Extended ASCII characters that are graphical or typographical
symbols; accented characters in the extended range can be used
Backslash \ Parentheses ( )
Braces { } Period .
Colon :
4 Repeat Step 3 to create additional GroupWise accounts in the post office.
Creating GroupWise Accounts 217
5 When finished, click OK to save the changes.
novdocx (en) 22 June 2009
13.2.3 Using a Template to Create GroupWise Accounts
If you frequently create new users, you might want to create Template objects with the necessary
GroupWise properties. This makes creating a new eDirectory user with GroupWise access a onestep process. However, you cannot use a Template object to give GroupWise properties to existing
eDirectory users.
The steps to create a template with GroupWise properties include assigning the post office and
setting up directory rights. Because a user can have membership in only one post office, a different
template should be created for each existing post office. Further, for each post office, a template can
be created for different categories of users, such as secretarial, accounting, administrative, human
resources, development, sales, and manufacturing.
After one template has been created with eDirectory properties and post office directory rights, you
can use it to quickly create templates for subsequent post offices.
“Creating a Template” on page 218
“Creating a User Account from a Template” on page 219
Creating a Template
1 In ConsoleOne, right-click the Organizational Unit object where you want to create the
Template object, then click New > Object to display the New Object dialog box.
Templates should be placed in the same organizational unit where they will be used because the
browser first lists any templates in the current context. The template also inherits rights from
the container the template is created in, further simplifying its setup.
2 In the Class list, select Template, then click OK to display the New Template dialog box.
3 Specify a name that describes the purpose for which the template will be used.
4 If you want to base the template on another Template or User object, select Use Template or
User, then browse to and select the desired Template or User object.
218 GroupWise 8 Administration Guide
5 Select Define Additional Properties.
6 Click Create to display the properties pages for the Template object.
7 Click GroupWise > Information.
8 Fill in the following fields:
Post Office: Select the post office the user will be assigned to.
Visibility: Select the level at which the user will be visible in the Address Book. System
enables the user to be visible to all users in your GroupWise system. Domain enables the user
to be visible to all users in the same domain as the user. Post Office enables the user to be
visible to all users on the same post office as the user. Setting the visibility level to None means
that no users can see the user in the Address Book. However, even if the user is not displayed in
the Address Book, other users can send messages to the user by typing the user’s ID (mailbox
ID) in a message’s To field.
Account ID: This field supports accounting for GroupWise gateways. For more information
about gateway accounting, see your gateway documentation.
Expiration Date: Use this to set a date when the user’s account will expire. The user cannot
access the account after that date. For more information, see Section 14.10.2, “Expiring a
GroupWise Account,” on page 255.
Gateway Access: This is used to grant or restrict access to some GroupWise gateways. See
your GroupWise gateway documentation (http://www.novell.com/documentation/gwgateways)
to determine if this field applies.
9 Modify information on any of the other tabs to configure the template, then click OK to save
the template changes.
novdocx (en) 22 June 2009
Creating a User Account from a Template
1 In ConsoleOne, right-click the container where you want to create a new eDirectory user, then
click New > User.
2 Specify a Name, Surname, and Unique ID (all three are required).
3 Select Use Template, then browse to and select the template you want applied to this user.
4 Modify any of the other options you want.
5 Click OK to create the user’s eDirectory and GroupWise accounts.
13.2.4 Creating GroupWise Accounts by Importing Users
You can use the GroupWise Import utility to quickly create multiple GroupWise users. The Import
utility reads an ASCII-delimited text file created by the GroupWise Export utility or by a third-party
export, and creates Novell eDirectory and GroupWise objects with attributes from the file. The
Import utility supports most eDirectory classes (including extensions) and GroupWise classes. You
can specify the delimiters, eDirectory contexts, and file field positions to use during import.
Creating GroupWise Accounts 219
IMPORTANT: The Import/Export utility is not included on the GroupWise DVD. You can
download the Import/Export utility from TID 2960897 in the Novell Support Knowledgebase (http:/
/www.novell.com/support). To install the Import/Export utility, follow the instructions provided
with the download. After you have installed the Import/Export utility, the Import and Export menu
items appear under To ol s > GroupWise Utilities in ConsoleOne.
“Using the Import Utility” on page 220
“Using the Export Utility” on page 222
NOTE: The Import/Export utility is not available for use on Linux.
Using the Import Utility
In order to import objects into GroupWise, the following conditions must be met:
You must create an ASCII-delimited text file by using the GroupWise Export utility or another
export utility.
The destination context for each eDirectory object must already exist. The GroupWise Import
utility supports creating organizational units. If a large portion of a tree needs to be
reconstructed to support the objects, you can import organizational units before importing the
objects.
novdocx (en) 22 June 2009
To import objects into GroupWise:
1 In ConsoleOne, select the eDirectory tree to which the objects will be imported, then click
To ol s > GroupWise Utilities > Import to display the GroupWise Import dialog box.
