Novell DATA SYNCHRONIZER ADMINISTRATION GUIDE

Administration Guide
Novell®
Data Synchronizer
novdocx (en) 16 April 2010
AUTHORIZED DOCUMENTATION
July 26, 2010
www.novell.com

Novell Data Synchronizer Administration Guide

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
novdocx (en) 16 April 2010
Copyright © 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see the Novell Documentation Web site (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 16 April 2010
novdocx (en) 16 April 2010
4 Novell Data Synchronizer Administration Guide
Contents
About This Guide 7

1 Managing the Synchronizer Services 9

1.1 Managing the Data Synchronizer Services Collectively . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 Managing the Synchronizer Services Individually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2.1 Managing the Sync Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.2 Managing the Config Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.3 Managing the Web Admin Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2.4 Managing the Connector Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Accessing Synchronizer Web Admin 13

2.1 As the Synchronizer Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 As a Synchronizer User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
novdocx (en) 16 April 2010

3 Managing Your Synchronizer System 15

3.1 Configuring Synchronizer Web Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.1.1 Searching Multiple LDAP Contexts for Users and Groups . . . . . . . . . . . . . . . . . . . . 15
3.1.2 Setting Up Multiple Synchronizer Administrator Users . . . . . . . . . . . . . . . . . . . . . . . 16
3.1.3 Adjusting the Synchronizer Web Admin Polling Rate for Groups . . . . . . . . . . . . . . . 17
3.1.4 Adjusting the Synchronizer Web Admin Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.5 Changing the Synchronizer Web Admin Port Number . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.6 Configuring Synchronizer Web Admin for a Specific Language . . . . . . . . . . . . . . . . 18
3.2 Configuring the Sync Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.1 Enabling Caching for Troubleshooting Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.2 Selecting a Log Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2.3 Enabling Per-User Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2.4 Configuring Database Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.3 Monitoring the Sync Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.4 Working with Synchronizer Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.1 Log File Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.2 Sync Engine Log File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.3 Config Engine Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.4 Web Admin Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.5 Connector Manager Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.6 Per-User Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4.7 Flatfile Connector Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4.8 Collect Logs Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.5 Changing the Synchronizer Database Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4 Managing Connectors 33

4.1 Managing User Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.1.1 Adding a User Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.1.2 Deleting a User Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2 Managing Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2.1 Changing a User’s Application Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.2.2 Adding a User to a Connector in Synchronizer Web Admin . . . . . . . . . . . . . . . . . . . 35
4.2.3 Adding a User to a Connector through an LDAP Group . . . . . . . . . . . . . . . . . . . . . . 36
Contents 5
4.2.4 Customizing a User’s Synchronization Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.2.5 Deleting a User from a Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.3 Managing Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.3.1 Adding a Group to a Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.3.2 Deleting a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.4 Auditing User Synchronization Activity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.5 Customizing General Connector Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.5.1 Controlling Connector Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.5.2 Configuring Connector Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4.5.3 Controlling Connector Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.6 Customizing Connector-Specific Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5 Securing Your Synchronizer System 43

5.1 Security Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.1.1 Securing Communication with the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.1.2 Securing Communication between the GroupWise Connecto r and the GroupWise
POA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5.1.3 Securing Communication between the Mobility Connector and Mobile Devices . . . . 43
5.1.4 Selecting a Specific Version of SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.2 Security Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
5.2.1 Securing Your Synchronizer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2.2 Securing Your Synchronizer System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
novdocx (en) 16 April 2010

A Troubleshooting 49

6 Novell Data Synchronizer Administration Guide

About This Guide

The Novell Data Synchronizer Administration Guide helps you to manage your Synchronizer system after you have set it up. The guide is divided into these sections:
Chapter 1, “Managing the Synchronizer Services,” on page 9
Chapter 2, “Accessing Synchronizer Web Admin,” on page 13
Chapter 3, “Managing Your Synchronizer System,” on page 15
Chapter 4, “Managing Connectors,” on page 33
Chapter 5, “Securing Your Synchronizer System,” on page 43
Appendix A, “Troubleshooting,” on page 49
Audience
This guide is intended for network administrators who manage a Data Synchronizer system.
novdocx (en) 16 April 2010
Feedback
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comment feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
Additional Documentation
For additional Data Synchronizer documentation, see the following documentation provided at the
Novell Data Synchronizer Documentation Web site (http://www.novell.com/documentation/ datasynchronizer1).
Novell Data Synchronizer Mobility Pack Readme
Novell Data Synchronizer installation and administration guides
For additional Data Synchronizer connector documentation, see the following documentation provided at the Novell Data Synchronizer Connectors Documentation Web site (http://
www.novell.com/documentation/datasync_connectors1).
Connector Readmes
Connector Quick Starts
Connector installation and configuration guides
About This Guide 7
novdocx (en) 16 April 2010
8 Novell Data Synchronizer Administration Guide
1
Managing the Synchronizer
novdocx (en) 16 April 2010
Services
For an overview of the Novell Data Synchronizer services, see:
Data Synchronizer Product Overview” in the Novell Data Synchronizer Mobility Pack
Installation Guide
Data Synchronizer Product Overview” in the Novell Data Synchronizer Installation Guide
The Synchronizer services are managed on the command line in a terminal window.
IMPORTANT: The Synchronizer services must always run as the Linux
Section 1.1, “Managing the Data Synchronizer Services Collectively,” on page 9
Section 1.2, “Managing the Synchronizer Services Individually,” on page 9

1.1 Managing the Data Synchronizer Services Collectively

Use the following command as
rcdatasync status
root
to check the status of the Synchronizer services:
root
user.
1
Use the following commands as
rcdatasync start rcdatasync restart rcdatasync stop
IMPORTANT: After restarting the Synchronizer services, you must manually restart all connectors in Synchronizer Web Admin. Always start the GroupWise Connector first before any other connectors.
root
to manually start and stop all the Synchronizer services:

1.2 Managing the Synchronizer Services Individually

If you manage the Synchronizer services individually, they should be started in the following order:
Config Engine
Sync Engine
Connector Manager
The Synchronizer services should be stopped in the following order:
Connector Manager
Managing the Synchronizer Services
9
Sync Engine
Config Engine
You can start and stop Web Admin at any time, as long as the other Synchronizer services are running.
Each Synchronizer service has its own set of commands:
Section 1.2.1, “Managing the Sync Engine,” on page 10
Section 1.2.2, “Managing the Config Engine,” on page 10
Section 1.2.3, “Managing the Web Admin Service,” on page 10
Section 1.2.4, “Managing the Connector Manager,” on page 10

1.2.1 Managing the Sync Engine

novdocx (en) 16 April 2010
Use the following command as
rcdatasync-syncengine status
Use the following commands as
rcdatasync-syncengine start rcdatasync-syncengine restart rcdatasync-syncengine stop
root
to check the status of the Sync Engine:
root
to manually start and stop the Sync Engine:

1.2.2 Managing the Config Engine

Use the following command as
rcdatasync-configengine status
Use the following commands as
rcdatasync-configengine start rcdatasync-configengine restart rcdatasync-configengine stop
root
to check the status of the Config Engine:
root
to manually start and stop the Config Engine:

1.2.3 Managing the Web Admin Service

Use the following command as
root
to check the status of the Web Admin service:
rcdatasync-webadmin status
Use the following commands as
rcdatasync-webadmin start rcdatasync-webadmin restart rcdatasync-webadmin stop
root
to manually start and stop the Web Admin service:

1.2.4 Managing the Connector Manager

Use the following command as
rcdatasync-connectors status
10 Novell Data Synchronizer Administration Guide
root
to check the status of the Connector Manager:
novdocx (en) 16 April 2010
Use the following commands as
rcdatasync-connectors start rcdatasync-connectors restart rcdatasync-connectors stop
root
to manually start and stop the Connector Manager:
Managing the Synchronizer Services 11
novdocx (en) 16 April 2010
12 Novell Data Synchronizer Administration Guide
2
Accessing Synchronizer Web
novdocx (en) 16 April 2010
Admin
All configuration of your Synchronizer system is done through Synchronizer Web Admin. When you log in as the Synchronizer administrator, you can configure the Sync Engine and connectors. When users log in using their network usernames and password, they can control connector-specific aspects of data synchronization for each connector where they have been added.
Section 2.1, “As the Synchronizer Administrator,” on page 13
Section 2.2, “As a Synchronizer User,” on page 14
See also Section 3.1, “Configuring Synchronizer Web Admin,” on page 15.

