Adding Notes Servers to the Proxy
Configuring Your Web Page


Using Novell Access Manager for corporate email from outside the company is an simple and effective solution. Most email systems, such as GroupWise and Lotus Notes, allow users to access their email from a web-based front end. The problem with Notes is that you have to know what Notes server your mailbox resides on and then authenticate to that specific server. If you have three Notes servers, you don’t want three mail icons on your home page for users to choose from.

This AppNote explains a way to configure both Novell Access Manager and your home page to do the following things:

  • Perform an LDAP search, using PHP, to determine on which Notes server the current logged in user resides.
  • Present only a single email icon.

I used the Digital Airlines example that comes with Novell Access Manager 3 for ease of use.


Adding Notes Servers to the Proxy

We’ll start by adding the additional Notes servers to the proxy.

1. Log in to the Administration Console and select Access Gateways.

Click to view.

Figure 1

Figure 1 – Access Gateways screen

2. Click Edit.

3. Click the Reverse Proxy you configured previously.

Click to view.

Figure 2

Figure 2 – Proxy Service list

4. Click New.

5. Add the additional Proxy Services, using the settings shown.

Click to view.

Figure 3

Figure 3 – Settings for additional proxy services

6. Click OK and select the newly created proxy service.

7. Enable the default Identity Injection policy to ensure that your login name to NAM is passed to the Web Server.

Click to view.

Figure 4

Figure 4 – Enabling the Identity Injection policy

8. Save and update your Access Gateway.

Configuring Your Web Page

1. Copy the file “functions.php” (at the end of this document) to /srv/www/htdocs/ on your Web server.

2. Open /srv/www/htdocs/index.php in your favorite editor and scroll down to the following section:

$headers = apache_request_headers();
foreach($headers as $header => $value)
	$found = false;
	if($header == "X-Name")
		$found = true;
		echo "<b>Welcome: $value</b>";

3. After the above “}” insert the following code:

$qry1 = $value . '';
$server = 'ldap://';
include ('functions.php');
$rs=LDAPGetUser($ds, $qry1);

$dom1 = "notes1";
$dom2 = "notes2";
$dom3 = "notes3";

4. Make sure that the “?>” is AFTER the inserted code. This tells the browser that the section of PHP code is complete.

5. Now scroll down further to the line that displays the email link.

<td><a href="/webacc" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image13','','images/email_on.gif',1)">
<img src="images/email.gif" name="Image13" width="196" height="86" border="0"></a></td>

6. Change the coding to reflect what is shown below.

  if(stristr($rs, $dom1)) {
    $notes_server = $dom1;
  }  elseif(stristr($r, $dom2)) {
    $notes_server = $dom2;
  }  elseif(stristr($r, $dom3)) {
    $notes_server = $dom3;
  switch($notes_server) {
  case "notes1":
    echo "<a href=\"/webacc\" ><img src=\"images/email.gif\" name=\"Image13\" width=\"196\" height=\"61\" border=\"0\"></a></td>";
  case "notes2":
    echo "<a href=\"/webacc2\" ><img src=\"images/email.gif\" name=\"Image13\" width=\"196\" height=\"61\" border=\"0\"></a></td>";
  case "notes3":
    echo "<a href=\"/webacc3\" ><img src=\"images/email.gif\" name=\"Image13\" width=\"196\" height=\"61\" border=\"0\"></a></td>";

This will also add the additional links for the other Notes servers.

7. Save the file and exit.

8. Remember to log back into the Administration Console and Purge the Cache on the Access Gateway.


1. Log in into the Access Gateway as normal.

Click to view.

Figure 5

Figure 5 – Access Gateway

You’ll see your Default page:

Click to view.

Figure 1

Figure 6 – Default page

2. Click the Corporate Mail button.


Click to view.

Figure 7

Figure 7 – Corporate Mail login for Notes Server

There it is!

3. Log in to your Notes Server.

Here is the code for Functions.php …


function LDAPConn_Bind($srv, $port, $LDAPUser, $LDAPPass)
	global $LDAPConn, $LDAPUser, $LDAPPass;

	$conn=ldap_connect($srv, $port);
	if (!$conn)
		die("Failed LDAP_Connect.<br />");

	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	$r=@ldap_bind($conn, $LDAPUser, $LDAPPass);
	if (!$r)
		echo "LDAP Error: ", ldap_error($conn), "<br />\n";
		return false;
	$LDAPConn = $conn;
	return $conn;

function LDAPGetUser($conn, $qry1)
	if (empty($conn)) return 2;
	$attrnames = array("mail", "mailserver");

	$sr=ldap_search($conn, "o=[BASE DN]", "(mail=$qry1)");
	$entries = ldap_get_entries($conn, $sr);
	for ($i=0; $i < $entries["count"]; $i++)

		$mailserv = $entries[$i]["mailserver"][0];


	return $mailserv;

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: mfaris01
Sep 12, 2007
11:09 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow