A Forum reader asked the following question:

“I am using the GroupWise driver within a solution where there is the concept of internal and external users. For internal users the driver needs to create a mailbox which I believe is standard functionality within the driver.

For external users the requirement is for an entry to be added to the global address book. The user does not however need a mailbox. Is this possible, or is there some workaround to achieve the goal of an entry being created within the address book?”

And here’s the response from Perry Nuffer …


I believe this is possible with the current shipping driver. A driver policy must be created to manage this, and there is limited documentation in the implementation guide.

1. Create a non-GroupWise domain with ConsoleOne.

2. Create an external Post Office in that non-GroupWise domain. This can be done with ConsoleOne. This is where the users without mailboxes will be synchronized.

3. When a User is created in eDir that should not have a mailbox, utilize policy to add the xml attribute ‘gw:classification=”external”‘ to the <add> event. This can typically be done in a placement rule, where the user is also ‘placed’ in the appropriate non-GroupWise domain and external GW Post Office.


Here is a sample placement rule that can get you started (showing one way to accomplish the task). You will need to modify it to fit the business needs of your system. Using the rule below, the policy element will need to include a “gw” name space declaration like this:

<policy xmlns:gw="">
  <description>GroupWise External User Placement</description>
      <if-class-name op="equal">User</if-class-name>
      <if-src-dn op="in-subtree">IDM\Users</if-src-dn>
    <do-set-xml-attr expression="../add" name="gw:classification">
        <token-text xml:space="preserve">external</token-text>
    <do-add-dest-attr-value class-name="User" name="50035">
      <arg-value type="string">
        <token-text xml:space="preserve">NONGWDomain1</token-text>
    <do-add-dest-attr-value class-name="User" name="50062">
      <arg-value type="string">
        <token-text xml:space="preserve">ExternalPO1</token-text>

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: pnuffer
Jul 26, 2006
6:02 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow