background image

190

OES 2 SP1: Novell iFolder 3.7 Administration Guide

no

vd

ocx 

(e

n)

  

13

 Ma
y 20

09

      <forms name="iFolderWebAuth" loginUrl="Login.aspx" timeout="20"
             slidingExpiration="true"  />   

    </authentication>

   <!--  AUTHORIZATION 

          This section sets the authorization policies of the

          application. You can allow or deny access to application

          resources by user or role. 

          Wildcards: 

            "*" mean everyone,

            "?" means anonymous (unauthenticated) users.

    -->

    <authorization>

      <deny users="?" />

    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING

          Application-level tracing enables trace log output for every

          page within an application.

          Set trace enabled="true" to enable application trace logging.

          If pageOutput="true", the trace information will be displayed

          at the bottom of each page.  Otherwise, you can view the

          application trace log by browsing the "trace.axd" page from

          your web application root. 

    -->

    <trace enabled="false" requestLimit="10" pageOutput="false"
           traceMode="SortByTime" localOnly="true" />

    <!--  SESSION STATE SETTINGS

          By default ASP.NET uses cookies to identify which requests

          belong to a particular session. If cookies are not available,

          a session can be tracked by adding a session

          identifier to the URL. To disable cookies, set 

          sessionState cookieless="true".

    -->

    <sessionState mode="InProc" cookieless="false" timeout="20" />

    <httpHandlers>

Summary of Contents for IFOLDER 3.7 - SECURITY ADMINISTRATION

Page 1: ...Novell www novell com novdocx en 13 May 2009 AUTHORIZED DOCUMENTATION OES 2 SP1 Novell iFolder 3 7 Administration Guide iFolder 3 7 December 2008 Administration Guide...

Page 2: ...over Texts A copy of the GFDL can be found at the GNU Free Documentation Licence http www fsf org licenses fdl html THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE TERMS OF...

Page 3: ...man Street Suite 500 Waltham MA 02451 U S A www novell com Online Documentation To access the online documentation for this and other Novell products and to get updates see The Novell Documentation We...

Page 4: ...marks For a list of Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the p...

Page 5: ...1 4 4 The iFolder Client 21 1 4 5 Multi Server Support 21 1 4 6 Encryption 21 1 4 7 Shared iFolders 21 1 4 8 iFolder Access Rights 22 1 4 9 Account Setup for Enterprise Servers 22 1 4 10 Access Authen...

Page 6: ...sites and Guidelines 47 5 1 File System 47 5 2 Enterprise Server 47 5 2 1 Prerequisites for the Operating System 48 5 2 2 Installation Guidelines for Using an NSS Volume to Store iFolder Data 48 5 2 3...

Page 7: ...96 6 13 Uninstalling the iFolder 3 7 Enterprise Server 96 6 14 What s Next 96 7 Migrating iFolder Services 99 8 Running Novell iFolder in a Virtualized Environment 101 8 1 What s Next 101 9 Managing...

Page 8: ...37 10 7 2 Configuring the SSL Cipher Suites for the Apache Server 138 10 7 3 Configuring the Web Admin Server for SSL Communications with the Enterprise Server 138 10 7 4 Configuring the Web Admin Ser...

Page 9: ...oved from the Server 165 A 9 Samba Connection to the Remote Windows Host Times out 165 A 10 Exception Error while Configuring iFolder on a Samba Volume 165 A 11 Giving Slash at the End of the Default...

Page 10: ...iFolder Cluster 200 G Frequently Asked Questions 203 G 1 iFolder 3 7 Server 203 G 1 1 Is iFolder 3 7 supported on a 64 bit OS 203 G 1 2 Is iFolder going to support non eDirectory related platforms as...

Page 11: ...209 H 6 iFolder User Access Support 209 H 7 Management Tools Support 210 I Documentation Updates 211 I 1 October 2008 211 I 1 1 iFolder 3 7 Configuration 211 I 1 2 Installing iFolder Clients Through N...

Page 12: ...12 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 13: ...via Web Admin on page 121 Chapter 11 Managing iFolder Users on page 141 Chapter 12 Managing iFolders on page 149 Chapter 13 Managing an iFolder Web Access Server on page 157 Appendix A Troubleshootin...

Page 14: ...rver documentation http www novell com documentation oes index html Novell eDirectoryTM 8 8 documentation http www novell com documentation edir88 Novell iManager 2 7 documentation http www novell com...

Page 15: ...Next on page 23 1 1 Benefits of iFolder for the Enterprise Benefits of iFolder to the enterprise include the following Section 1 1 1 Seamless Data Access on page 15 Section 1 1 2 Data Safeguards and...

Page 16: ...the iFolder server where it immediately becomes available for an organization s regular network backup operations iFolder makes it easier for IT managers to ensure that all of an organization s criti...

Page 17: ...e most up to date version of their documents from any connected desktop laptop Web browser or handheld device In preparation to travel or work from home users no longer need to copy essential data to...

Page 18: ...ver and any other workstations that share the iFolder iFolder works seamlessly behind the scenes to ensure that data is protected and synchronized 1 1 12 LDAPGroup Support Provisioning and de provisio...

Page 19: ...f users and data transfer bandwidth Transparently updates a user s iFolder files to the iFolder enterprise server and multiple member workstations with the iFolder client Tracks and logs changes made...

Page 20: ...zed at regular intervals with the LDAP directory services Local files are automatically backed up to the server at regular intervals and on demand iFolder data on the server can be backed up to backup...

Page 21: ...they are logged in to their server accounts or if they are connected to the network or Internet The iFolder client allows users to create and manage their iFolders For information see the OES 2 SP1 N...

Page 22: ...ed or assigned to a new owner Full Control A member of the shared iFolder with the Full Control access right The user with the Full Control right has Read Write access to the iFolder and manages membe...

Page 23: ...onize the files at specified intervals or on demand 1 4 12 Synchronization Log The log displays a log of your iFolder background activity 1 4 13 iFolder Client APIs As part of the iFolder project APIs...

Page 24: ...24 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 25: ...you added another user to the system iFolder 3 7 provides you multi server and multi volume support to enhance the storage capability of it s servers Multi Volume feature is exempt from the single iF...

Page 26: ...ight differ Table 2 1 Suggested Baseline Configuration for an iFolder Enterprise Server If iFolder server is serving large number of requests it is possible that for some requests you may receive HTTP...

Page 27: ...idp html a2iiie7 in the Novell eDirectory 8 8 Administration Guide 2 4 Admin User Considerations During the iFolder install iFolder creates two Administrator users the iFolder Admin user and the iFold...

Page 28: ...user password is stored in reversible encrypted form in the Simias database on the iFolder server After you change the iFolder Proxy user ensure that you restart Apache When you initially configure t...

Page 29: ...hen the LDAP synchronization occurs New users are added to the list of iFolder users Deleted users are removed from the list of iFolder users This might create orphaned iFolders if the deleted user ow...

Page 30: ...to the list of iFolder users Deleted LDAPGroups are removed from the list of iFolder users This might create orphaned iFolders if the deleted LDAPGroup owned any iFolders If by mistake LDAPGroup is de...

Page 31: ...total space consumed by the iFolders the user owns If the user participates in other iFolders the space consumed on the server is billed to the owner of that iFolder You can set quotas at the system...

Page 32: ...e only key file types used for your business or exclude files that are likely unrelated to business such as mp3 files Operating System Files You should not convert system directories to iFolders Most...

Page 33: ...Folder Plug In for YaST Purpose Tasks iFolder 3 Use this function to configure the following parameters for the iFolder enterprise server LDAP server name LDAP admin DN and password iFolder system nam...

Page 34: ...t to a supported language such as English Additional Information For additional information see the Novell iManager 2 7 Administration Guide http www novell com documentation imanager27 2 7 3 Web Acce...

Page 35: ...a Response file iFolder Merge Improved file conflict management Enhanced Web administration 3 2 What s New in Novell iFolder 3 6 OES 2 0 Linux The following features are new in iFolder 3 6 for OES 2...

Page 36: ...urity Manager Support for the OES patch channel 3 5 What s New in Novell iFolder 3 0 OES Linux Novell iFolder 3 0 includes several important new features Multiple iFolders A user creates as many iFold...

Page 37: ...ased Administration Administrators manage iFolder services with the Novell iFolder 3 plug in to Novell iManager which is the central management console for Novell Open Enterprise Server The tool suppo...

Page 38: ...38 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 39: ...er Admin html You can also access the iFolder Administration tool from iManager by selecting iFolder 2 x from Roles and Tasks Novell iFolder 3 7 Web Admin http serveraddress admin Automatic provisioni...

Page 40: ...ical maximum file size depends on the server s and clients local file systems Maximum number of directories 32 765 No software restrictions depends on the server s and clients local file systems Multi...

Page 41: ...count Authenticated access Yes using the Admin username and password for the iFolder Management tool Yes The Admin user logs in to iManager then must use credentials equivalent to the iFolder Admin us...

Page 42: ...userid ifolder userid Macintosh Not supported home username Connect to server Log in to one account at a time Set up accounts for multiple iFolder servers and log in to one or more as desired Authenti...

Page 43: ...ined by who has access to the password for that username and its iFolder account Yes as the owner user or a member user with the Full Control right For each iFolder specify a list of users For each me...

Page 44: ...ch iFolder but the total combined administrative quotas for all owned iFolders cannot exceed the user s quota or the system wide quota if there is no user quota An iFolder member can specify a quota f...

Page 45: ...3 7 allows management from any location using a standard Web browser Feature or Capability Novell iFolder 2 x Web Access Novell iFolder 3 7 Web Access Web Access method For iFolder 2 1 4 and earlier t...

Page 46: ...n via your LDAP server Yes with username and password authentication via your LDAP server Encrypted data transfer Yes with the encrypted iFolder option The Blowfish algorithm is applied with a user sp...