2 If you have previously defined and saved a configuration file, click Load to fill in the fields
from the configuration files, then click Run to perform the import.
or
Fill in the fields in the Import Dialog box.
NDS/GroupWise Class: Select this option to import objects belonging to an eDirectory class
or to a GroupWise-related eDirectory class. Choose the class from the list.
220 GroupWise 8 Administration Guide
GroupWise Class: Select this option to import objects belonging to a GroupWise class not
represented in eDirectory. Choose external user, external domain, external post office, >
Document-Version, or Lookup Entry from the list
Parent: If you are importing objects that belong to a GroupWise-related eDirectory class or a
GroupWise-only class, the parent attribute is required unless:
The class is the eDirectory User class, in which case the object can be optionally
associated with GroupWise by specifying a value here.
The value is in the import file and is explicitly imported by your positioning the NGW:
Post Office attribute in the File Fields list box, explained below. In this case, if the value
obtained from the file is blank, the Post Office field value, if any, is used.
Import File: Specify the full path and file name of the ASCII text file.
Attributes / File Fields: This list displays the attributes of the selected class. Move the
attributes to correspond to the fields in the ASCII text file to the File Fields list.
Some attributes are marked with an exclamation point (!), indicating that a value for that
attribute must exist for a successful import. The import also requires a value for either the
object name or distinguished name.
Starting Destination Context: Specify the destination eDirectory context for the objects to be
imported. If DN or Context from Root is selected as an import field, the value in this field is
ignored because both DN and Context from Root specify the destination context.
An imported object’s position in the tree can be constructed in a flexible manner using the
Context from Root, Context from Starting, DN, and Object Name class attribute fields and the
Starting Destination Context field. The following combinations are valid:
novdocx (en) 22 June 2009
DN Each object’s name and context are found in this field value.
Object Name + Starting
Destination Context
Object Name + Context
from Starting + Starting
Destination Context
Object Name + Context
from Root
Each object name in the Object Name field is added to the context
specified in Starting Destination Context.
Each object name in the Object Name field is added to the context
obtained by concatenating the value in the Context from Starting field
and the value specified in Starting Destination Context.
Each object name in the Object Name field is added to the context read
from the Context from Root field.
Skip the First Line of the Import File: This directs the import to skip the first line if it
contains the attribute names.
Delimiters: Accept the defaults shown or change the delimiters to match those used by the
export file. For more information, see “Delimiters” on page 222.
3 For convenience, save the configuration for later use. See “Loading or Saving a Configuration
File” on page 222.
4 Click Run to perform the import.
import.log
An
file is created in the same directory as the import file and contains a list of the
imported objects.
Creating GroupWise Accounts 221
Loading or Saving a Configuration File
An import or export configuration can be saved and loaded, saving you the trouble of manually
filling in the fields for multiple imports or exports. A configuration saved from an export can be
loaded for an import, helping ensure that the file field positions, for example, correspond for both
the import and export.
Delimiters
Delimiters are used in ASCII text files to separate items that represent fields and records in imported
or exported data.
Default delimiters are associated with each delimiter type. A delimiter can be set to None, but if so,
and the export encounters a condition requiring a delimiter, the export reports an error.
Between Fields: This delimiter is placed between each field.
Around Each Field: Use this delimiter to indicate the beginning and end of each field.
After Each Record: This delimiter is placed at the end of each record.
Between Values (Multi-Value Fields): Use this delimiter to separate the values in a multi-
valued field. For example, an attribute such as Group Membership can have one or more
values. Each Group Membership value is delimited by the multi-value field delimiter.
Between Elements (Multi-Element Values): Use this delimiter to separate the elements of a
multi-element value. For example, an attribute having the syntax of SYN_OBJECT_ACL has
three elements: the protected attribute name, the subject name, and the privileges.
Before Literal Characters: When you import an ASCII file created by a third-party export
program, precede each literal character that is also a delimiter with the Before Literal
Characters delimiter. If you use the Around Each Field delimiter, you do not need to precede
literal characters within the field with the Before Literal Character delimiter.
novdocx (en) 22 June 2009
Using the Export Utility
The GroupWise Export utility reads eDirectory and GroupWise object information from GroupWise
databases and creates an ASCII-delimited text file containing the object attributes. The Export utility
supports most eDirectory classes (including extensions) and GroupWise classes. You can specify the
delimiters, eDirectory contexts, and file field positions during export.
IMPORTANT: The Export utility is not included on the GroupWise DVD. You can download the
Import/Export utility from TID 2960897 in the Novell Support Knowledgebase (http://
www.novell.com/support). To install the Import/Export utility, follow the instructions provided with
the download. The Import/Export utility is not available for use on Linux.
To export objects from GroupWise:
1 In ConsoleOne, select the eDirectory tree that contains the GroupWise objects you want to
export, click To ol s > GroupWise Utilities > Export to display the GroupWise Export dialog box.
222 GroupWise 8 Administration Guide
2 If you have previously defined and saved a configuration, click Load to fill in the fields from
the configuration file, then click Run to perform the export.
or
novdocx (en) 22 June 2009
Fill in the fields in the Export dialog box.
NDS/GroupWise Class: Select this option to export objects belonging to an eDirectory class
or to a GroupWise-related eDirectory class. Choose the class from the list.
GroupWise Class: Select this option to export objects belonging to a GroupWise class not
represented in eDirectory. Choose external user, external domain, external post office,
Document-Version, or Lookup Entry from the list.
Parent: If you are exporting objects that belong to a GroupWise-related eDirectory class or a
GroupWise-only class, and that class has a parent attribute, post office, or domain, this field
allows you to export objects having only the parent attribute value you specify. The object
selection process is still subject to the values in Starting Context, explained below, and the
Export from Subordinate Contexts check box.
Export File: Specify the full path and file name of the ASCII text file.
Attributes / File Fields: This list displays the attributes of the selected class. Move the
attributes to correspond to the fields in the ASCII text file to the File Fields list.
Some attributes are marked with an exclamation point (!), indicating that a value for that
attribute must exist.
Starting Context: Specify the eDirectory context from which to begin the export. If the Export
from Subordinate Contexts list box is selected, objects belonging to contexts subordinate to the
context specified here is also exported.
Export from Subordinate Contexts: Select this option to cause objects in subordinate
contexts to be exported. If this box is left deselected, only those objects in the immediate
Starting Context context are exported.
Put Attribute Names in First Line: Select this option to direct the export to put the attribute
names as a comment in the first line of the export file.
Create the File in WordPerfect Office Notebook Format: If you use this option, you might
also want to select Put Attribute Names in First Line to permit WordPerfect* to display the
attribute names for each merge field.
Creating GroupWise Accounts 223
Delimiters: Accept the defaults shown or change the delimiters. For more information, see
“Delimiters” on page 222.
3 Click Run to perform the export.
13.3 Creating GroupWise Accounts for NoneDirectory Users
If you have users who do not have eDirectory accounts, you can still assign them GroupWise
accounts by defining them as GroupWise external entities in eDirectory. Defining a user as a
GroupWise external entity provides the user with access to GroupWise only; it does not enable the
user to log in to eDirectory. External entities have eDirectory objects, but they are not considered
eDirectory users for licensing purposes.
To create a GroupWise account for a non-eDirectory user:
1 In ConsoleOne, right-click the eDirectory container where you want to create the user’s
GroupWise External Entity object, then click New > Object to display the New Object dialog
box.
novdocx (en) 22 June 2009
2 Select GroupWise External Entity, then click OK to display the Create GroupWise External
Entity dialog box.
3 Fill in the following fields:
GroupWise Object ID: Specify the user’s GroupWise ID. The user’s ID along with the user’s
post office and domain, provide the user with a unique name within the GroupWise system
(userID.po.domain).
Do not use any of the following invalid characters in the GroupWise object ID:
ASCII characters 0-31 Comma ,
Asterisk * Double quote “
At sign @ Extended ASCII characters that are graphical or typographical
symbols; accented characters in the extended range can be used
Backslash \ Parentheses ( )
Braces { } Period .
Colon :
Last Name: Specify the user’s last name.
GroupWise Post Office: Select the post office where you want the user’s mailbox.
224 GroupWise 8 Administration Guide
External Network ID: Specify the user’s network ID for the network that he or she logs in to.
4 Select Define Additional Properties, then click OK to display the GroupWise Identification
page.
novdocx (en) 22 June 2009
5 If desired, fill in any of the fields on the Identification page.
This information appears in the GroupWise Address Book, as described in Section 6.1,
“Customizing Address Book Fields,” on page 91. If you want to keep private information in the
Description field, you can prevent this information from appearing the GroupWise Address
Book. See Section 6.1.6, “Preventing the User Description Field from Displaying in the
Address Book,” on page 96.
6 If you want the external entity user to be able to access his or her GroupWise mailbox using
LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for
GroupWise Users,” on page 514, click GroupWise > Account, then provide the fully
distinguished name of the user’s External Entity object in LDAP format (for example,
cn=user_id,ou=orgunit,o=organization
7 Click OK to save the information.
The user is given a GroupWise mailbox in the post office you selected and can access his or her
mailbox through the GroupWise client.
Because the external entity does not have an associated eDirectory User object, external entity users
must access their mailboxes using GroupWise passwords. They cannot use eDirectory
authentication or LDAP authentication to obtain mailbox access. For more information, see
Section 74.1, “Mailbox Passwords,” on page 1151.
).
13.4 Educating Your New Users
After users can log in to their GroupWise accounts, all of the GroupWise client’s features are at their
fingertips, but some new users do not know how to get started. You can give your users the
following suggestions to encourage them to explore their GroupWise client.
Section 13.4.1, “Windows Client,” on page 226
Creating GroupWise Accounts 225
Loading...