[ngw] GMS user provisioning

Joe Brugaletta JBrugaletta at braytonlaw.com
Thu Jun 7 00:15:33 UTC 2018

Getting the hang of the provisioning switch today. The only issue I'm having is that when users are deleted from LDAP, and readded via GW.. their devices do not re-sync to GMS. Users accounts are all sync'd up, but device state shows "Never connected"... some come back, some dont. Not sure what the trick is.

>>> "Joe Brugaletta" <JBrugaletta at braytonlaw.com> 6/5/2018 5:20 PM >>>
Thanks, thats what I wanted to know. I'm doing more testing here. Deleted my coworkers out of edir group, created a GroupWise group (Group Mobile) and added them to the dist list.. then went users > groups tab > add group and added my new gw group. My user account (joeb) is getting sync'd, but the other 3 aren't. Any ideas? I've tried forcing a Poll Now, restarting gms, removing/readding group. no dice.

>>> "Morris Blackham" <Morris.Blackham at microfocus.com> 6/5/2018 2:48 PM >>>
Toggling from ldap to gw does nothing except gms will use what ever method is default when it does the Poll for new users to add to the GAL.   

Leads to this question.. what exactly does toggling the Config > User Source > Provisioning from LDAP to GroupWise do? I was able to add my gw account while leaving that set to LDAP for now, didnt think it'd allow that unless GW was selected under Provisioning.

Thanks for the help

>>> "Morris Blackham" <Morris.Blackham at microfocus.com> 6/5/2018 10:58 AM >>>
No if you remove them from the ldap group or delete the grp.  the user in gms will get nuked.   then add the back with gw provisioning either as separate users, or via a GW group.  Then the gms user will get resynced and the the user should see same data after reconnecting when the sync is done.   The existing devices not stay on ldap,  unless your are talking about gms authentication to ldap instead of GW auth..

>>> Joe Brugaletta <JBrugaletta at braytonlaw.com> 6/5/2018 11:11 AM >>>
Thats my main concern.. do the users themselves have to do anything or will it just "find" them and re-sync. 

Are you certain that they auto-delete? My reason for asking is this paragraph that Ed linked to.  Almost makes it seem like NEW devices will be linked via GW, but existing devices will stay LDAP. 

"If you want to start using GroupWise as the user source for provisioning, new mobile device users are added to your Mobility system based on their GroupWise location (user_name.post_office_domain). Existing mobile device users are still associated with their LDAP context (cn=user_name,ou=organizational_unit,org=organization). On the Users page, you can determine the source of each user by mousing over it."

>>> "Morris Blackham" <Morris.Blackham at microfocus.com> 6/5/2018 9:00 AM >>>
switching provisioning source from ldap to GW will cause you to remove the existing GMS users,  then adding the back via a GW group.   This will delete all their data from the GMS database.   When you add them back via GW provisioning,  it will re-sync the data.   Probably want to do it after hrs or weekend.  the resync could take quite a while depending on how may users you have.   

when the user reconnects from the device,  they ;should' have the same data..

>>> Joe Brugaletta <JBrugaletta at braytonlaw.com> 6/5/2018 9:10 AM >>>
So its similar to how I currently do it with edir? Add users to the Dist List and it auto-creates them in GMS? My main concern is "converting" from LDAP to GW.. I don't know if that screws everything up as far as current users/syncing.

>>> "Bruce Perrin" <Bruce.Perrin at lbb.texas.gov> 6/5/2018 3:30 AM >>>

We have our GMS set to "GroupWise" . We created a GW group for the mobile users and configured GMS to use that group for provisioning.

No issues so far. We have been running like this for years.

>>> "Joe Brugaletta" <JBrugaletta at braytonlaw.com> 6/4/2018 5:30 PM >>>
So trying to migrate from Edir to AD and just came across a little issue that I'm scared will break users phone email sync, so wanted to ask here first.

In GMS console, under "Config > User Source", I currently have Provisioning set to LDAP , but authentication set to GroupWise. the LDAP server is currently pointing to an OES box, where I have a group called "Group-Mobile" in Edir that gets synced. I add a new user there, shortly after, user gets created in GMS.

Whats the best way to switch GMS to AD? or change it to GroupWise (not sure what that does)?

More information about the ngw mailing list