Page 47: ...ise Server IMPORTANT Do not install any of the following service combinations on the same server Although not all of the combinations cause pattern conflict warnings Novell does not support any of the...

Page 48: ...all and configuration to comply with the following guidelines In YaST on the Installation Settings page reconfigure the Partitioning settings as needed to support using NSS Specify a ReiserFS default...

Page 49: ...ing a Linux POSIX Volume to Store iFolder Data In YaST specify an Ext3 or ReiserFS partition as your system device Optional Modify the Software components to add the iFolder 3 components to the instal...

Page 50: ...onent of Novell Open Enterprise Server IMPORTANT Ensure that you select Use eDirectory Certificate for HTTPS services option in the eDirectory configuration for a proper SSL communication between the...

Page 51: ...en source effort led by Novell and is the foundation for many new applications For information about Mono see the Mono Project Web site http www mono project com Main_Page The required version of Mono...

Page 52: ...pported The Mono modules you need for this release are included on the iso files for iFolder 3 7 Make sure you have installed the latest critical updates for your operating system or NET 5 8 Web Brows...

Page 53: ...6 13 Uninstalling the iFolder 3 7 Enterprise Server on page 96 Section 6 14 What s Next on page 96 6 1 Installing iFolder on an Existing OES 2 Linux SP1 Server We recommend that you install iFolder af...

Page 54: ...ure that you are logged in as the root user before performing the installation and configuration procedure 3 In the left menu select Open Enterprise Server OES Install and Configuration A window displ...

Page 55: ...m right of the screen 7 When the installation is complete either close YaST or continue with one or all of the following as needed Section 6 2 Deploying iFolder Server on page 55 Section 6 3 Configuri...

Page 56: ...or open a terminal console enter su then enter the root password 3 Start YaST follow the YaST on screen instruction to finish the installation For more information see Step 1 on page 53 through Step...

Page 57: ...min to configure iFolder Web Admin server This option lets you create and configure settings for the Administrator user The iFolder Admin user is the primary administrator of the iFolder Enterprise Se...

Page 58: ...e sensitive address of the location where the iFolder enterprise server stores iFolder application files as well as the users iFolders and files For example var simias data simias This location cannot...

Page 59: ...st or IP Address Specify the private URL corresponding to the iFolder server to allow communication between the servers within the iFolder domain The Private URL and the Public URL can be the same NOT...

Page 60: ...r information IMPORTANT You must ensure that the server you install and the current iFolder domain are in the same LDAP tree Private URL of the Master Server Specify the private URL of the Master iFol...

Page 61: ...r Admin user again LDAP Proxy User Specify the full distinguished name of the LDAP Proxy user For example cn iFolderproxy o acme This user must have the Read right to the LDAP service The LDAP Proxy u...

Page 62: ...t is not present the iFolder installation fails LDAP Naming Attribute Select which LDAP attribute of the User account to apply when authenticating users Each user enters a Username in this specified f...

Page 63: ...dmin application The iFolder Web Admin application manages this host Connect to iFolder server using SSL This option is selected by default to establish a secure connection between iFolder enterprise...

Page 64: ...host or IP address of the iFolder server that will be used by the iFolder Web Admin application Specify the host or IP address of the iFolder Enterprise Server to be used by the iFolder Web Access app...

Page 65: ...rred error message within the iManager plug in this is a sure sign that you have not set up file system trustee rights within NSS properly 6 2 2 Configuring the iFolder Slave Server To deploy iFolder...

Page 66: ...onfigure iFolder Web Access server This option lets you configure the Web Access server which is an interface that lets users have remote access to iFolders on the enterprise server The Web Access ser...

Page 67: ...TPS secure communication channel However all components can also be configured to use HTTP channel iFolder Port to Listen On Specify the port for the iFolder to Listen On Port 80 is the default Instal...

Page 68: ...ctive Directory is the LDAP source ensure that the iFolder Proxy user is created using Active Directory tools before you specify it here NOTE LDAP Proxy user and LDAP proxy user Password options are d...

Page 69: ...an Apache alias to point to the iFolder Web Access application This is an admin friendly pointer for the Apache service For example access The host or IP address of the iFolder server that will be us...

Page 70: ...Apache alias that will point to the iFolder Web Admin Application Specify the Apache alias to point to the iFolder Web Admin Application This is a user friendly pointer for the Apache service For exam...

Page 71: ...the Web Admin server application opt novell ifolder3 bin ifolder admin setup For more information on this see Section 6 4 Configuring the iFolder Web Admin Server on page 73 3 To change the IP addres...

Page 72: ...ssing iFolder services on the specified iFolder 3 enterprise server For example ifolder iFolder Server URL Specify the host or IP address of the iFolder Enterprise Server to be used by the iFolder Web...

Page 73: ...upports and the user friendly URL that users enter in their Web browsers to access it IMPORTANT If you install iFolder with OES 2 0 Linux the same parameters described in this procedure are available...

Page 74: ...or IP address of the iFolder Enterprise Server to be used by the iFolder Web Admin application This Web Admin application performs all the user specific iFolder operations on the host that runs the i...