2.1 As the Synchronizer Administrator

1 Access Synchronizer Web Admin at the following URL:
https://data_synchronizer_server:8120
Replace Synchronizer server.
data_synchronizer_server
with the IP address or DNS hostname of the
2
2 Specify the Synchronizer administrator username (such as
established during installation, then click Login.
Synchronizer system configuration and administration is performed using Synchronizer Web Admin.
Section 3.1, “Configuring Synchronizer Web Admin,” on page 15
Section 3.2, “Configuring the Sync Engine,” on page 19
admin
) and password that were

Accessing Synchronizer Web Admin

13
Section 4.2, “Managing Users,” on page 34
Section 4.3, “Managing Groups,” on page 38
Section 4.1, “Managing User Profiles,” on page 33
Section 4.4, “Auditing User Synchronization Activity,” on page 39
Section 4.5, “Customizing General Connector Configuration Settings,” on page 39
3 Click to log out of Synchronizer Web Admin.
If you want multiple users to be able to access Synchronizer Web Admin, see Section 3.1.2, “Setting
Up Multiple Synchronizer Administrator Users,” on page 16.

2.2 As a Synchronizer User

Users can use the Synchronizer Web Admin URL to access the Data Synchronizer User Options page by logging in with their network username and password. The options available to users depend on the connectors to which they have been added. All users added during the Mobility Pack installation have at least the following options:
novdocx (en) 16 April 2010
The user options available for each connector are described in the Quick Start (http://
www.novell.com/documentation/datasync_connectors1) for each connector.
If you set yourself up as the Synchronizer administrator user, you can access your personal User Options page with the following URL:
https://data_synchronizer_server:8120/admin/user/username
14 Novell Data Synchronizer Administration Guide
3
Managing Your Synchronizer
novdocx (en) 16 April 2010
System
When you install Novell Data Synchronizer, it is configured with default settings that are appropriate for your initial Synchronizer system. After installation, you can customize your Synchronizer system configuration as your Synchronizer system expands over time.
Section 3.1, “Configuring Synchronizer Web Admin,” on page 15
Section 3.2, “Configuring the Sync Engine,” on page 19
Section 3.3, “Monitoring the Sync Engine,” on page 23
Section 3.4, “Working with Synchronizer Log Files,” on page 25
Section 3.5, “Changing the Synchronizer Database Password,” on page 30

3.1 Configuring Synchronizer Web Admin

Synchronizer Web Admin is the management and administration tool for your Synchronizer system.
Section 3.1.1, “Searching Multiple LDAP Contexts for Users and Groups,” on page 15
Section 3.1.2, “Setting Up Multiple Synchronizer Administrator Users,” on page 16
Section 3.1.3, “Adjusting the Synchronizer Web Admin Polling Rate for Groups,” on page 17
Section 3.1.4, “Adjusting the Synchronizer Web Admin Timeout,” on page 18
3
Section 3.1.5, “Changing the Synchronizer Web Admin Port Number,” on page 18
Section 3.1.6, “Configuring Synchronizer Web Admin for a Specific Language,” on page 18

3.1.1 Searching Multiple LDAP Contexts for Users and Groups

During installation, you specify one LDAP container to search in for user information and another container to in search for group information. After installation, you can add more containers for Synchronizer Web Admin to search in for users and groups when you need to add users and groups to a connector.
IMPORTANT: Subcontainers are also searched, so you do not need to add them separately.
1 In Synchronizer Web Admin, click (Manage Global Settings).

Managing Your Synchronizer System

15
novdocx (en) 16 April 2010
2 To search in an additional container for users, specify the container context in the text entry
field under LDAP Base User DNs, then click to add the container to the list of containers to search.
3 To search in an additional container for groups, specify the container context in the text entry
field under LDAP Base Group DNs, then click to add the container to the list of containers to search.
4 Click Save LDAP Settings to save the new container contexts.
Users and groups from the new container contexts are immediately available for adding to connectors.

3.1.2 Setting Up Multiple Synchronizer Administrator Users

During installation, you establish the initial user who can access Synchronizer Web Admin. After installation, you can grant this right to additional users.
root
1 In a terminal window on the Synchronizer server, log in as the
2 Change to the following directory:
/etc/datasync/configengine
3 Open the
configengine.xml
file in a text editor.
4 Locate the following section:
<admins>
<dn>cn=username,ou=organizational_unit,o=organization</dn>
</admins>
This section identifies the original Synchronizer user that you established during installation.
5 Copy the line for the original Synchronizer user to a new line between the
modify it as needed to identify an additional Synchronizer administrator user.
user.
<admins>
tags., then
16 Novell Data Synchronizer Administration Guide
novdocx (en) 16 April 2010
6 Save the
7 Restart the Synchronizer services to put the new setting into effect:
rcdatasync restart
configengine.xml
file, then exit the text editor.

3.1.3 Adjusting the Synchronizer Web Admin Polling Rate for Groups

When you add an LDAP group to your Synchronizer system in Synchronizer Web Admin, the LDAP group’s existing members are added to the group as displayed in Synchronizer Web Admin. Subsequently, Synchronizer Web Admin polls for updates to LDAP group membership, so that the group membership displayed in Synchronizer Web Admin always matches the LDAP group membership.
By default, Synchronizer Web Admin polls the LDAP directory for group membership changes every 30 minutes. It polls only the groups in containers that it has been configured to search, as described in Section 3.1.1, “Searching Multiple LDAP Contexts for Users and Groups,” on page 15.
1 In Synchronizer Web Admin, click (Manage Global Settings).
The default polling rate is 1800 seconds (30 minutes)
2 Adjust the polling rate as needed to synchronize the group membership in Synchronizer Web
Admin with current LDAP group membership more or less often to meet the needs of your Synchronizer system.
3 Click Save LDAP Settings to put the adjusted polling rate into effect.
Managing Your Synchronizer System 17

3.1.4 Adjusting the Synchronizer Web Admin Timeout

By default, Synchronizer Web Admin times out after one hour. You can adjust the session time by editing the Synchronizer Web Admin configuration file.
root
1 In a terminal window on the Synchronizer server, log in as the
2 Change to the following directory:
/etc/datasync/webadmin
3 Open the
4 Add the following line between the
<sessionTimeout>seconds</sessionTimeout>
5 Replace
server.xml
seconds
with the number of seconds you want to elapse before Synchronizer Web
file in a text editor.
<config>
tags:
Admin times out.
The default is 3600 seconds (60 minutes). Increase or decrease the setting as needed to meet your security needs.
6 Save the
server.xml
file, then exit the text editor.
user.
novdocx (en) 16 April 2010
7 Restart the Web Admin service to put the new setting into effect:
rcdatasync-webadmin restart

3.1.5 Changing the Synchronizer Web Admin Port Number

When you access Synchronizer Web Admin from your Web browser, the default port number is
8210. You can configure Synchronizer Web Admin to use a different port number, such as a port number that is already open through your firewall to provide external access to Synchronizer Web Admin.
root
1 In a terminal window on the Synchronizer server, log in as the
user.
2 Change to the following directory:
/etc/datasync/webadmin
3 Open the
server.xml
file in a text editor.
4 Change 8120 to the desired port number.
5 Save the
server.xml
file, then exit the text editor.
6 Restart the Web Admin service to put the new port number into effect:
rcdatasync-webadmin restart

3.1.6 Configuring Synchronizer Web Admin for a Specific Language

The Synchronizer Web Admin interface has been translated into the following languages:
Dutch
French
German
18 Novell Data Synchronizer Administration Guide
Spanish
Swedish
It displays in the same language as your Web browser when you are using one of the supporting languages. Otherwise, it displays in English by default. If necessary, you can override the default language selection.
root
1 In a terminal window on the Synchronizer server, log in as the
user.
2 Change to the following directory:
/etc/datasync/webadmin
3 Open the
4 Add the following line between the
<lang>language_code</lang>
5 Replace
Language Language Code
Dutch nl
server.xml
language_code
file in a text editor.
<config>
tags:
with the language you want to use for Synchronizer Web Admin.
novdocx (en) 16 April 2010
English en-us
French fr
German de
Spanish es
Swedish sv
6 Save the
server.xml
file, then exit the text editor.
7 Restart the Web Admin service to put the new language setting into effect:
rcdatasync-webadmin restart

3.2 Configuring the Sync Engine

Section 3.2.1, “Enabling Caching for Troubleshooting Purposes,” on page 19
Section 3.2.2, “Selecting a Log Level,” on page 20
Section 3.2.3, “Enabling Per-User Logging,” on page 21
Section 3.2.4, “Configuring Database Maintenance,” on page 22

3.2.1 Enabling Caching for Troubleshooting Purposes

By default, the Sync Engine stores events in the Synchronizer database until it transfers the events to the connectors that have subscribed to the events, then it deletes the events from the Synchronizer database. For troubleshooting purposes, you can configure the Sync Engine to cache events in the
Managing Your Synchronizer System 19
Synchronizer database even after the events have been transferred to connectors. You can also control the length of time such events are cached. When your troubleshooting is completed, you can clear the cached events.
1 In Synchronizer Web Admin, click default in the Manage Engines section, then scroll to the
Caching section.
2 Select Enabled to turn on caching for the Synchronizer database.
3 Specify the number of days to cache the events.
Event caching causes the Synchronizer database to grow in size based on the amount of traffic through the Sync Engine.
4 Click Save Cache Settings.
novdocx (en) 16 April 2010
5 When you are finished with your troubleshooting activities, disable caching to reduce the
amount of data stored in the Synchronizer database:
5a Return to the Engine Configuration page.
5b In the Caching box, select Disabled, then click Save Cache Settings.
5c In the Maintenance box, click Clear Cache.

3.2.2 Selecting a Log Level

The Synchronizer services write useful information to a set of log files described in Section 3.4,
“Working with Synchronizer Log Files,” on page 25. You can control the amount of information
that is written to Synchronizer log files. The default log level is Info.
1 In Synchronizer Web Admin, click default in the Manage Engines section, then scroll to the
Logging section
2 Select a log level.
Debug: Logs large quantities of developer-level data. This log level is appropriate for
troubleshooting purposes. It puts a heavy load on the Synchronizer services and should be used only until the troubleshooting activities are completed.
Info: Logs informational messages about normal Synchronizer processing. This log level
is suitable for a Synchronizer administrator who wants to observe the functioning of the Synchronizer system. However, it puts a heaver load on the Synchronizer services than the Warning and Error log levels. This is the default log level.
20 Novell Data Synchronizer Administration Guide
War ni ng: Logs problems that should not adversely affect Synchronizer processing but
should be investigated and resolved for optimum performance. This log level is appropriate for a smoothly running Synchronizer system where you only want to be notified of warnings and errors.
Error: Logs error messages that indicate critical errors in Synchronizer processing. This
log level puts the least load on the Synchronizer services because it logs only critical errors.
3 (Optional) Select Ve r bo s e .
You can select Ve r bose for any log level. Selecting Ve rb o s e adds event data to the messages regularly logged at the selected log level.
4 (Optional) Select Log Failed Events to Disk.
You can select Log Failed Events to Disk for any log level. Logging failed events to disk saves failed events (typically as XML files) in the following directory:
/var/lib/datasync/errors
Each event file is named using the event ID for the failed event, so that you can correlate messages about specific events with their associated event files. Information about failed events is helpful when you need to contact Support for assistance.
5 In the File field, specify the name of the log file that you want to set the log level for.
novdocx (en) 16 April 2010
By default, the log level is set for the Sync Engine log file (
engine.log
). For a list of
Synchronizer log files, see Section 3.4, “Working with Synchronizer Log Files,” on page 25.

3.2.3 Enabling Per-User Logging

If individual users are having problems that are not experienced my most users, you can enable per­user logging. Per-user logging places a heavy load on the Synchronizer services and causes log files to grow very large very quickly. It should only be used for brief periods of troubleshooting individual user problems.
Per-user logging collects user-specific errors from the Sync Engine log ( connector log (
default.pipeline1.connector_name.log
) and consolidates them into a single,
engine.log
user-specific log file.
1 In Synchronizer Web Admin, click default in the Manage Engines section, scroll to the
Logging section, then click Advanced.
) and the
2 Enable a user for logging:
2a Click Add User.
Managing Your Synchronizer System 21
novdocx (en) 16 April 2010
2b Specify the fully distinguished name (
cn-username,ou-orgunit,o=organization
the user that is having problems, then click Add User.
A progress box displays briefly, but you do not need to click OK in it. You return automatically to the Logging section.
2c Click Advanced to see that the user has been added to the list.
When one user is having problems, but other users are not, it can be helpful to log events for a successfully working user in order to compare the logs of the two users.
3 (Optional) Repeat Step 2 for a successfully working user.
Each user’s log file, named
user_distinguished_name.log
, is created in the following
directory:
/var/log/datasync/targets
4 Review the user log files to help resolve the problem.
5 Disable per-user logging:
5a Return to the Logging section of the Engine Configuration page.
5b Click to delete each user for whom per-user logging was enabled.
) of

3.2.4 Configuring Database Maintenance

Synchronizer uses a PostgreSQL database to store Synchronizer system configuration information and pending events when synchronization between the Sync Engine and connectors is interrupted. By default, automatic database maintenance cleans up orphaned and expired records every 2 hours.You can change this interval as needed. For example, you might prefer one-time nightly maintenance.
1 In Synchronizer Web Admin, click the Sync Engine (
default
Configuration page, then click Edit XML Source to display the Engine XML Source window.
2 Add the following tags between the
<cacheCleanupInterval>seconds</cacheCleanupInterval>
3 Replace
seconds
with the time interval for database maintenance.
<settings>
and
</settings>
For example, you could specify 86400 to perform database maintenance once a day, at midnight.
4 Click Save XML to save your change, then click Edit Settings Form to return to the Engine
Configuration page.
5 In a terminal window, restart the Sync Engine to put the new database maintenance setting into
effect.
rcdatasync_syncengine restart
) to display the Engine
tags:
22 Novell Data Synchronizer Administration Guide