Page 75: ...Novell iManager 2 7 After it is installed this plug in is named Novell iFolder 3 in the iManager Roles and Tasks list Make sure you meet prerequisites then use one of the methods for installing the iF...

Page 76: ...figured If you do not have Role Based Services RBS configured for Novell eDirectoryTM install the iFolder Manager Module as follows 1 In a Web browser log in to iManager on the iFolder server where yo...

Page 77: ...ng command at the terminal console etc init d apache2 restart 7 Click the Configure icon 8 Under Role Based Services select RBS Configuration The table on the Collections tabbed page displays modules...

Page 78: ...the key owner the corresponding public key and the electronic signature of the person or entity issuing the certificate The iFolder Recovery Agents are examples of one kind of CA Public Key Infrastruc...

Page 79: ...cannot currently offer the background infrastructure that allow continuous update of certificates and CRLs To set up a small PKI you can use the available YaST modules However you should use commerci...

Page 80: ...ong other things are derived from this name you must use only the characters listed in the help The technical name is also displayed in the overview when the module is started Common Name Enter the na...

Page 81: ...client certificates the hostname of the server must be entered in the Common Name field The default validity period for certificates is 365 days This section discusses creating self signed certificate...

Page 82: ...ation for creating the certificates in the dialog boxes The following table summarizes the decisions you make CA Settings Description Common Name Enter the name of the CA E Mail Address You can enter...

Page 83: ...imum length of five characters To confirm re enter it in the next field Key Length bit Select the key length of minimum value of 512 and a maximum value of 2048 iFolder supports only 512 1024 and 2048...

Page 84: ...guration If the certificate is expired you need to load the new certificates again to this location For more information on this see Path to the Recovery Agent Certificates optional on page 58 8 Resta...

Page 85: ...where iFolder is installed 2 Run KeyRecovery or KeyReovery exe based on the platform you use and follow the on screen instructions The following table summarizes the decisions you make 3 Send the dec...

Page 86: ...e accepted By default the new certificate is accepted in the server side In the front end the browser is updated automatically when the server is updated with the new certificate 6 7 Accessing iManage...

Page 87: ...select Authenticate Using Current iManager Credentials 6b If you logged in to iManager with a different username than the iFolder Admin user of the Web Admin leave the check box Authenticate Using Cu...

Page 88: ...ending LDAP User Objects for iFolder 3 7 To enable LDAP attribute based provisioning you must Extend the LDAP user schema with the iFolderUserProvision auxiliary object class with iFolderHomeServer as...

Page 89: ...in o novell w secret u cn abc o novell s xyz c secret i 10 10 10 10 6 9 Distributing the iFolder Client to Users After you configure iFolder services on the enterprise server users can download the in...

Page 90: ...exe iFolder 3 7 Windows Client 64 bit Windows Vista NOTE To install Vista right click and select the option Install as Administrator ifolder3 windows x64 exe iFolder 3 7 Macintosh Client Macintosh v1...

Page 91: ...th little or no user interaction you can use the Auto account creation feature iFolder Auto account creation facility provides you an user friendly XML based response file that helps you create accoun...

Page 92: ...nt displays with the server name pre populated with the value from the response file The user should give the rest of the information in the iFolder Account Assistant IMPORTANT Regardless of whether a...

Page 93: ...server user id user id Parameter Possible Values Default Value default user account True false True for the first account and false for the remaining accounts server IP address Mandatory field no defa...

Page 94: ...an follow the method best suited to your needs 1 Use the ZenWorks deployment manager to distribute and install the iFolder client 2 Depending on the platform used on the client machine that had the iF...

Page 95: ...sted channel please see documentation for ZENworks Linux Management Updating the Version Configuration Files 1 Copy the filename and version number given in the patch description 2 Open a terminal con...

Page 96: ...r 3 7 enterprise server rpm file Uninstalling iFolder 3 7 software does not remove the Simias store including the config files available in the etc apache2 conf d When the server is re installed each...

Page 97: ...13 May 2009 Provisioned iFolder users can install the Novell iFolder 3 6 client on their workstations create iFolders and share iFolders with other authorized Novell iFolder users For information see...

Page 98: ...98 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 99: ...on OES 1 Linux or on Netware to Novell iFolder 3 7 running on the OES 2 Linux SP1 platform Migration can be done either through the GUI Migration Tool or through the command line utilities To get sta...

Page 100: ...100 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 101: ...r virtualization_basics data b9km2i6 html in the Getting Started with Virtualization Guide http www novell com documentation vmserver virtualization_basics data front_html html For information on sett...

Page 102: ...102 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 103: ...om File System Backup on page 114 Section 9 9 Moving iFolder Data from One iFolder Server to Another on page 116 Section 9 10 Changing The IP Address For iFolder Services on page 117 Section 9 11 Secu...

Page 104: ...ents are recorded at run time Its parameters are based on but not compliant with the Apache Logging Services http logging apache org log4net The following parameters are modifiable Parameters Descript...

Page 105: ...top the iFolder server etc init d apache2 stop 3 Stop the iFolder mono process if running pkill mono 4 Use your normal file system backup procedures to back up all the Data Stores Level of Simias Serv...

Page 106: ...ave modified in their iFolders since the time of the last backup After the iFolder server is restored they can copy these files or directories back into their respective iFolders 1 Notify users to sav...

Page 107: ...ard System Independent Data Format SIDF The TSA for iFolder TSAIF provides an implementation of the SMS API for an iFolder store Backup applications such as nbackup 1 can make use of its features by w...

Page 108: ...ete it from the server using a client or the iFolder Web Admin console or Web Access console Deleting the iFolder is not necessary to restore any or all of the files in the iFolder the difference is i...

Page 109: ...user interface The ID would need to be displayed to the backup administrator only when two Collections or two Collection owners have the same name and the backup administrator wants to perform an ope...

Page 110: ...loaded All long options options that have the format optionname are case insensitive Option Command help Displays the options supported by the TSA ReadBufferSize This is the amount of data Bytes read...

Page 111: ...witch The default value is 2 CacheMemoryThreshold This is used to specify the percentage of available server memory that the TSA can utilize to store cached data sets This represents a maximum percent...

Page 112: ...quivalent system user for bothe back up and restore 9 7 8 TSAIF and NBackup Examples The following examples show how to perform typical TSAIF backup and restore operations using NBackup target type ta...

Page 113: ...ner collection nbackup xvf full sidf U root P password target type ifolder extract dir owner collection If you are restoring an entire iFolder and want to ensure that it is in the exact state it was i...

Page 114: ...yDir1 MyDir2 MyFile to tmp MyFile IMPORTANT Do not restore the file to its original location or to any location under the Simias store directory 3 Compress and send the entire folder MyiFolder to the...

Page 115: ...er Only an iFolder user can create iFolder database on the server To upload the recovered files and directories user need to create a database iFolder store on the iFolder server Once a database is cr...

Page 116: ...ummy files or directories with the restored files or directories 5 Set the permissions for the files or directories to the apache user or the apache group for example wwwrun www 6 Have the iFolder own...

Page 117: ...service IP address only by reconfiguring the iFolder service either through YaST or command line When you reconfigure the iFolder services you must ensure that the current data Store path is not chang...

Page 118: ...the cipher suite to use establishes and shares a session key between client and server authenticates the server to the user and authenticates the user to the server The key exchange method defines how...

Page 119: ...r SSL Communications with the LDAP Server By default the iFolder enterprise server is configured to communicate via SSL with the LDAP Server For most deployments this setting should not be changed If...

Page 120: ...ed for performance reasons If the iFolder deployment is in larger scale and the Web Access server or Web Admin server are on different machine than the iFolder enterprise server you can reconfigure to...

Page 121: ...le com with the actual DNS name or IP address such as 192 168 1 1 of the server where iManager is running This might be the same server as your iFolder server IMPORTANT The URL is case sensitive 2 If...

Page 122: ...for the target server NOTE You cannot manage Novell iFolder 2 x servers with the Novell iFolder 3 Web Admin To connect to the iFolder server you want manage 1 If you are not logged in to iManager log...

Page 123: ...Admin users page 7 Continue with Section 10 4 Managing Web Admin Console on page 124 When you are done managing the iFolder server click logout located in the upper right corner or close your Web bro...

Page 124: ...plays the user s type Admin user or user username user s full name if available the server to which the user is provisioned and the user status Enabled or Disabled 2 Use the search functionality to lo...

Page 125: ...n 10 5 1 Viewing and Modifying iFolder System Information on page 125 Accessing Servers Page 1 In the Web Admin console click the Servers tab 2 Use the search functionality to locate the Server you wa...

Page 126: ...l the changes made click Cancel Enable SSL Select the check box to enable the SSL communication among the iFolder Servers iFolder client iFolder Web Access console and iFolder Web Admin console Total...

Page 127: ...s The user s movement can be tracked anywhere in the tree because it is known by the GUID not the user DN The iFolder Admin right can be assigned to other users so that they can also manage iFolder se...

Page 128: ...ed in the list of users with the iFolder Admin right You can assign the iFolder Admin right to multiple users Removing the iFolder Admin Right for a User You can delete the iFolder Admin right from al...

Page 129: ...chronize Excluded Files Specifies a list of file types to include or to exclude from synchronization for all iFolders on the system For example to block all mp3 files you need to specify mp3 Synchroni...

Page 130: ...o enable the Maximum File Size Limit policy then specify the maximum allowed file size in MB Consider the following demands on your system to determine an appropriate file size limit for iFolders in y...

Page 131: ...em policy default of zero unless there is a user policy set If a user policy is set the user policy overrides the system policy whether the user policy is larger or smaller in value The local machine...

Page 132: ...nformation Parameter Description Name The name assigned to the iFolder enterprise server Type The host portion of the DNS name of the server For example in if3svr example com if3svr is the host name D...

Page 133: ...issues Debug Shows the server activities that help Novell support debug the issues Info Shows the basic server activities that help Novell support resolve the issues This option is selected by defaul...

Page 134: ...ain and all the user iFolders become orphans Disabled users are never deleted automatically after the grace interval period The users continue to exist in a disabled state even after the grace interva...

Page 135: ...provides privilege separation and is also important because the proxy user password is stored in the file system on the iFolder server Specify the fully distinguished name of an existing user that you...

Page 136: ...cn dbgroup o acme To edit a value select it make your changes then click OK to apply the changes During LDAP synchronization the iFolder server queries the LDAP server to retrieve a list of users in t...

Page 137: ...erface to enable reporting and generate reports for iFolder and Directories It generate reports based on the frequency you select 1 Select Enable Reporting to enable reporting 2 Select the frequency f...

Page 138: ...eNULL 3 Modify the plus to a minus in front of the ciphers you want to disable and make sure there is a not before ADH SSLCipherSuite ALL ADH RC4 RSA HIGH MEDIUM LOW SSLv2 EXP eNULL 4 Save your chang...

Page 139: ...ers are on different machines If the two servers are running on the same machine and you want to disable SSL rerun the YaST configuration and specify http localhost as the URL for the enterprise serve...

Page 140: ...write command lines For example LoadModule rewrite_module usr lib apache2 mod_rewrite so RewriteEngine On RewriteCond HTTPS on RewriteRule ifolder https SERVER_NAME ifolder 1 R L 3 Start the iFolder W...

Page 141: ...r s LDAPGroups If LDAP home server attribute is set user is provisioned based on that If all of the above cases fail to provision the user iFolder automatically select a server in the iFolder system a...

Page 142: ...he users across different servers in any given iFolder domain 1 Log in to the iFolder Web Admin console and open Users page 2 Perform the following Locate and select the users then click Provision to...

Page 143: ...me should help you locate the user Type Shows the member type of the user currently logged in If the user is an individual user the interface also display an option for User Groups If the user is a me...

Page 144: ...lick Enable to enable the iFolder This allows the user to log in and synchronize iFolders 3 Click Disable to disable the iFolder 4 If the user is logged in when you make this change the user s session...

Page 145: ...the difference between any space restrictions on the account and the space currently in use If no quota is in effect the value is No Limit Effective Effective space allocated on the server File size...

Page 146: ...er ones Interval If a user policy is set it overrides the system policy whether the user s interval is shorter or longer in value Effective Specifies the current synchronization interval For example i...

Page 147: ...elect Limit if there is no individual user quota or to accept the system wide quota for the selected user account Select Limit to enforce a user quota then specify the total space quota in MB for the...

Page 148: ...m On and Enforced On Select On to enable Encryption With this user is allowed to set encryption policy for his or her iFolder files User will have the control over the sharing of his iFolder data Enfo...

Page 149: ...older on page 151 Section 12 1 6 Managing iFolder Policies on page 153 Section 12 1 7 Enabling and Disabling an iFolder on page 155 12 1 1 Accessing the iFolders Details Page 1 Use the search function...

Page 150: ...its details change the owner configure its policies share the iFolder or modify members access rights Owner The username of the owner of the selected iFolder For orphaned iFolders the iFolder Admin us...

Page 151: ...e accepts the iFolder on at least one computer After the user accepts the invitation and sets up the iFolder the user shows up in the member list But with iFolder 3 7 and above versions if you add the...

Page 152: ...eck box next to the member user s name Capabilities Owner Full Control Read Write Read Only Transfer ownership of an iFolder to another iFolder user Yes No No No Set a quota for the iFolder Yes No No...

Page 153: ...d iFolder you want to manage 3 Click the iFolder name link to open the iFolder Details page Under the title iFolder details the iFolder details page display the property Orphan Yes 4 Click Adopt to se...

Page 154: ...ective View only Reports effective space available on the server for the iFolder data File Size Limit Specifies the maximum total file size in MB that an iFolder user is allowed to use across all iFol...

Page 155: ...minimum synchronization interval specifies the minimum interval in minutes that a user s client can check iFolder data on the server and local iFolders to identify files that need to be downloaded or...

Page 156: ...iFolder 3 7 Administration Guide novdocx en 13 May 2009 NOTE Disabling synchronization temporarily as opposed to deleting or disabling the entire user account turns off the ability of the selected iF...

Page 157: ...reboot the system or whenever you start Apache services As a root user enter the following command at the terminal console etc init d apache2 start 13 2 Stopping iFolder Web Access Services iFolder s...

Page 158: ...th the default settings in the webaccess Web config file for Web Access httpRuntime executionTimeout 720 maxRequestLength 1048576 To modify the httpRuntime parameters 1 Stop iFolder 2 Set the httpRunt...

Page 159: ...ection 13 5 5 Configuring an SSL Certificate for the Web Access Server on page 161 For information on how to configure SSL traffic on the iFolder enterprise server see Section 9 11 Securing Enterprise...

Page 160: ...tag add key SimiasUrl value https localhost add key SimiasCert value raw certificate data in base 64 encoding If you disable SSL between Web Access server and the enterprise server and if the two ser...

Page 161: ...e2 mod_rewrite so RewriteEngine On RewriteCond HTTPS on RewriteRule ifolder https SERVER_NAME ifolder 1 R L To disable the requirement for SSL connections you can comment out these Rewrite command lin...

Page 162: ...162 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 163: ...Section A 10 Exception Error while Configuring iFolder on a Samba Volume on page 165 Section A 11 Giving Slash at the End of the Default iFolder Path Creates Corrupted iFolder on page 165 Section A 12...

Page 164: ...older throws a null exception error when you attempt to restore all the backed up iFolder data in debug mode consider the following cause iFolder does not support restoring all the backed up files How...

Page 165: ...a port to the list of permitted ports in the firewall configuration A 10 Exception Error while Configuring iFolder on a Samba Volume If iFolder server throws an exception when you configure the iFolde...

Page 166: ...ons You must enable the SSL for iFolder Web Admin server For more informations see Require Server SSL on page 74 You must also provide the correct IP address instead of specifying localhost in the iFo...

Page 167: ...imias config file The default location is var lib wwwrun local share Simias config Ensure that you know the iFolder Proxy user password 2 Open a terminal console and enter opt novell ifolder3 bin simi...

Page 168: ...168 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 169: ...page 170 Section B 6 LDAP SSL Certificate on page 170 Section B 7 Novell iFolder Admin User on page 170 Section B 8 Novell iFolder with iChain and the Access Gateway on page 171 B 1 Loading Certifica...

Page 170: ...mation during the YaST configuration B 4 Using a Single Proxy User for a Multi Server Setup By default each server creates its own Proxy user for role separation However you can use single Proxy user...

Page 171: ...h of these products are not configured by default You must use CLI to update the logout URL for both iFolder 3 7 Web Admin and iFolder 3 7 Web Access configuration work successfully with iChain or the...

Page 172: ...172 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 173: ...ring iFolder 3 7 Services Each node in your iFolder 3 7 cluster must satisfy the following requirements Prerequisites and Guidelines on page 47 for iFolder 3 7 Prerequisites and requirements for Novel...

Page 174: ...iven below 2a Ensure that the shared resource is mounted on the Master node For example media nss NSSVOL Mounting will not be done if the resource is on a different node Migrate that resource to the M...

Page 175: ...lias on all nodes when you configure them later For the iFolder Server URL specify SSL by using https in the URL and specify a URL that points to the IP address used for the cluster resource or a DNS...

Page 176: ...the iFolder 3 7 Cluster Resource In iManager Roles and Tasks expand the Clusters role then click Cluster Manager to manage the iFolder 3 7 resource and bring it online For information see Managing Clu...

Page 177: ...e uses the NSS file system use the following load script as a guide NSS File System Sample Load Script mount the file system MYPOOL is the name of your NSS pool MYVOL is the name of your NSS volume ns...

Page 178: ...int MOUNT_POINT mnt ifolder stop iFolder ignore_error mod mono server filename tmp mod_mono_server_simias10 terminate ignore_error mod mono server filename tmp mod_mono_server_admin terminate ignore_e...

Page 179: ...NSS volume umount media nss MYVOL nss pooldeactivate MYVOL return status exit 0 C 7 3 Troubleshooting Linux does not allow you to umount a volume if any file is currently open If your system is going...

Page 180: ...e System If your shared volume uses a Linux POSIX file system use the following monitor script as a guide bin bash opt novell ncs lib ncsfuncs function check_ifolder result ps f U wwwrun awk mod mono...

Page 181: ...tor script as a guide define the IP address RESOURCE_IP a b c d check the file system MYPOOL is the name of your NSS pool exit_on_error status_fs dev evms MYPOOL opt novell nss mnt pools MYPOOL nsspoo...

Page 182: ...182 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 183: ...at has users provisioned to it from an iFolder domain 1 Reprovision all the users on the slave server to a different server 2 In the slave server open a terminal prompt 3 Enter rcapache2 stop to bring...

Page 184: ...184 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 185: ...ection section name Server setting name Name value npsdt val 3 setting name PublicAddress value https 192 168 1 1 443 simias10 setting name PrivateAddress value https 192 168 1 1 443 simias10 setting...

Page 186: ...cation setting name LdapUri value ldaps 192 168 1 1 setting name ProxyDN value cn iFolderProxy o novell section section name LdapProvider setting name NamingAttribute value cn setting name Search Cont...

Page 187: ...ntil we need it webServices soapExtensionTypes add type DumpExtension extensions priority 0 group 0 add type EncryptExtension extensions priority 1 group 0 soapExtensionTypes webServices authenticatio...

Page 188: ...Settings configuration E 3 Web config File for the Web Admin Server By default the Web config file for Web Admin server is in the opt novell ifolder3 lib simias admin The following is an example of a...

Page 189: ...s so that you do not display application detail information to remote clients customErrors defaultRedirect Error aspx mode On AUTHENTICATION This section sets the authentication policies of the applic...