3.3 Monitoring the Sync Engine

You can assess the functioning of the Sync Engine by checking statistics for events, caching, and attachments.
1 In Synchronizer Web Admin, click (Monitoring) in the Actions column for the Sync Engine
default
(
) to display the Engine Monitoring Data page.
novdocx (en) 16 April 2010
2 Review the monitoring data in the Event Statistics section.
Events are actions that users take on items that are being synchronized. A single item can have multiple events associated with it.
Statistic Description
query.name The name of the Sync Engine query that is returning the
statistics (
query.timestamp The date and time when the statistics were gathered. Refresh
your browser window to refresh the statistics.
engine.events.in.count The number of events that the Sync Engine has received from
connectors.
engine.events.in.success.count The number of events that the Sync Engine has received and
has successfully stored in its cache for transfer to connectors.
engine.events.in.failure.count The number of events that the Sync Engine has received but has
not stored in its cache. Events are not stored when there is an error associated with the event, so that it cannot be successfully processed, or because the event is associated with a user that has not yet been added to any connectors.
getEventsStats
).
Managing Your Synchronizer System 23
Statistic Description
engine.events.in.status.count The total number of status events that the Sync Engine has
received from connectors. Status events inform the Sync Engine whether an event was received, dropped, or ignored by a connector. A connector drops an event when the event does not pertain to any users on the connector. A connector ignores an event when
events.in.status.success.count The number of status events received by the Sync Engine that
indicate that the events were successfully processed by a connector, so that the Sync Engine does not need to resend those events.
engine.events.in.dq.count The number of direct queries received by the Sync Engine.
engine.events.out.count The total number of events that the Sync Engine has sent out to
connectors.
engine.events.out.success.count The number of events that the Sync Engine sent successfully to
connectors.
engine.events.out.dq.count The number of direct queries sent out to connectors
novdocx (en) 16 April 2010
3 Review the monitoring data in the Cache Statistics section.
The Sync Engine caches events until they have been successfully synchronized to all connectors that need the events.
Statistic Description
query.name The name of the Sync Engine query that is returning the statistics
(
getCacheStats
query.timestamp The date and time when the statistics were gathered. Refresh your
browser window to refresh the statistics.
engine.cache.count
engine.objects.count
engine.folders.count
engine.cache.pending.count
).
4 Review the monitoring data in the Attachment Statistics section.
Many different types of files can be attached to items. Some types and sizes of attachments are synchronized between applications and some are not, depending on how each connector is configured.
24 Novell Data Synchronizer Administration Guide
Statistic Description
query.name The name of the Sync Engine query that is returning the statistics
getAttachmentsStats
(
query.timestamp The date and time when the statistics were gathered. Refresh your
browser window to refresh the statistics.
engine.cache.count
engine.attachments.count
engine.filestore.count
).
5 When you are finished viewing the engine monitoring data, click Home in the menu bar to
return to the main Synchronizer Web Admin page.

3.4 Working with Synchronizer Log Files

Section 3.4.1, “Log File Overview,” on page 25
Section 3.4.2, “Sync Engine Log File,” on page 26
novdocx (en) 16 April 2010
Section 3.4.3, “Config Engine Log File,” on page 26
Section 3.4.4, “Web Admin Log File,” on page 26
Section 3.4.5, “Connector Manager Log File,” on page 26
Section 3.4.6, “Per-User Log Files,” on page 27
Section 3.4.7, “Flatfile Connector Troubleshooting,” on page 27
Section 3.4.8, “Collect Logs Tool,” on page 29

3.4.1 Log File Overview

The Synchronizer services generate a set of log files that are created in subdirectories under the following directory:
/var/log/datasync
The log file subdirectories and filenames are:
Synchronizer Component Log File Subdirectory Log Filename
Sync Engine
Config Engine
Web Admin
syncengine engine.log
configengine configengine.log
webadmin server.log
Connector Manager
Connectors
syncengine connectorManager.log
connectors default.pipeline1.connector_name-
AppInterface.log
default.pipeline1.connector_name.log
Managing Your Synchronizer System 25
Use the following command to check the most recent additions to a log file:
tail -f log_file_name.log
Three of the Synchronizer log files are automatically compressed and are rotated when they reach 4 MB in size. After 99 files have accumulated, the oldest log file is deleted when a new log file is created. Log rotation is controlled by the following files:
/etc/logrotate.d/datasync-syncengine /etc/logrotate.d/datasync-configengine /etc/logrotate.d/webadmin
novdocx (en) 16 April 2010
For more information, see the Linux
blcmdl8_logrota.htm) command.
logrotate
(http://linux.about.com/od/commands/l/

3.4.2 Sync Engine Log File

The Sync Engine log file ( transfer from connector to connector. It logs problems with the physical connection to each connector and with communication between connectors. It also logs problems with the event XML files.
engine.log
) reports on events that pass through the Sync Engine as they

3.4.3 Config Engine Log File

The Config Engine log file ( Synchronizer Web Admin and on any effects of those changes on the connections between the Sync Engine and connectors. It also logs issues with starting and stopping connectors and tracks the poll cycle for changes in LDAP groups.
configengine.log
) reports on configuration setting changes made in

3.4.4 Web Admin Log File

The Web Admin log file ( interface. Typically, you would not see problems here unless you edited the XML source for one of the Configuration pages and introduced invalid XML. If a Configuration page does not display correctly after you edit the XML source, you can check this log file for help resolving the problem with the XML.
server.log
) reports problems with the Synchronizer Web Admin

3.4.5 Connector Manager Log File

The Connector Manager log file ( connector with the configuration provided on the connector’s Configuration page.
The Connector Manager starts one Python thread for itself and an additional Python thread for each connector that it manages. When you list Connector Manager threads or Python threads in a terminal window, you cannot tell which Python thread is associated with the Connector Manager and which Python thread is associated with each connector. The Connector Manager log file lists each component and the PID number associated with each one. This can be very useful for troubleshooting.
26 Novell Data Synchronizer Administration Guide
connectorManager.log
) reports problems with loading a

3.4.6 Per-User Log Files

novdocx (en) 16 April 2010
Per-user log files ( having. Per-user logging is disabled by default. To enable it, see Section 3.2.3, “Enabling Per-User
Logging,” on page 21.
user_distinguished_name.log
) report on problems that a specific user is

3.4.7 Flatfile Connector Troubleshooting

When data does not synchronize as expected, it can be challenging to determine which component in your Synchronizer system is the source of the problem.You can set up a Flatfile Connector to capture the data files that contain data from one application to see how that data is flowing through your Synchronizer system. For example, if data is not synchronizing successfully between GroupWise and a user’s mobile device, you can set up a Flatfile Connector to determine where the problem lies.
“Adding a Flatfile Connector” on page 27
“Troubleshooting Data Flow with the Flatfile Connector” on page 28
Adding a Flatfile Connector
1 In Synchronizer Web Admin, click Add Connector.
2 Specify a name for the Flatfile Connector, then click Add Connector.
The Connector Type field defaults to
flatfile
.
3 Click the Flatfile Connector to display the Connector Configuration page.
Managing Your Synchronizer System 27
novdocx (en) 16 April 2010
Note that the Flatfile Connector stores data files received from other connectors in the
inbound
directory and files that it sends to other connectors in the
By default, it scans its
inbound
and
outbound
directories every 20 seconds.
/tmp/outbound
4 Click Users, then add the user who is having synchronization problems to the Flatfile
Connector.
5 Return to the main Synchronizer Web Admin page, then start the Flatfile Connector.
This creates the
/tmp/inbound
and
/tmp/outbound
directories.
Troubleshooting Data Flow with the Flatfile Connector
1 Have the user with the synchronization problem send a message from GroupWise.
2 On the Synchronizer server, change to the
If the data file for the message has been received by the Flatfile Connector, the
outbound
default-pipeline1-groupwise-source-soapbridge-alphanumeric_string
directory contains a file named similar to the following example:
/tmp/inbound
directory.
/tmp/
The existence of this file shows that the data passed from GroupWise, through the GroupWise Connector, through the Sync Engine, and to the Flatfile Connector. This indicates that the same data should also have been received the Mobility Connector. If the data does not arrive on the mobile device, it shows that the problem resides in the Mobility Connector.
If a data file does not appear in the
/tmp/outbound
directory, it indicates that the failure occurred in the GroupWise Connector or the Sync Engine, meaning that the Mobility Connector never received the data.
3 Have the user with the synchronization problem send a message from the mobile device.
4 Again, check the
/tmp/outbound
directory to determine whether the data file successfully passed from the mobile device, through the Mobility Connector, through the Sync Engine, and to the Flatfile Connector.
/tmp/
directory.
28 Novell Data Synchronizer Administration Guide
By using the Flatfile Connector, you can determine which log files are most likely to provide useful data for resolving the problem.

3.4.8 Collect Logs Tool

As shown in the Section 3.4.1, “Log File Overview,” on page 25, Synchronizer log files are created in a variety of directories. The Collect Logs tool collects the most recent log files into a for convenience when submitting log files to Support. You can collect all log files:
default.pipeline1.groupwise-AppInterface.log
default.pipeline1.groupwise.log
default.pipeline1.mobility-AppInterface.log
default.pipeline1.mobility.log
engine.log
configengine.log
connectorManager.log
PySQLPool.Query.log
.tar.gz
file
novdocx (en) 16 April 2010
Or you can collect just the first five files in the list. The files are collected into a file named
datasync_logs_yyyy-mm-ddThh.mm.ss.tar.gz
.
To run the Collect Logs tool:
1 In a terminal window, become the
root
user.
2 Change to the following directory:
/opt/novell/datasync/tools
3 Run the following command:
python CollectLogs.pyc
4 Enter
yes
if you want to collect all log files.
or
Enter no if you want only the five most useful log files.
5 Enter
6 Enter
1
for the GroupWise Connector.
1
for the Mobility Connector.
The collected logs are listed in the terminal window. A
manifest.txt
which lists the files that have been included in the resulting
.tar.gz
file is also created,
file.
When you submit the set of log files to Support, you also need to provide a GroupWise message ID of a message that has failed to synchronize, so that Support can use the Trace Log tool
traceLog.pyc
(
) to trace the problem message. The output of the Trace Log tool includes the
following sections to help Support diagnose the problem:
Starting from GroupWise... ===================================
From GroupWise Connector into Engine... =======================================
Inside Engine...
Managing Your Synchronizer System 29
================
From Engine to Mobility Connector... ====================================
From Mobility Connector to Device... ====================================
Each section lists the message pertaining to the problem message for that segment of the synchronization process, enabling Support to pinpoint the source of the synchronization problem.

3.5 Changing the Synchronizer Database Password

novdocx (en) 16 April 2010
To change the Synchronizer database password, you must change the password for in three places:
PostgreSQL (command on the command line)
Sync Engine (setting in Synchronizer Web Admin)
Config Engine (setting in a configuration file)
1 Reset the password for the PostgreSQL database:
1a In a terminal window on the Synchronizer server, log in as the
root
user.
1b Enter the following command:
psql --user datasync_user datasync
1c Enter the current password for the Synchronizer database.
1d Enter the following command at the
ALTER USER datasync_user WITH PASSWORD 'password';
Replace
1e Enter
password
/q
to quit.
with the new password for the Synchronizer database.
datasync>
prompt:
2 Reconfigure the Sync Engine to use the new password:
2a In Synchronizer Web Admin, click the Sync Engine.
2b In the Password field in the Database Settings box, specify the new Synchronizer
database password.
2c Click Save Database Settings.
datasync_user
3 Reconfigure the Config Engine to use the new password:
3a In the terminal window used for Step 1, change to the following directory:
/etc/datasync/configengine
3b Edit the
3c In the
between the
3d Save the
configengine.xml
<database>
configengine.xml
section, replace the existing database password with the new password
<password>
tags.
4 Restart the Synchronizer services:
30 Novell Data Synchronizer Administration Guide
file in a text editor.
file, then exit the text editor.
rcdatasync restart
5 (Conditional) If you want to change the Mobility Connector database password to match the
Synchronizer database password, follow the instructions in “Changing the Mobility Connector
Database Password” in “Mobility Connector Configuration” in the Groupwise Connector
Installation and Configuration Guide.
novdocx (en) 16 April 2010
Managing Your Synchronizer System 31
novdocx (en) 16 April 2010
32 Novell Data Synchronizer Administration Guide
4

Managing Connectors

For an overview of general Data Synchronizer connector functionality, see:
Connectors” in “Data Synchronizer Product Overview” in the Novell Data Synchronizer
Mobility Pack Installation Guide
Connectors” in “Data Synchronizer Product Overview” in the Novell Data Synchronizer
Installation Guide
Connector-specific information is located in the Installation and Configuration Guide (http://
www.novell.com/documentation/datasync_connectors1) for each connector. This section provides
connector management information that is common to all connectors.
Section 4.1, “Managing User Profiles,” on page 33
Section 4.2, “Managing Users,” on page 34
Section 4.3, “Managing Groups,” on page 38
novdocx (en) 16 April 2010
4
Section 4.4, “Auditing User Synchronization Activity,” on page 39
Section 4.5, “Customizing General Connector Configuration Settings,” on page 39
Section 4.6, “Customizing Connector-Specific Configuration Settings,” on page 42

4.1 Managing User Profiles

User profiles enable you to set customized synchronization options for users and groups before you add the users and groups to connectors.
Section 4.1.1, “Adding a User Profile,” on page 33
Section 4.1.2, “Deleting a User Profile,” on page 34

4.1.1 Adding a User Profile

1 In Synchronizer Web Admin, click the connector to add the profile to, then click Profiles.
2 Click Add New Profile to display the Edit User Profile page.
The synchronization settings vary depending on the selected connector. They are the same settings that users see when they access the Data Synchronizer User Options page. For connector-specific options, see the Quick Start on the Novell Data Synchronizer
Documentation Web site (http://www.novell.com/documentation/datasync_connectors1) for
the connector where you are adding the user profile.
3 In the Name field, specify a unique and descriptive name for the new user profile.
A profile name can include letters, numbers, dashes (-), and underscores (_).
Managing Connectors
33
4 Select and deselect synchronization options for the new user profile, then click Save.
The user profile is immediately added to the connector, so that you can select it as you add users and groups to the connector.

4.1.2 Deleting a User Profile

1 In Synchronizer Web Admin, click the connector where you want to delete the user profile,
then click Profiles.
2 In the Manage Profiles list, click for the profile to delete, then click Yes to confirm the
deletion.

4.2 Managing Users

Section 4.2.1, “Changing a User’s Application Name,” on page 34
Section 4.2.2, “Adding a User to a Connector in Synchronizer Web Admin,” on page 35
Section 4.2.3, “Adding a User to a Connector through an LDAP Group,” on page 36
Section 4.2.4, “Customizing a User’s Synchronization Settings,” on page 36
novdocx (en) 16 April 2010
Section 4.2.5, “Deleting a User from a Connector,” on page 37

4.2.1 Changing a User’s Application Name

When users are added to your Synchronizer system during Mobility Pack installation, users are added using their LDAP usernames. If LDAP usernames are not the same as GroupWise user IDs in your GroupWise system, you must set application names for users in order to map their LDAP usernames to their GroupWise user IDs. This task must be done after the users have been added to your Synchronizer system, but before initial synchronization takes place.
1 In Synchronizer Web Admin, click the connector, then click Manage Users.
The Manage Users page lists the users that have already been added to the connector.
2 Click each username in the Application Username column, type the GroupWise user ID in the
text box, then press Enter.
3 Click Home, then restart the connector where you modified the users’ application names.
34 Novell Data Synchronizer Administration Guide

4.2.2 Adding a User to a Connector in Synchronizer Web Admin

During installation of the Mobility Pack, you specified one LDAP user container and added users from that container. After installation, you might have configured Synchronizer Web Admin to search additional LDAP containers for users, as described in Section 3.1.1, “Searching Multiple
LDAP Contexts for Users and Groups,” on page 15. Now you can add users to a connector from any
LDAP container that Synchronizer Web Admin has been configured to search.
If you are adding the user to the GroupWise Connector and the Mobility Connector, add the user to the GroupWise Connector first.
1 In Synchronizer Web Admin, click the connector to add the user to, then click Manage Users.
novdocx (en) 16 April 2010
The Manage Users page lists the users that have already been added to the connector.
2 Click Add Users to Connector.
3 Click Search to list the users in LDAP containers that Synchronizer Web Admin has been
configured to search.
You can configure Synchronizer Web Admin to search additional containers for users, as described in Section 3.1.1, “Searching Multiple LDAP Contexts for Users and Groups,” on
page 15.
or
In the Search Users field, type the first or last name of a specific user, then click Search.
Managing Connectors 35
4 Select the user to add to the connector.
5 (Conditional) If the user’s username in the application is not the same as the user’s network
login, in the Application Username column, click Click to set, then enter the user’s application username in the text box.
Synchronizer uses application usernames to match up users who have different usernames in various synchronized applications.
6 (Conditional) If you want to apply a user profile to the user, select the profile in the Apply
Profiles drop-down list.
novdocx (en) 16 April 2010
For more information, see Section 4.1, “Managing User Profiles,” on page 33.
7 Click Add to add the user to the connector.
The user is immediately added to the connector.
8 Add the user to additional connectors to meet the user’s data synchronization needs.

4.2.3 Adding a User to a Connector through an LDAP Group

As an alternative to adding users in Synchronizer Web Admin, you can add users to any LDAP groups that have already been added to a connector. Users who are added to LDAP groups are added to the Synchronizer system based on the LDAP Group Membership Polling Rate setting, as described in Section 3.1.3, “Adjusting the Synchronizer Web Admin Polling Rate for Groups,” on
page 17.

4.2.4 Customizing a User’s Synchronization Settings

By default, all of a user’s available address books are synchronized, along with all of the item types supported for each connector. If necessary, you can limit the amount of data that is synchronized for a user.
1 In Synchronizer Web Admin, click the connector where you want to change user
synchronization settings, then click Manage Users.
36 Novell Data Synchronizer Administration Guide
2 Click to edit the user’s synchronization settings.
The synchronization settings vary depending on the selected connector. They are the same settings that users see when they access the Data Synchronizer User Options page. For connector-specific options, see the Quick Start on the Novell Synchronizer Connectors
Documentation Web site (http://www.novell.com/documentation/datasync_connectors1) for
the connector where you are editing user settings.
3 Select and deselect options as needed to customize the user’s data synchronization, then click
Save.
The user’s synchronization settings are immediately changed.
novdocx (en) 16 April 2010

4.2.5 Deleting a User from a Connector

1 (Conditional) If the user was added to the connector as an individual user:
1a In Synchronizer Web Admin, click the connector where you want to delete the user, then
click Manage Users.
1b In the Manage Users list, click for the user to delete, then click Yes to confirm the
deletion.
1c Repeat the process for each connector where you want to delete the user.
2 (Conditional) If the user was added to the connector as a member of an LDAP group, delete the
user from the LDAP group in your LDAP directory.
For example, you can use ConsoleOne or iManager to delete the user from the LDAP group in eDirectory.
The user is removed from the group, and therefore from all connectors where that group is assigned, according to the group polling rate, as described in Section 3.1.3, “Adjusting the
Synchronizer Web Admin Polling Rate for Groups,” on page 17. If you do not want to wait for
the polling cycle to pass, you can temporarily set the polling rate to a short period of time or you can restart the connector.
Managing Connectors 37

4.3 Managing Groups

During installation of the Mobility Pack, you specified one LDAP group container and added groups from that container. After installation, you might have configured Synchronizer Web Admin to search additional LDAP containers for groups, as described in Section 3.1.1, “Searching Multiple
LDAP Contexts for Users and Groups,” on page 15. Now you can add groups to a connector from
any LDAP container that Synchronizer Web Admin has been configured to search.
Section 4.3.1, “Adding a Group to a Connector,” on page 38
Section 4.3.2, “Deleting a Group,” on page 39

4.3.1 Adding a Group to a Connector

If you are adding the group to the GroupWise Connector and the Mobility Connector, add the user to the GroupWise Connector first.
1 In Synchronizer Web Admin, click the connector, then click Groups.
novdocx (en) 16 April 2010
2 Click Add Groups to Connector.
3 Click Search to list the groups in LDAP containers that Synchronizer Web Admin has been
configured to search.
You can configure Synchronizer Web Admin to search additional containers for groups, as described in Section 3.1.1, “Searching Multiple LDAP Contexts for Users and Groups,” on
page 15.
or
In the Search Groups field, type part of the group name, then click Search.
4 Select the group to add to the connector.
38 Novell Data Synchronizer Administration Guide
5 (Conditional) If you want to apply a user profile to the group of users, select the profile in the
Apply Profiles drop-down list.
For more information, see Section 4.1, “Managing User Profiles,” on page 33.
6 Click Add to add the group to the connector.
The group is immediately added to the connector.
7 Add the group to additional connectors to meet the data synchronization needs of the user in the
group.

4.3.2 Deleting a Group

1 In Synchronizer Web Admin, click the connector where you want to delete the group, then
click Groups.
2 In the Manage Groups list, click for the group to delete, then click Yes to confirm the
deletion.
3 Repeat the process for each connector where you want to delete the group.
novdocx (en) 16 April 2010

4.4 Auditing User Synchronization Activity

As your Synchronizer system grows and evolves, you might add a large number of users and groups. As time passes, some users might not need the same synchronization services as when you originally set up your Synchronizer system.
You can check user activity in your Synchronizer system by performing a user audit. You can perform the audit on a specific connector or on your Synchronizer system
1 In Synchronizer Web Admin, click (Global Audit) to list all users in your Synchronizer
system.
or
Click a specific connector, then click Audit Users to list all users that have been added to the selected connector.
The resulting list provides the type (user or group), the distinguished name of each user or group, and application username for users, and the date and time of the most recent activity for each user.
2 To save the listed data for use in a spreadsheet:
2a Click Export CSV.
2b Select
2c Browse to and select the directory where you want to save the file.
2d (Optional) Change the filename as needed.
2e Click Save to save the audit report in CSV format for use in a spreadsheet program.
Save File
, then click OK.

4.5 Customizing General Connector Configuration Settings

Some connector configuration settings are the same for all connectors.
Section 4.5.1, “Controlling Connector Startup,” on page 40
Managing Connectors 39
Section 4.5.2, “Configuring Connector Filters,” on page 40
Section 4.5.3, “Controlling Connector Logging,” on page 41

4.5.1 Controlling Connector Startup

By default, connectors must be started manually whenever you restart the Synchronizer services. For convenience, you can configure connectors to start automatically whenever you restart the Synchronizer services.
1 In Synchronizer Web Admin, click the connector that you want to change the startup setting
for.
2 (Conditional) If necessary for the selected connector, scroll down to the Connector Startup
section.
novdocx (en) 16 April 2010
3 Select Automatic so that the connector starts automatically whenever you restart the
Synchronizer services.
4 Click Save Connector Startup.
5 Click Home on the menu bar to return to the main Synchronizer Web Admin page.
6 In the Actions column for the selected connector, click to stop the connector, then click
to start the connector with the new startup setting.

4.5.2 Configuring Connector Filters

The connector filters are the mechanism by which data formatted for one application is transformed into application-neutral format for processing by the Sync Engine, then customized for use by a different connector. The default filters are appropriate for typical Synchronizer systems, but they can be edited if necessary.
1 In Synchronizer Web Admin, click the connector that you want to edit the filters for.
2 (Conditional) If necessary for the selected connector, scroll down to the Filters section.
40 Novell Data Synchronizer Administration Guide
3 Click (Edit Filter) for the filter that you want to modify to open the XSLT file for the filter.
4 Edit the XSLT file as needed to change the behavior of the filter, then click Save XML to save
the modified filter file.
Modifying filters requires developer-level knowledge of XSLT and is beyond the scope of the Novell Data Synchronizer Administration Guide.
5 Click Home on the menu bar to return to the main Synchronizer Web Admin page.
6 In the Actions column for the selected connector, click to stop the connector, then click
to start the connector with the modified filter.

4.5.3 Controlling Connector Logging

Each connector writes useful information to two log files, the connector application interface log file and the connector pipeline log file. You can control the amount of information that is written to the connector log files.
“Selecting a Log Level” on page 41
“Using the Connector Application Interface Log File” on page 42
“Using the Connector Pipeline Log File” on page 42
novdocx (en) 16 April 2010
Selecting a Log Level
1 In Synchronizer Web Admin, click the connector in the Manage Connectors section, then
scroll to the Logging section
2 Select a log level.
Debug: Logs large quantities of developer-level data. This log level is appropriate for
troubleshooting purposes. It puts a heavy load on the connector and should be used only until the troubleshooting activities are completed.
Info: Logs informational messages about normal connector processing. This log level is
suitable for a Synchronizer administrator who wants to observe the functioning of the connector. However, it puts a heaver load on the connector than the Warning and Error log levels.
War ni ng: Logs problems that should not adversely affect connector processing but
should be investigated and resolved for optimum performance. This log level is appropriate for a smoothly running connector where you only want to be notified of warnings and errors.
Error: Logs error messages that indicate critical errors in connector processing. This log
level puts the least load on the connector because it logs only critical errors.
3 (Optional) Select Ve r bo s e .
You can select Ve r bose for any log level. Selecting Ve rb o s e adds event data to the messages regularly logged at the selected log level.
Managing Connectors 41
4 (Optional) Select Log Failed Events to Disk.
You can select Log Failed Events to Disk for any log level. Logging failed events to disk saves failed events (typically as XML files) in the following directory:
/var/lib/datasync/errors
Each event file is named using the event ID for the failed event, so that you can correlate messages about specific events with their associated event files. Information about failed events is helpful when you need to contact Support for assistance.
5 In the File field, specify the name of the log file that you want to set the log level for.
By default, the log level is set for the connector pipeline log file (
default.pipeline1.connector_name.log
6 Click Save Log Settings.
7 Click Home on the menu bar to return to the main Synchronizer Web Admin page.
8 In the Actions column for the selected connector, click to stop the connector, then click
to start the connector with the selected logging level.
Using the Connector Application Interface Log File
).
novdocx (en) 16 April 2010
The connector application interface log file for each connector (
default.pipeline1.connector_name-AppInterface.log
during event processing by the connector.
Using the Connector Pipeline Log File
The connector pipeline log file for each connector ( reports on problems with the event XML files that transfer back and forth between the Sync Engine and the connector. It logs the results as events pass through filters and transformations.
default.pipeline1.connector_name.log
) reports on problems that occur
)

4.6 Customizing Connector-Specific Configuration Settings

Connector-specific settings are described in each connector Installation and Configuration Guide.
GroupWise Connector Configuration” in the Groupwise Connector Installation and
Configuration Guide
Mobility Connector Configuration” in the Mobility Connector Installation and Configuration
Guide
Salesforce.com Connector Configuration” in the Salesforce.comConnector Installation and
Configuration Guide
SharePoint Connector Configuration” in the SharePoint Connector Installation and
Configuration Guide
SugarCRM Connector Configuration” in the SugarCRM Connector Installation and
Configuration Guide
42 Novell Data Synchronizer Administration Guide
5
Securing Your Synchronizer
novdocx (en) 16 April 2010
System
Section 5.1, “Security Administration,” on page 43
Section 5.2, “Security Policies,” on page 46

5.1 Security Administration

Section 5.1.1, “Securing Communication with the LDAP Server,” on page 43
Section 5.1.2, “Securing Communication between the GroupWise Connector and the
GroupWise POA,” on page 43
Section 5.1.3, “Securing Communication between the Mobility Connector and Mobile
Devices,” on page 43
Section 5.1.4, “Selecting a Specific Version of SSL,” on page 46

5.1.1 Securing Communication with the LDAP Server

If your GroupWise system is configured to use LDAP authentication when users access their GroupWise mailboxes, then your LDAP server is already set up for a secure SSL LDAP connection with your Synchronizer system. If you are not yet using LDAP authentication in your GroupWise system, but you want to use secure LDAP for communication with your Synchronizer system, the GroupWise documentation provides information to help you set this up. See “Trusted Root
Certificates and LDAP Authentication” in “Security Administration” in the GroupWise 8
Administration Guide.
5
You can enable and disable SSL for the LDAP connection on the Global Settings page in Synchronizer Web Admin.

5.1.2 Securing Communication between the GroupWise Connector and the GroupWise POA

The GroupWise Connector communicates with the GroupWise POA as a SOAP client. In order to secure communication between the GroupWise Connector and the GroupWise POA, the POA must be configured for secure SSL SOAP, as described in “Supporting SOAP Clients” in “Post Office
Agent” in the GroupWise 8 Administration Guide.
You can enable and disable SSL for the SOAP connection on the GroupWise Connector Configuration page in Synchronizer Web Admin. In the GroupWise POA SOAP URL field, use
https
for a non-secure connection and
for a secure SSL connection.
http

5.1.3 Securing Communication between the Mobility Connector and Mobile Devices

“Working with Self-Signed Certificates” on page 44

Securing Your Synchronizer System

43
“Obtaining a Commercially Signed Certificate” on page 45
“Replacing a Self-Signed Certificate with a Commercially Signed Certificate” on page 45
“Enabling and Disabling SSL for Device Connections” on page 46
For issues with specific types of certificates, see Data Synchronizer Mobility Connector SSL Issues
(http://wiki.novell.com/index.php/Data_Synchronizer_Mobility_Connector_SSL_Issues).
For SSL issues with specific types of devices, see Data Synchronizer Mobility Connector Devices
(http://wiki.novell.com/index.php/Data_Synchronizer_Mobility_Connector_Devices).
Working with Self-Signed Certificates
If you want to use a secure SSL connection between the Mobility Connector and mobile devices, but you do not yet have a commercially signed certificate, the Mobility Pack Installation program can create one for you. It installs the self-signed certificate in several directories for use with several Synchronizer components:
/var/lib/datasync/device/webadmin/server.pem /var/lib/datasync/device/mobility.pem /var/lib/datasync/device/syncengine/connectors.pem /var/lib/datasync/device/syncengine/remoteManagement.pem /var/lib/datasync/device/configengine/soapserver.pem
novdocx (en) 16 April 2010
When you use the self-signed certificate with Synchronizer Web admin, your browser prompts you for confirmation to accept the self-signed certificate.
When you use the self-signed certificate for mobile devices, users need to download the self-signed certificate to their mobile devices. Some mobile devices are more tolerant of self-signed certificates than others. If you choose to use a self-signed certificate, you must explain the following procedure to your users.
To download a self-signed certificate to your mobile device:
1 Access the Data Synchronizer User Options page on your mobile device at the following URL:
https://data_synchronizer_server:8120
Replace
data_synchronizer_server
with the IP address or DNS hostname of the
Synchronizer server.
2 Log in using your network username and password.
3 Click the Mobility Connector.
4 Click (Download certificate file).
5 Save the
This process converts the
mobility.cer
file to a convenient location on your mobile device.
mobility.pem
file created during installation into a format
compatible with most mobile devices.
6 Import the certificate file into the certificate store on your mobile device.
For device-specific instructions, see the Novell Data Synchronizer Mobility Connector Wiki
(http://wiki.novell.com/index.php/Data_Synchronizer_Mobility_Connector).
7 (Conditional) If you are not able to access the Data Synchronizer User Options page from your
particular mobile device:
7a Access the Data Synchronizer User Options page in a Web browser on your Linux or
Windows desktop.
44 Novell Data Synchronizer Administration Guide
novdocx (en) 16 April 2010
7b Save the
7c Set up an IMAP e-mail account on your mobile device, then e-mail the
mobility.cer
file on your Linux or Windows workstation.
mobility.cer
file from your workstation to your mobile device.
or
Physically connect your mobile device to your workstation so that it appears as a drive on your workstation, then copy the
mobility.cer
file from your workstation to your device.
8 Import the certificate file into the certificate store on your mobile device.
Obtaining a Commercially Signed Certificate
Choose a certificate authority (CA) from the many available on the Web and request a certificate in PEM format. You need to send the certificate authorities a Certificate Signing Request (CSR). One way to generate a CSR is to use the GWSCRGEN Utility, as described in “Generating a Certificate
Signing Request” in “Security Administration” in the GroupWise 8 Administration Guide.
If you receive more than one file from the certificate authority, such as a certificate file and a key file, you must combine the contents into a single file with the following format:
-----BEGIN RSA PRIVATE KEY-----
several_lines_of_private_key_text
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
several_lines_of_server_certificate_text
-----END CERTIFICATE-----
If the certificate authority provided an intermediate certificate, place it at the end of the file after the private key and the actual certificate.
Replacing a Self-Signed Certificate with a Commercially Signed Certificate
When you choose to use a self-signed certificate during Mobility Pack installation, the Installation program creates the following file for use with devices:
/var/lib/datasync/device/mobility.pem
To start using your commercially signed certificate:
1 Back up the existing
2 Copy the certificate file received the certificate authority to
3 Rename it to
mobility.pem
mobility.pem
.
file
/var/lib/datasync/device
.
4 Restart the Mobility Connector.
Commercially signed certificates should be automatically accepted by most mobile devices.
5 (Conditional) If your particular mobile device does not automatically accept the commercially
signed certificate, follow the instructions in “Working with Self-Signed Certificates” on
page 44 to configure your mobile device to use the certificate.
6 To use the same commercially signed certificate for Synchronizer Web Admin:
6a Change to the following directory:
/var/lib/datasync/device/webadmin/server.pem
6b Back up the existing
server.pem
file
Securing Your Synchronizer System 45
novdocx (en) 16 April 2010
6c Copy the certificate file received the certificate authority to
webadmin
6d Rename it to
.
server.pem
.
/var/lib/datasync/
6e Restart the WebAdmin service.
The other self-signed certificates that are created during installation are used for internal communication between Synchronizer services. You can replace these self-signed certificate files with the commercially signed certificate, but you do not see any difference in Synchronizer functionality.
IMPORTANT: If you uninstall the Synchronizer software, the certificate files associated with your Synchronizer system are also deleted. Back up commercially signed certificates in a location outside of
/var/lib/datasync
if you need to uninstall the Synchronizer software.
Enabling and Disabling SSL for Device Connections
You can enable and disable SSL for device connections on the Mobility Connector Configuration page in Synchronizer Web Admin.

5.1.4 Selecting a Specific Version of SSL

You can enable and disable different versions of SSL protocols and also specify the cipher to use with the desired protocol.
1 In Synchronizer Web Admin, click the Mobility Connector to display the Mobility Connector
Configuration page, then click Edit XML Source to display the Connector XML Source window.
2 Add the following tags between the
<sslMethod> value </sslmethod> <sslCiphers> list </sslCiphers>
3 Replace
SSLv2 = 1 SSLv3 = 2 TLSv1 = 4 All of the above = 3
value
with any of the following:
<custom>
and
</custom>
tags:
4 In a terminal window, use the following command to determine the ciphers that are available on
your system:
openssl ciphers -ssl3
5 In the Connector XML Source window, replace
openssl
command.
list
with the desired values as provided by the
6 Click Save XML to save your changes, then click Home to return to the main Synchronizer Web
Admin page.
7 Restart the Mobility Connector to put the desired SSL protocols into effect.

5.2 Security Policies

Section 5.2.1, “Securing Your Synchronizer Data,” on page 47
Section 5.2.2, “Securing Your Synchronizer System,” on page 47
46 Novell Data Synchronizer Administration Guide

5.2.1 Securing Your Synchronizer Data

“Limiting Physical Access to Synchronizer Servers” on page 47
“Securing File System Access” on page 47
Limiting Physical Access to Synchronizer Servers
Servers where Synchronizer data resides should be kept physically secure, where unauthorized persons cannot gain access to the server consoles.
Securing File System Access
Encrypted file systems should be used on all Synchronizer servers. Only Synchronizer administrators should have direct access to Synchronizer data.

5.2.2 Securing Your Synchronizer System

Setting Up SSL Connections
novdocx (en) 16 April 2010
Secure SSL connections should be used between your Synchronizer system and the following external components:
LDAP server
GroupWise Post Office Agent (POA)
Mobile devices
Browser connection for Synchronizer Web Admin
For instructions, see Section 5.1, “Security Administration,” on page 43.
Securing Synchronizer Web Admin
One Synchronizer administrator is established when you install the Data Synchronizer Mobility Pack. Additional users can be granted Synchronizer administrator rights, as described in
Section 3.1.2, “Setting Up Multiple Synchronizer Administrator Users,” on page 16, but this should
be done judiciously.
Protecting Synchronizer Configuration Files
The configuration files for all Synchronizer components should be protected from tampering. Configuration files are found in the following default locations:
Synchronizer Component Configuration File
Sync Engine
Web Admin
Config Engine
Connector Manager
/etc/datasync/syncengine/engine.xml
/etc/datasync/webadmin/server.xml
/etc/datasync/configengine/configengine.xml
/etc/datasync/syncengine/connectors.xml
Securing Your Synchronizer System 47
Protecting Synchronizer Log Files
The log files for all Synchronizer components should be protected against access by unauthorized persons. Some contain very detailed information about your Synchronizer system and users. Synchronizer log files are found in the following locations:
Synchronizer Component Log File
novdocx (en) 16 April 2010
Sync Engine
Web Admin
Config Engine
Connector Manager
Connectors
/var/log/datasync/syncengine/engine.log
/var/log/datasync/webadmin/server.log
/var/log/datasync/configengine/configengine.log
/var/log/datasync/syncengine/connector-manager.log
/var/log/datasync/connectors/
default.pipeline1.connector_name.log default.pipeline1.connector_name-AppInterface.log
48 Novell Data Synchronizer Administration Guide
A
Troubleshooting
“Synchronizer Web Admin cannot communicate with the LDAP server” on page 49
Synchronizer Web Admin cannot communicate with the LDAP server
Explanation: In order for Synchronizer Web Admin to list users to add to connectors, it must
be able to communicate with your LDAP server. If Synchronizer Web Admin cannot list users, it indicates that it cannot communicate with your LDAP server.
Possible Cause: A firewall is blocking communication between the Web Admin service and the
LDAP server.
Action: Make sure that communication through the firewall is allowed on port 636 for
a secure LDAP connection or port 389 for a non-secure LDAP connection.
Possible Cause: The LDAP server is not functioning correctly.
novdocx (en) 16 April 2010
A
Action: Reboot the LDAP server.
Troubleshooting
49
novdocx (en) 16 April 2010
50 Novell Data Synchronizer Administration Guide
Loading...