Page 190: ...r every page within an application Set trace enabled true to enable application trace logging If pageOutput true the trace information will be displayed at the bottom of each page Otherwise you can vi...

Page 191: ...rAdmin httpHandlers GLOBALIZATION This section sets the globalization settings of the application globalization requestEncoding utf 8 responseEncoding utf 8 system web appSettings add key SimiasUrl va...

Page 192: ...this creates a larger file that executes more slowly you should set this value to true only when debugging and to false at all other times For more information refer to the documentation about debugg...

Page 193: ...ralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites authentication mode Forms forms name iFolderWeb loginUrl Login aspx timeout 2...

Page 194: ...ilable a session can be tracked by adding a session identifier to the URL To disable cookies set sessionState cookieless true sessionState mode InProc cookieless false timeout 30 GLOBALIZATION This se...

Page 195: ...Configuration Files 195 novdocx en 13 May 2009 location location path ICLogout aspx system web authorization allow users authorization system web location configuration...

Page 196: ...196 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 197: ...hority A self signed certificate is usually used only for internal iFolder services where the server s identity is not likely to be spoofed The trusted CA signature on the certificate attests that the...

Page 198: ...formation about how to manage and update certificates see Managing X 509 Certification http www novell com documentation sles10 sles_admin data cha_yast_ca html in the SUSE Linux Enterprise Server 10...

Page 199: ...the Apache server F 4 Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder Cluster 1 Mount the shared volume At a terminal console enter mnt dev sda1 mnt ifolder3 Repla...

Page 200: ...ey key file and the certificate cert file or the pem file to a location on the mounted NSS volume At a terminal console enter cp filename key media nss VOL1 ifolder3 sharedkey filename key cp filename...

Page 201: ...x en 13 May 2009 SSLCertificateFile media nss VOL1 ifolder3 sharedkey filename pem WARNING Ensure that there are no duplicate entries for SSLCertificateKeyFile and SSLCertificateFile in the Apache SSL...

Page 202: ...202 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Page 203: ...iFolder 3 7 supported on a 64 bit OS on page 203 Section G 1 2 Is iFolder going to support non eDirectory related platforms as an identity source on page 203 Section G 1 3 Because iFolder is developed...

Page 204: ...more information see Section 6 9 2 Downloading the iFolder Client on page 89 G 2 3 Can I use the iFolder 2 x client to connect to an iFolder 3 7 server No However iFolder 3 7 supports client side mig...

Page 205: ...nt console for iFolder 3 7 on page 205 Section G 3 2 What are the new features in the Web Admin console on page 205 Section G 3 3 Can the administrator control the ability to encrypt iFolder files on...

Page 206: ...tion see Section 2 5 iFolder User Account Considerations on page 29 G 3 5 Can the administrator control the ability to share files No A future version of iFolder will support this feature G 3 6 How ca...

Page 207: ...Version Type Description 3 0 Bundled A new code base in this next generation version supports multiple iFolders and member based sharing For information see Section 3 5 What s New in Novell iFolder 3...

Page 208: ...ut it does not support NSS volumes because of a kernel defect Requires a Mono update Yes but it does not support NSS volumes because of a kernel defect Requires a Mono update No No OES SP1 Linux No Ye...

Page 209: ...Web Server 3 0 3 1 3 2 3 6 3 7 Apache 2 worker mode 2 worker mode 2 worker mode 2 worker mode 2 worker mode iFolder User Access Method 3 0 3 1 3 2 3 6 3 7 iFolder client Yes Yes Yes Yes Yes iFolder cl...

Page 210: ...2 3 6 3 7 iFolder 3 plug in to iManager 2 5 Yes Yes Yes Yes to iManager 2 7 Yes to iManager 2 7 iFolder 3 plug in to YaST Yes Yes Yes Yes Yes iFolder 3 Web Access plug in to YaST Yes Yes Yes Yes Yes i...

Page 211: ...pear in the document itself Each change entry provides a link to the related topic and a brief description of the change This document was updated on the following dates Section I 1 October 2008 on pa...

Page 212: ...to connect on on page 64 Connect to iFolder server using SSL on page 63 iFolder server port to connect on on page 63 Redirect URL for iChain AccessGateway optional on page 69 Location Change Section 2...

Page 213: ...cation Change Section 6 10 Using a Response File to Automatically Create iFolder Accounts on page 91 Added description about using response file to distribute iFolder clients Location Change Migration...

Page 214: ...Change Section 9 11 5 Configuring the Enterprise Server for SSL Communications with the Web Access Server and Web Admin Server on page 120 Added a new section on configuring iFolder server for SSL co...

Page 215: ...r the Web Admin Server on page 188 Added a new section for Web config files for the Web Admin server Location Change Section C 6 Sample Load Scripts for iFolder 3 7 Clusters on page 176 Updated the sa...

Page 216: ...216 OES 2 SP1 Novell iFolder 3 7 Administration Guide novdocx en 13 May 2009...

Reviews: