Novell IFOLDER 3 ADMINISTRATION GUIDE

Download

Novell iFolder 3.x Administration Guide

Novell

iFolder

novdocx (ENU) 01 February 2006

3.x

August 15, 2006

www.novell.com

ADMINISTRATION GUIDE

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2005-2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

novdocx (ENU) 01 February 2006

Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the online documentation for this and other Novell products, and to get

updates, see www.novell.com/documentation.

Novell Trademarks

For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/

legal/trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (ENU) 01 February 2006

Contents

About This Guide 11

1 Overview of Novell iFolder 3.x 13

1.1 Benefits of iFolder for the Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.1.1 Seamless Data Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

1.1.2 Data Safeguards and Data Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.1.3 Reliable Data Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

1.1.4 Productive Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.1.5 Cross-Platform Client Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.1.6 Scalable Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.1.7 Simple Data and Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.1.8 No Training Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.2 Benefits of iFolder for Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

1.3 Enterprise Server Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.4 Key Components of iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.4.1 iFolder Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.4.2 Novell iFolder 3 Plug-in to Novell iManager 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.4.3 iFolder Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.4.4 The iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.4.5 Shared iFolders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.4.6 iFolder Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

1.4.7 Account Setup for Enterprise Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.8 Access Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.9 File Synchronization and Data Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.10 Synchronization Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4.11 iFolder Client APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

novdocx (ENU) 01 February 2006

2What’s New 21

2.1 What’s New in Novell iFolder 3.2 (OES SP2 Linux). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.2 What’s New in Novell iFolder 3.1 (OES SP1 Linux). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.3 What’s New in Novell iFolder 3.0 (OES Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.4 Comparison of 2.1x and 3.x Server Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . 22

2.5 Comparison of 2.1x and 3.x Client Features and Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . 25

2.6 Comparison of 2.1x and 3.x Web Access Features and Capabilities . . . . . . . . . . . . . . . . . . . 28

3 Planning iFolder Services 31

3.1 Security Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.2 Server Workload Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.3 Naming Conventions for Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4 Admin User Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.5 iFolder User Account Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.5.1 Preventing the Propagation of Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.5.2 Provisioning User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.5.3 Setting Account Quotas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.6 iFolders Data and Synchronization Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.6.1 Naming Conventions for an iFolder and Its Folders and Files. . . . . . . . . . . . . . . . . . 36

3.6.2 Guidelines for File Types and Sizes to Be Synchronized . . . . . . . . . . . . . . . . . . . . . 36

3.7 Management Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.7.1 iFolder Configuration Plug-Ins for YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.7.2 Novell iFolder 3 Plug-In for Novell iManager 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.7.3 Web Access Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

4 Coexistence and Migration Issues 41

4.1 Coexistence of iFolder 3.x and 2.1x Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4.2 Coexistence of the iFolder Client with Novell iFolder 1.x and 2.x Clients. . . . . . . . . . . . . . . . . 42

4.3 Migrating from iFolder 2.1x to 3.x Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

4.4 Migrating User Files from an iFolder 2.1x to a 3.x Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5 Prerequisites and Guidelines 45

5.1 File System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5.2 Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5.2.1 Prerequisites for the Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

5.2.2 Install Guidelines When Using an NSS Volume to Store iFolder Data . . . . . . . . . . . 46

5.2.3 Install Guidelines When Using a Linux Traditional Volume to Store iFolder Data . . . 47

5.2.4 Install Guidelines for Other Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.2.5 Installing the OES Linux Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.3 Novell eDirectory 8.7.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.4 Novell iManager 2.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.5 Mono. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.6 Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

5.7 Web Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

novdocx (ENU) 01 February 2006

6 Installing and Configuring iFolder Services 51

6.1 Installing iFolder on an Existing OES Linux Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

6.2 Configuring the iFolder Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

6.3 Configuring the iFolder Web Access Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

6.4 Installing the Novell iFolder 3 Plug-In for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

6.4.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

6.4.2 Installing a Plug-In When RBS Is Not Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

6.4.3 Installing a Plug-In When RBS Is Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

6.5 Accessing iManager and the Novell iFolder 3 Plug-In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

6.6 Provisioning Users and iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.6.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.6.2 Configuring the Search DNs for Provisioning Users . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.6.3 Synchronizing the List of Provisioned Users with the LDAP Directory. . . . . . . . . . . . 62

6.7 Distributing the iFolder Client to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.7.1 Configuring the iFolder 3.x Welcome Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

6.7.2 Accessing the iFolder 3.x Welcome Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.3 Downloading the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.7.4 Installing the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.8 Updating Novell iFolder 3.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.9 Updating Mono for the Server and Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.10 Uninstalling the iFolder 3.x Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

6.11 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

7 Managing an iFolder Enterprise Server 67

7.1 Starting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6 Novell iFolder 3.x Administration Guide

7.2 Stopping iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

7.3 Restarting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

7.4 Managing the Simias Log and Simias Access Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

7.5 Backing Up the iFolder Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

7.6 Backing Up the iFolder Store with the TSAIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

7.6.1 Understanding TSAIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

7.6.2 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.6.3 iFolder Path Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

7.6.4 iFolder Path Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

7.6.5 SMSConfig Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

7.6.6 TSAIF and SMSConfig Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

7.6.7 NBackup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

7.6.8 TSAIF and NBackup Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

7.6.9 Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

7.7 Recovering from a Catastrophic Loss of the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . 77

7.8 Recovering Individual Files or Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

7.9 Moving iFolder Data from One iFolder Server to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

8 Managing iFolder Services 81

8.1 Accessing the Novell iFolder 3 Plug-In for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

8.2 Connecting to the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

8.3 Viewing General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

8.4 Configuring the LDAP Settings for an iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

8.4.1 Viewing the Current LDAP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

8.4.2 Modifying the iFolder LDAP Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

8.4.3 What to Do If the iFolder Admin User Is Deleted from LDAP . . . . . . . . . . . . . . . . . . 88

8.4.4 Securing Access to the iFolder Proxy User Password . . . . . . . . . . . . . . . . . . . . . . . 88

8.4.5 Modifying the iFolder Proxy User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

8.4.6 Synchronizing the iFolder User List with the LDAP Server . . . . . . . . . . . . . . . . . . . . 89

8.5 Configuring System Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

8.5.1 Viewing the Current System Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

8.5.2 Modifying iFolder System Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

8.6 Configuring iFolder Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

8.6.1 Understanding the iFolder Admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

8.6.2 Adding the iFolder Admin Right for a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

8.6.3 Removing the iFolder Admin Right for a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

8.7 Securing Enterprise Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

8.7.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

8.7.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . . 95

8.7.3 Configuring the Enterprise Server for SSL Communications with the LDAP Server . 95

8.7.4 Configuring the Enterprise Server for SSL Communications with the iFolder Client. 96

8.7.5 Configuring the Enterprise Server for SSL Communications with the Web Access

Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

8.7.6 Configuring an SSL Certificate for the Enterprise Server . . . . . . . . . . . . . . . . . . . . . 96

novdocx (ENU) 01 February 2006

9 Managing an iFolder Web Access Server 97

9.1 Starting iFolder Web Access Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

9.2 Stopping iFolder Web Access Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

9.3 Distributing the Web Access Server URL to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

9.4 Configuring the HTTP Runtime Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

9.5 Securing Web Access Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

9.5.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

9.5.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . . 99

9.5.3 Configuring the Web Access Server for SSL Communications with the Enterprise

Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

9.5.4 Configuring the Web Access Server for SSL Communications with Web Browsers 101

9.5.5 Configuring an SSL Certificate for the Web Access Server . . . . . . . . . . . . . . . . . . . 101

10 Managing iFolder Users 103

10.1 Provisioning Users for iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

10.2 Searching for a User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

10.3 Viewing General User Account Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4 Configuring User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4.1 Viewing the Current User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4.2 Modifying User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

10.5 Enabling and Disabling iFolder User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

10.6 Setting a User Account Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

11 Managing iFolders 109

11.1 Creating an iFolder for a User’s Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

11.1.1 Creating an iFolder from the iFolders Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

11.1.2 Creating an iFolder from the User Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

11.2 Searching for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

11.3 Viewing Information about an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

11.4 Configuring Policies for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

11.5 Sharing an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

11.5.1 Adding a Member. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

11.5.2 Setting the iFolder Access Right for a Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

11.5.3 Removing a Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

11.6 Deleting an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

11.7 Transferring Ownership of an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

11.8 Enabling and Disabling Synchronization for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

11.9 Managing Orphaned iFolders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

novdocx (ENU) 01 February 2006

A Configuration Files 117

A.1 Simias.config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

A.2 Web.config File for the Enterprise Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

A.3 Web.config File for the Web Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

B Clustering iFolder 3.x Servers with Novell Cluster Services for Linux 125

B.1 Prerequisites for Clustering iFolder 3.x Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

B.2 Installing Novell Cluster Services for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

B.3 Configuring iFolder 3.x Services on an NCS for Linux Cluster . . . . . . . . . . . . . . . . . . . . . . . . 126

B.4 Creating the iFolder 3.x Cluster Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

B.5 Managing the iFolder 3.x Cluster Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

B.6 Sample Load Scripts for iFolder 3.x Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

B.6.1 Linux Traditional File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

B.6.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

B.7 Sample Unload Scripts for iFolder 3.x Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

B.7.1 Linux Traditional File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

B.7.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

B.7.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

8 Novell iFolder 3.x Administration Guide

C Managing SSL Certificates for Apache 133

C.1 Generating an SSL Certificate for the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

C.2 Generating a Self-Signed SSL Certificate for Testing Purposes . . . . . . . . . . . . . . . . . . . . . . 134

C.3 Configuring Apache to Point to an SSL Certificate on an iFolder Server. . . . . . . . . . . . . . . . 135

C.4 Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder

Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

D Product History of iFolder 3 137

D.1 Version History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

D.2 Network Operating Systems Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

D.3 Directory Services Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

D.4 Workstation Operating Systems Support for the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . 138

D.5 Web Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

D.6 iFolder User Access Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

D.7 Management Tools Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

E Documentation Updates 141

novdocx (ENU) 01 February 2006

E.1 August 15, 2006. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

E.1.1 Installing and Configuring iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

E.1.2 Managing an iFolder Enterprise Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

E.1.3 Managing iFolders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

E.1.4 Clustering iFolder 3.x Servers with Novell Cluster Services for Linux. . . . . . . . . . . 142

E.1.5 Managing the SSL Certificate for the Apache Web Server . . . . . . . . . . . . . . . . . . . 143

E.1.6 Product History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

E.2 May 24, 2006 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

E.2.1 Prerequisites and Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

E.3 December 23, 2005 (Novell iFolder 3.2 for OES SP2 Linux). . . . . . . . . . . . . . . . . . . . . . . . . 143

E.3.1 What’s New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

E.3.2 Planning iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

E.3.3 Installing and Configuring iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

E.3.4 Managing iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

E.3.5 Managing iFolder Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

E.3.6 Managing iFolders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

E.3.7 Product History of iFolder 3.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

E.4 August 19, 2005 (Novell iFolder 3.1 for OES SP1 Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

E.4.1 What’s New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

E.4.2 Coexistence and Migration Issues for Novell iFolder 3.x. . . . . . . . . . . . . . . . . . . . . 146

E.4.3 Planning iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

E.4.4 Prerequisites and Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

E.4.5 Installing and Configuring iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

E.4.6 Managing an iFolder Enterprise Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

E.4.7 Managing iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

E.4.8 Clustering iFolder 3.x with Novell Cluster Services for Linux . . . . . . . . . . . . . . . . . 147

E.4.9 Managing SSL Certificates for Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

E.4.10 Product History of iFolder 3.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

novdocx (ENU) 01 February 2006

10 Novell iFolder 3.x Administration Guide

About This Guide

novdocx (ENU) 01 February 2006

This guide describes how to install, configure, and manage the Novell® iFolder® 3.x enterprise server, the iFolder 3.x Web Access server, and the iFolder following sections:

• Chapter 1, “Overview of Novell iFolder 3.x,” on page 13

• Chapter 2, “What’s New,” on page 21

• Chapter 3, “Planning iFolder Services,” on page 31

• Chapter 4, “Coexistence and Migration Issues,” on page 41

• Chapter 5, “Prerequisites and Guidelines,” on page 45

• Chapter 6, “Installing and Configuring iFolder Services,” on page 51

• Chapter 7, “Managing an iFolder Enterprise Server,” on page 67

• Chapter 8, “Managing iFolder Services,” on page 81

• Chapter 9, “Managing an iFolder Web Access Server,” on page 97

• Chapter 10, “Managing iFolder Users,” on page 103

• Chapter 11, “Managing iFolders,” on page 109

• Appendix A, “Configuration Files,” on page 117

• Appendix B, “Clustering iFolder 3.x Servers with Novell Cluster Services for Linux,” on

page 125

• Appendix C, “Managing SSL Certificates for Apache,” on page 133

Client. This guide is divided into the

• Appendix D, “Product History of iFolder 3,” on page 137

• Appendix E, “Documentation Updates,” on page 141

Audience

This guide is intended for system administrators.

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comment feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

For the most recent version of the Novell iFolder 3.x Administration Guide, visit the Novell iFolder

3.x documentation Web site (http://www.novell.com/documentation/ifolder3/index.html).

For emerging issues with Novell iFolder 3.x and the iFolder client, see the Novell iFolder 3.x

Readme (http://www.novell.com/documentation/ifolder3/readme/data/readme.html).

Additional Documentation

For information, see the following:

• Novell iFolder 3.x Security Administrator Guide (http://www.novell.com/documentation/

ifolder3/security/data/front.html)

• iFolder User Guide for Novell iFolder 3.x (http://www.novell.com/documentation/ifolder3/

user/data/front.html).

• Novell iFolder 3.x documentation (http://www.novell.com/documentation/ifolder3/index.html)

• Novell Open Enterprise Server product site (http://www.novell.com/products/

openenterpriseserver)

• Novell Open Enterprise Server documentation (http://www.novell.com/documentation/oes/

index.html)

• Novell eDirectory

8.7.3 documentation (http://www.novell.com/documentation/edir873/

treetitl.html)

• Novell iManager 2.5 documentation (http://www.novell.com/documentation/imanager25/

treetitl.html)

• Novell Linux Desktop 9 product site (http://www.novell.com/products/desktop/)

• Novell Linux Desktop 9 documentation (http://www.novell.com/documentation/nld/

treetitl.html)

• Novell Technical Support (http://www.novell.com/support)

novdocx (ENU) 01 February 2006

Documentation Conventions

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (

, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party

trademark.

When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.

12 Novell iFolder 3.x Administration Guide

Overview of Novell iFolder 3.x

Novell® iFolder® 3.x is the next generation of iFolder, supporting multiple iFolders per user, usercontrolled sharing, and a centralized network server for file storage and secure distribution. With iFolder, users’ local files automatically follow them everywhere—online, offline, all the time— across computers. Users can share files in multiple iFolders, and share each iFolder with a different group of users. Users control who can participate in an iFolder and their access rights to the files in it. Users can also participate in iFolders that others share with them.

This section familiarizes you with the various benefits and features of iFolder and its main components:

• Section 1.1, “Benefits of iFolder for the Enterprise,” on page 13

• Section 1.2, “Benefits of iFolder for Users,” on page 15

• Section 1.3, “Enterprise Server Sharing,” on page 17

• Section 1.4, “Key Components of iFolder,” on page 17

• Section 1.5, “What’s Next,” on page 20

novdocx (ENU) 01 February 2006

1.1 Benefits of iFolder for the Enterprise

Benefits of iFolder to the enterprise include the following:

• “Seamless Data Access” on page 13

• “Data Safeguards and Data Recovery” on page 14

• “Reliable Data Security” on page 14

• “Productive Mobile Users” on page 15

• “Cross-Platform Client Support” on page 15

• “Simple Data and Account Management” on page 15

• “No Training Requirements” on page 15

1.1.1 Seamless Data Access

Novell iFolder greatly simplifies the IT department’s ability to keep users productive. It empowers users by enabling their data to follow them wherever they go.

The days of users e-mailing themselves project files so they can work on them from home are gone, along with the frustration associated with sorting through different versions of the same file on different machines. iFolder stores and synchronizes users’ work in such a way that no matter what client or what location they log in from, their files are available and in the condition that they expect

Overview of Novell iFolder 3.x

them to be. Users can access the most up-to-date version of their documents from any computer using the iFolder client or Web access.

Figure 1-1 Novell iFolder 3.x Access Methods

Access Methods Authentication/File Encryption iFolder 3.x Services

HTTPS

iFolder Client for Novell Linux Desktop

novdocx (ENU) 01 February 2006

iFolder Client for Macintosh OS X 10.3x

iFolder Client for Windows 2000/XP

iFolder 3.x Web Access via a Web browser

HTTPS

Sync

Upload or Download

eDirectory LDAP

server on the

same or different

OES server

eDirectory

LDAP server

iFolder 3.x

Enterprise servers

HTTPS

OES Linux

server

iFolder 3.x Web Access

server on the same

or different OES server

1.1.2 Data Safeguards and Data Recovery

With Novell iFolder, data stored on the server can be easily safeguarded from system crashes and disasters that can result in data loss. When a user saves a file locally, the iFolder client can automatically update the data on the iFolder server, where it immediately becomes available for an organization’s regular network backup operations. iFolder makes it easier for IT managers to ensure that all of an organization’s critical data is protected.

1.1.3 Reliable Data Security

With Novell iFolder, LDAP-based authentication for access to stored data helps prevent unauthorized network access.

14 Novell iFolder 3.x Administration Guide

1.1.4 Productive Mobile Users

A Novell iFolder solution makes it significantly easier to support mobile users. VPN connections are no longer needed to deliver secure data access to mobile users. Authentication and data transfer use Secure Sockets Layer (SSL) technology to protect data on the wire.

Users do not need to learn or perform any special procedures to access their files when working from home or on the road. iFolder does away with version inconsistency, making it simple for users to access the most up-to-date version of their documents from any connected desktop, laptop, Web browser, or handheld device.

In preparation to travel or work from home, users no longer need to copy essential data to their laptops from various desktop and network locations. The iFolder client can automatically update a user’s local computer with the most current file versions. Even when a personal computer is not available, users can access all their files via Web access with any computer connected to the Internet.

1.1.5 Cross-Platform Client Support

novdocx (ENU) 01 February 2006

The iFolder client is available for Linux, Windows*, and Macintosh* desktops. The Novell iFolder

3.x Web Access server provides a Web interface that allows users to access their files on the enterprise server with a Web browser from any computer with an active network or Internet connection.

1.1.6 Scalable Deployment

iFolder easily scales from small to large environments. You can install iFolder on multiple servers, allowing your iFolder environment to grow with your business. A single iFolder enterprise server handles up to about 1,000 user accounts, depending on the amount of memory and storage available. Users in an LDAP context can be concurrently provisioned for iFolder services simply by assigning the context to an iFolder server.

1.1.7 Simple Data and Account Management

Management of all iFolder enterprise servers is centralized through the Novell iFolder 3 plug-in to Novell iManager 2.5. Novell iFolder allows management from any location, using a standard Web browser. iFolder also frees IT departments from routine maintenance tasks by providing secure, automatic synchronization of local files to the server.

1.1.8 No Training Requirements

IT personnel no longer need to condition or train users to perform special tasks to ensure the consistency of data stored locally and on the network. With Novell iFolder, users simply store their files in the local iFolder directory. Their files are automatically updated to the iFolder server and any other workstations that share the iFolder. iFolder works seamlessly behind the scenes to ensure that data is protected and synchronized.

1.2 Benefits of iFolder for Users

Typically, when users work in multiple locations or in collaboration with others, they must conscientiously manage file versions. With iFolder, the most recent version of a user’s files can

Overview of Novell iFolder 3.x 15

follow the user to any computer where the iFolder client is installed and a shared iFolder is set up. iFolder also allows users to share multiple iFolders and their separate content with other users of the iFolder system. Users decide who participates in each shared iFolder and their level of access. Similarly, users can participate in shared iFolders that are owned by others in the collaboration environment.

In the following example, Ulrik owns an iFolder named Denmark and shares it via his iFolder enterprise account with Nigel, Luc, and Alice. Nigel travels frequently, so he also set up the iFolder on his laptop. Any iFolder member can upload and download files from the Denmark iFolder from anywhere, using the iFolder Web Access server. In addition, Alice shares a non-work iFolder named Scooters with her friend Ulrik.

Figure 1-2 Collaboration and Sharing with iFolder

novdocx (ENU) 01 February 2006

Nigel's Desktop

Denmark

Liverpool

MyDocs

Luc's Desktop

Denmark

Mtn Biking

* iFolder Owner

iFolder 3.x

Enterprise Server

Alice's Desktop

Denmark

Scooters*

Utah

Storage

iFolder 3.x

Web Access

Server

Ulrik's Desktop

Denmark*

Scooters

MyStuff

Internet

* iFolder Owner

Nigel's Laptop

Denmark

TeamOne

Customers

Kiosk

iFolder 3.

Web Access

With an enterprise server, the iFolders are stored centrally for all iFolder members. The iFolder server synchronizes the most recent version of documents to all authorized users of the shared iFolder. All that the iFolder owner and iFolder members need is an active network connection and the iFolder client.

Novell iFolder provides the following benefits:

• Guards against local data loss by automatically backing up local files to the iFolder server and multiple workstations

• Transparently updates a user’s iFolder files to the iFolder enterprise server and multiple member workstations with the iFolder client

• Tracks and logs changes made to iFolder files while users work offline, and synchronizes those changes when they go online

• Provides access to user files on the iFolder server from any workstation without the iFolder client, using a Web browser and an active Internet or network connection

• With SSL encryption enabled, protects data as it travels across the wire

• Makes files on the iFolder server available for regularly scheduled data backup

16 Novell iFolder 3.x Administration Guide

For more information, see “Benefits of iFolder” in the iFolder User Guide for Novell iFolder 3.2.

1.3 Enterprise Server Sharing

The iFolder client included in this release supports synchronization across multiple computers through a central Novell iFolder 3.x enterprise server.

• Users can share files across computers.

• Users can share files with others.

• Each user can own multiple iFolders.

• Each user can participate in multiple iFolders owned by other users.

• Files can be synchronized via the central server at any time and with improved availability, reliability, and performance.

• Data is transferred securely over the wire using SSL connections.

• Users are autoprovisioned for iFolder services based on their assignment to administratorspecified LDAP containers and groups.

• A list of iFolder users is synchronized at regular intervals with the LDAP directory services.

• Local files are automatically backed up to the server at regular intervals and on demand.

novdocx (ENU) 01 February 2006

• iFolder data on the server can be backed up to backup media and restored.

• Administrators can manage the iFolder system, user accounts, and user iFolders using the Novell iFolder 3 plug-in to iManager.

1.4 Key Components of iFolder

• Section 1.4.1, “iFolder Enterprise Server,” on page 17

• Section 1.4.2, “Novell iFolder 3 Plug-in to Novell iManager 2.5,” on page 18

• Section 1.4.3, “iFolder Web Access,” on page 18

• Section 1.4.4, “The iFolder Client,” on page 18

• Section 1.4.5, “Shared iFolders,” on page 18

• Section 1.4.6, “iFolder Access Rights,” on page 18

• Section 1.4.7, “Account Setup for Enterprise Servers,” on page 19

• Section 1.4.8, “Access Authentication,” on page 19

• Section 1.4.9, “File Synchronization and Data Management,” on page 19

• Section 1.4.10, “Synchronization Log,” on page 19

• Section 1.4.11, “iFolder Client APIs,” on page 20

1.4.1 iFolder Enterprise Server

The iFolder enterprise server is a central repository for storing iFolders and synchronizing files for enterprise users.

Overview of Novell iFolder 3.x 17

1.4.2 Novell iFolder 3 Plug-in to Novell iManager 2.5

The Novell iFolder 3 plug-in to Novell iManager 2.5 is an administrative tool used to manage the iFolder system, user accounts, and user iFolders and data.

1.4.3 iFolder Web Access

The iFolder 3.x Web Access server provides an interface to allow users remote access to iFolders on the enterprise server.

For information about using Web Access, see “Using Novell iFolder 3.x Web Access” in the iFolder

User Guide for Novell iFolder 3.2.

1.4.4 The iFolder Client

The iFolder client integrates with the user’s operating system to provide iFolder services in a native desktop environment. It supports the following client operating systems:

• Novell Linux Desktop 9

• Windows 2000/XP

novdocx (ENU) 01 February 2006

• Macintosh OS X v10.3 or later

An iFolder session begins when the user logs in to an iFolder services account and ends when the user logs out of the account or exits the iFolder client. The iFolders synchronize files with the enterprise server only when a session is active and the computer has an active connection to the network or Internet. Users can access data in their local iFolders at any time; it does not matter if they are logged in to their server accounts or if they are connected to the network or Internet.

The iFolder client allows users to create and manage their iFolders. For information, see the iFolder

User Guide for Novell iFolder 3.2.

1.4.5 Shared iFolders

An iFolder is a local directory that the user selectively shares with other users in a collaboration environment. The iFolder files are accessible to all members of the iFolder and can be changed by those with the rights to do so. Users can share iFolders across multiple workstations and with others.

Because the iFolder client is integrated into the operating environment, users can work with iFolders directly in a file manager or in the My iFolders window. Within the iFolder, users can set up any subdirectory structure that suits their personal or corporate work habits. The subdirectory structure is constant across all member iFolders. Each workstation can specify a different parent directory for the shared iFolder.

1.4.6 iFolder Access Rights

The iFolder client provides four levels of access for members of an iFolder:

•Owner: Only one user serves as the owner. This is typically the user who created the iFolder. The owner or an iFolder administrator can transfer ownership status from the owner to another user.

18 Novell iFolder 3.x Administration Guide

The owner of an iFolder has the Full Control right. This user has read/write access to the iFolder, manages membership and access rights for member users, and can remove the Full Control right for any member. With an enterprise server, the disk space used by the owner’s iFolders count against the owner’s user disk quotas on the enterprise server.

If a user is deleted as a user for the iFolder system, the iFolders owned by the user are orphaned. Orphaned iFolders are assigned temporarily to the iFolder Admin user, who becomes the owner of the iFolder. Membership and synchronization continues while the iFolder Admin user determines whether an orphaned iFolder should be deleted or assigned to a new owner.

• Full Control: A member of the shared iFolder, with the Full Control access right. The user with the Full Control right has read/write access to the iFolder and manages membership and access rights for all users except the owner.

•Read/Write: A member of the shared iFolder, with the Read/Write access right to directories and files in the iFolder.

•Read Only: A member of the shared iFolder, with the Read Only access right to directories and files in the iFolder. This member can copy an iFolder file to another location and modify it outside the iFolder.

When used with an enterprise server account, the server hosts every iFolder created for that account. Users create an iFolder and the enterprise server makes it available to the specified list of users. A user can have a separate account on each enterprise server. A user’s level of membership in each shared iFolder can differ.

novdocx (ENU) 01 February 2006

1.4.7 Account Setup for Enterprise Servers

The iFolder client allows you to set up multiple accounts, with one each allowed per enterprise server. Users specify the server address, username, and password to uniquely identify an account. On his or her computer, a user sets up accounts while logged in as the local identity he or she plans to use to access that account and its iFolders. Under the local login, the user can set up multiple iFolder accounts, but each account must belong to a different iFolder enterprise server.

1.4.8 Access Authentication

Whenever iFolder connects to an enterprise server to synchronize files, it connects with HTTP BASIC and SSL connections to the server, and the server authenticates the user against the LDAP directory service.

1.4.9 File Synchronization and Data Management

When you set up an iFolder account, you can enable Remember Password so that iFolder can synchronize iFolder invitations and files in the background as you work. The iFolder client runs automatically each time you log in to your computer’s desktop environment. The session runs in the background as you work with files in your local iFolders, tracking and logging any changes you make. With an enterprise server, you can synchronize the files at specified intervals or on demand.

1.4.10 Synchronization Log

The log displays a log of your iFolder background activity.

Overview of Novell iFolder 3.x 19

1.4.11 iFolder Client APIs

As part of the iFolder project, APIs are available for the client. For iFolder Client developer documentation, see the iFolder Software Developers Kit (http://forge.novell.com/modules/xfmod/

docman/?group_id=1372).

1.5 What’s Next

Before you install iFolder, review the following sections:

• “What’s New” on page 21

• “Planning iFolder Services” on page 31

• “Coexistence and Migration Issues” on page 41

• “Prerequisites and Guidelines” on page 45

When you are done, install and configure your iFolder enterprise server and Web Access server. For information, see “Installing and Configuring iFolder Services” on page 51.

novdocx (ENU) 01 February 2006

20 Novell iFolder 3.x Administration Guide

What’s New

Novell® iFolder® 3.x and the iFolderTM client offer many new capabilities as compared to Novell Novell iFolder 2.1x. This section discusses the following:

• Section 2.1, “What’s New in Novell iFolder 3.2 (OES SP2 Linux),” on page 21

• Section 2.2, “What’s New in Novell iFolder 3.1 (OES SP1 Linux),” on page 21

• Section 2.3, “What’s New in Novell iFolder 3.0 (OES Linux),” on page 21

• Section 2.4, “Comparison of 2.1x and 3.x Server Features and Capabilities,” on page 22

• Section 2.5, “Comparison of 2.1x and 3.x Client Features and Capabilities,” on page 25

• Section 2.6, “Comparison of 2.1x and 3.x Web Access Features and Capabilities,” on page 28

2.1 What’s New in Novell iFolder 3.2 (OES SP2 Linux)

novdocx (ENU) 01 February 2006

The following features are new in iFolder 3.2 for OES SP2 Linux:

• Localized user help for the iFolder client

• Support for users to log in to the iFolder server with their common name or e-mail address. The iFolder Admin User configures the option during installation and the setting applies to all users. For information, see Section 6.2, “Configuring the iFolder Enterprise Server,” on

page 53.

2.2 What’s New in Novell iFolder 3.1 (OES SP1 Linux)

The following features are new in iFolder 3.1 for OES SP1 Linux:

• Support for the iFolder data store on Novell Storage Services

• Support for Novell Cluster Services

• Support for iFolder data store backup with the Target Service Agent for iFolder (TSAIF) with NBackup, a Novell Storage Management Services command line utility

• Support for Mono 1.1.7.7x

• Interoperability for Novell iChain, Novell BorderManager, and Novell Security Manager

• Support for the OES patch channel

for Linux

(NSS) volumes on Linux

2.3 What’s New in Novell iFolder 3.0 (OES Linux)

Novell iFolder 3.0 includes several important new features.

• Multiple iFolders: A user creates as many iFolders as desired and manages each one separately. Each iFolder functions independently to synchronize its own set of files. Users specify the local path for each iFolder.

What’s New

• Shared iFolders: Each iFolder can be kept private or shared with a different group of users. For a shared iFolder, the owner or a member with the Full Control right controls who participates in the iFolder and the level of access granted to each member, such as Full Control, Read/Write, or Read Only.

• Centralized iFolder Synchronization and Storage: iFolder data is automatically synchronized by the iFolder client to the iFolder enterprise server over an IP network. The enterprise server stores files for each iFolder, then synchronizes them to other member computers. Encryption is supported for data transfers. Administrators control whether data is transported securely with HTTPS (SSL) connections during synchronization, or if data is transported with standard HTTP BASIC connections.

• Multiple iFolder Accounts: Users can concurrently access iFolder accounts on different servers.

• Web Access to iFolders: Users access their iFolder enterprise server accounts from any computer with Internet access. They create subdirectories, upload files, and download files to any of their iFolders. All iFolders for the account are available, whether the user is the owner or a member.

• Remote and Policy-Based Administration: Administrators manage iFolder services with the Novell iFolder 3 plug-in to Novell iManager, which is the central management console for Novell Open Enterprise Server. The tool supports policy-based management of the iFolder system, user accounts, and users’ iFolders.

• Client-Side APIs: Almost every function an end user can accomplish through the UI is exposed as an API. This allows third-party developers to more easily integrate their applications with iFolder and gives organizations the tools they need to customize iFolder.

novdocx (ENU) 01 February 2006

For information about key features of the iFolder client, see the iFolder User Guide for Novell

iFolder 3.2.

2.4 Comparison of 2.1x and 3.x Server Features and Capabilities

Feature or Capability Novell iFolder 2.1x Server Novell iFolder 3.x Enterprise Server

Server management iFolder Administration tool

http://serveraddress/ iFolderServer/ iFolder.html

You can also access the iFolder Administration tool from iManager by selecting iFolder 2.1x from Roles and Tasks.

Novell iFolder 3 plug-in to iManager

For information, see Section 8.1,

“Accessing the Novell iFolder 3 Plug-In for iManager,” on page 81.

22 Novell iFolder 3.x Administration Guide

Feature or Capability Novell iFolder 2.1x Server Novell iFolder 3.x Enterprise Server

novdocx (ENU) 01 February 2006

Automatic provisioning of iFolder services

Maximum iFolders per username

Allows administrators to create an iFolder for a user

Allows administrators to share an iFolder and specify its member users

Allows administrators to transfer ownership of a shared iFolder to another user

The administrator enables iFolder services for users, requires users to log in to activate the account, and then creates the iFolder on the server.

One Multiple. Virtually unlimited number

No Yes

Yes

iFolder automatically provisions iFolder users based on LDAP containers, groups, or users the administrator specifies. The server periodically polls your LDAP server for a list of authorized network users in those contexts and updates the iFolder users accordingly.

of iFolders as an owner or member.

• For each iFolder, specify a list of users, which can be further modified by the iFolder owner.

• For each member of an iFolder, specify the user’s level of access with Full Control, Read/ Write, and Read Only rights.

Detects orphaned iFolders and allows the iFolder Admin user to manage them

Maximum file size Software limits file size to 4 GB.

Maximum number of directories

No Yes

Below 4 GB, the maximum file size depends on the server’s and clients’ local file systems.

For example, on Windows clients, FAT32 limits file sizes to 4 GB. On Linux, EXT2 limits file sizes to 2 GB.

32,765 No software restrictions; depends on

There are no software restrictions, but the administrator can specify the maximum file size that users can synchronize as a system-wide policy.

Below the administrative maximum, the practical maximum file size depends on the server’s and clients’ local file systems.

the server’s and clients’ local file systems

What’s New 23

Feature or Capability Novell iFolder 2.1x Server Novell iFolder 3.x Enterprise Server

novdocx (ENU) 01 February 2006

Disk quotas The administrator can specify a

default user quota that applies system-wide, and specify individual user quotas for iFolder accounts.

Minimum synchronization interval

Allows administrators to specify which file types to synchronize

The administrator can set minimum synchronization intervals to apply system-wide and for individual users.

No Yes

The administrator can specify a default account quota that applies system-wide, individual user account quotas, and individual iFolder quotas.

An owner can also specify a quota for an individual iFolder, but the total combined quotas for all the iFolders the user owns cannot exceed the system-wide account quota or the user’s individual account quota, whichever is less.

An iFolder member can specify a quota for the iFolder on each client. The quota cannot exceed the iFolder’s quota or that user’s own quota for his or her account.

The administrator can set minimum synchronization intervals to apply system-wide, for individual users, or for an individual iFolder.

Administrator can specify file types to include or exclude by setting system-wide, individual account, or individual iFolder policies.

Allows administrators to enable or disable the iFolder synchronization

Authenticated access Yes, using the Admin username and

Encrypted data transfer Yes, with the encrypted iFolder

iFolder data stored encrypted on server

Yes, by temporarily disabling iFolder services for the user account.

password for the iFolder Management tool

option

The Blowfish algorithm is applied with a user-specified passphrase. The admin user determines whether encryption services are available to users.

Yes, with the encrypted iFolder option

The user must specify a passphrase when first creating the iFolder account.

Yes, by using the iFolder Enable/ Disable User function to temporarily disable login for the user to the user’s iFolder account.

Yes. The Admin user logs in to iManager, then must use credentials equivalent to the iFolder Admin user to connect to the iFolder server.

Yes, with automatic HTTPS (SSL) connections. The iFolder Admin user or equivalent determines whether secure or insecure connections are used.

No. Data is stored unencrypted for all iFolders.

24 Novell iFolder 3.x Administration Guide

Feature or Capability Novell iFolder 2.1x Server Novell iFolder 3.x Enterprise Server

novdocx (ENU) 01 February 2006

Backup of local files to a network server

Backup support to restore deleted files

Files in users’ local iFolders are backed up on the iFolder server.

Entire iFolder contents must be backed up and restored.

Files in users’ local iFolders are backed up on the iFolder enterprise server.

Individual files, directories, and iFolders can be backed up and restored.

2.5 Comparison of 2.1x and 3.x Client Features and Capabilities

Feature or Capability Novell iFolder 2.1x Client

Download location The iFolder download page is

http://serveraddress/ iFolder

Replace serveraddress with the IP address or DNS name of your iFolder server. For example,

192.168.1.1 or nifsvr1.example.com. The

path is case sensitive.

iFolder Client with a Novell iFolder

3.x Enterprise Server

The administrator provides a download site where users can download the iFolder client, such as the iFolder 3.x Welcome page on the OES Linux server.

Default location of the iFolder directory on a client

Connect to server Log in to one account at a time. Set up accounts for multiple

Authenticated access Yes, with username and

Encrypted data transfer Yes, with the encrypted iFolder

iFolder data stored encrypted on server

Windows: C:\Documents and

Settings\username\My Documents\iFolder\userna me\Home

Linux: /home/userid/ ifolder/userid

Macintosh: Not supported

password authentication via your LDAP server.

option.

The Blowfish algorithm is applied with a user-specified passphrase.

Yes, with encrypted iFolder option

The user must specify a passphrase when first creating the iFolder account.

Anywhere the user wants to create an iFolder on his or her Windows, Linux, or Macintosh computers.

iFolder servers and log in to one or more as desired.

Yes, with username and password authentication via your LDAP server.

Yes, with automatic HTTPS (SSL) connections.

Administrators control whether connections use HTTPS or HTTP.

Data is stored unencrypted on the server.

What’s New 25

novdocx (ENU) 01 February 2006

Feature or Capability Novell iFolder 2.1x Client

iFolder data stored encrypted on clients

iFolder data is stored unencrypted on the client. Use third-party local encryption options, if needed.

Create an iFolder Yes, by logging in to the server for

the first time after being provisioned for iFolder services.

iFolder Client with a Novell iFolder

3.x Enterprise Server

iFolder data is stored unencrypted on the client. Use third-party local encryption options, if needed.

Yes, by selecting any local directory and making it an iFolder. A user can create multiple iFolders in each iFolder account.

Maximum iFolders per username One Multiple. Virtually unlimited

number of iFolders as an owner or member.

Share an iFolder across multiple computers

Yes, by logging in to an iFolder server from a computer with the iFolder client, or by accessing the iFolder via the Web with NetStorage.

Yes, by logging in to an iFolder account from another computer with an iFolder client and setting up the available iFolder.

You can select which of the iFolders you own or participate in to set up on each computer, according to your needs at each location.

Share an iFolder with other users Not as designed, but it is

possible.

The administrator can create a username for this purpose. Membership in the iFolder is determined by who has access to the password for that username and its iFolder account.

Participate in a shared iFolder owned by another user

Not as designed, but it is possible if the iFolder’s owner shares his or her username and password.

IMPORTANT: Sharing a password is a security risk and is never recommended.

Allows the owner of a shared

No Yes iFolder to transfer ownership of a shared iFolder to another user

Yes, as the owner user or a member user with the Full Control right.

• For each iFolder, specify a list of users.

• For each member of an iFolder, specify different levels of access with the Full Control, Read/Write, or Read Only right.

Yes, if the owner adds you as a member.

After the owner makes you a member of the iFolder, the server notifies you by making the iFolder available in your My iFolders window. Use the iFolder Setup function to activate the iFolder on one or more computers where you want to participate.

26 Novell iFolder 3.x Administration Guide

novdocx (ENU) 01 February 2006

Feature or Capability Novell iFolder 2.1x Client

Allows the iFolder owner to

No Yes

iFolder Client with a Novell iFolder

3.x Enterprise Server

transfer ownership the iFolder to another user

Maximum file size Software limits file size to 4 GB.

Below 4 GB, the maximum file size depends on the server’s and clients’ local file systems.

For example, on Windows clients, FAT32 limits file sizes to 4 GB. On Linux, EXT2 limits file sizes to 2 GB.

There are no software restrictions, but the administrator can specify the maximum file size that users can synchronize as a system-wide policy.

Below the administrative maximum, the practical maximum file size depends on the server’s and clients’ local file systems.

Restrict synchronization by including or excluding files by file type, such as .mp3

No Yes, with policies set by the

administrator that can apply system-wide, to individual user accounts, or to individual iFolders.

Maximum number of directories 32,765 No software restrictions; depends

on the server’s and clients’ local file systems.

Disk quotas No An owner can specify a quota for

each iFolder, but the total combined administrative quotas for all owned iFolders cannot exceed the user’s quota, or the system-wide quota if there is no user quota.

An iFolder member can specify a quota for the iFolder on each computer where the iFolder is set up.

Minimum synchronization interval The user sets a synchronization

interval for each workstation. The value cannot be less than the system-wide setting or individual

The user sets a synchronization interval for each computer that applies to all iFolders in all accounts on that computer.

user setting.

Allows users to suspend synchronization for a given client

Yes, using any of the following methods:

computer

• Log out of the iFolder server

• Disable Automatic Synchronization in the Preferences tab. You can remain logged in, and then synchronization when you want with the

• Log out of the iFolder server account

• Disable Automatic Sync

• Disable the account in the Account window (deselect Enable Account)

Synchronization Now option.

What’s New 27

novdocx (ENU) 01 February 2006

Feature or Capability Novell iFolder 2.1x Client

Remote access to iFolder data on the server

Backup of local files to a network server

Backup support to restore deleted files

Yes, using NetStorage.

Your administrator must configure NetStorage for iFolder services.

Files in users’ local iFolders are backed up on the iFolder server.

Administrators must back up and restore the entire iFolder contents.

iFolder Client with a Novell iFolder

3.x Enterprise Server

Yes, using iFolder 3.x Web Access

Files in users’ local iFolders are backed up on the iFolder enterprise server.

Administrators can back up the entire iFolder data store. They can restore individual files, directories, or iFolders.

2.6 Comparison of 2.1x and 3.x Web Access Features and Capabilities

Feature or Capability Novell iFolder 2.1x Web Access Novell iFolder 3.x Web Access

Web access method For iFolder 2.1.4 and earlier, the

Java* applet or Novell NetStorage (for NetWare

servers only)

iFolder 3.x Web Access for Novell Open Enterprise Server for Linux

For iFolder 2.1.5 and later, Novell NetStorage for Novell Open Enterprise Server (both Linux and NetWare servers)

Web access location http://serveraddress/iFolder

Replace serveraddress with the IP address or DNS name of your iFolder server. For example,

192.168.1.1 or nifsvr1.example.com. The

path is case sensitive.

Connect to server The user has only one iFolder per

username. The user accesses the iFolder server where his or her files are located for that username.

http://serveraddress/ webalias

Replace serveraddress with the IP address or DNS name of your iFolder server. For example,

10.10.1.1 or nifsvr1.example.com.

Replace webalias with the administrator-specified path. The default path is /ifolder. The path is case sensitive. For example:

http://10.10.1.1/ ifolder

Users separately access the different servers where you have accounts. All iFolders for the individual account are available.

28 Novell iFolder 3.x Administration Guide

Feature or Capability Novell iFolder 2.1x Web Access Novell iFolder 3.x Web Access

novdocx (ENU) 01 February 2006

Authenticated access Yes, with username and

password authentication via your LDAP server.

Encrypted data transfer Yes, with the encrypted iFolder

option.

The Blowfish algorithm is applied with a user-specified passphrase.

WebDAV protocol support Yes, allows WebDAV clients,

such as Microsoft Explorer, to seamlessly access folders and files on an iFolder 2.1x server.

Yes, with username and password authentication via your LDAP server.

Yes, with HTTPS (SSL) connections for data transfer.

What’s New 29

novdocx (ENU) 01 February 2006

30 Novell iFolder 3.x Administration Guide

Planning iFolder Services

This section discusses the planning considerations for providing Novell® iFolder® 3.x services on OES Linux.

• Section 3.1, “Security Considerations,” on page 31

• Section 3.2, “Server Workload Considerations,” on page 31

• Section 3.3, “Naming Conventions for Usernames and Passwords,” on page 32

• Section 3.4, “Admin User Considerations,” on page 33

• Section 3.5, “iFolder User Account Considerations,” on page 34

• Section 3.6, “iFolders Data and Synchronization Considerations,” on page 36

• Section 3.7, “Management Tools,” on page 37

3.1 Security Considerations

novdocx (ENU) 01 February 2006

For information about planning security for your iFolder 3.x system, see the Novell iFolder 3.x

Security Administrator Guide.

3.2 Server Workload Considerations

The iFolder 3.x enterprise server supports a complex usage model where each user can own multiple iFolders and participate in iFolders owned by other users. Instead of a single user working from different workstations at different times, multiple users can be concurrently modifying files and synchronizing them. Whenever a user adds a new member to an iFolder, the workload on the server can increase almost as much as if you added another user to the system.

We recommend a maximum of 1000 users per iFolder server, depending on the performance characteristics of your hardware. You can set user account quotas to control the maximum storage space consumed by a user’s iFolders on the server. The actual bandwidth usage for each iFolder depends on the following:

• The number of members subscribed to the iFolder

• The number of computers actively sharing the iFolder

• How much data is stored in the iFolder

• The actual and average size of files in the iFolder

• The number of files in the iFolder

• How frequently files change in the file

• How much data actually changes

• How frequently files are synchronized

• The available bandwidth and throughput of network connections

We recommend that you set up a pilot program to assess your operational needs and performance based on your equipment and collaboration environment, then design your system accordingly.

Planning iFolder Services

The following is a suggested baseline configuration for an iFolder 3.x server with a workload similar to a typical iFolder 2.1x server. It is based on an example workload of about 12.5 GB of data throughput (up and down) each 24 hours, including all Ethernet traffic and protocol overhead. Your actual performance might differ.

Table 3-1 Suggested Baseline Configuration for an iFolder Enterprise Server

Component Example System Configuration

Hardware 1.8 GHz Single processor

1.2 GB RAM

300 GB hard drive

iFolder Services 500 users

500 MB user account quota per user

1 iFolder per user that is not shared with other users

5% change in each user’s data per 24-hour period

novdocx (ENU) 01 February 2006

3.3 Naming Conventions for Usernames and Passwords

LDAP Naming Requirement

Usernames and passwords must comply with the constraints set by your LDAP service. For information, see the Novell eDirectory 8.7.3 Administration Guide (http://www.novell.com/

documentation/edir873/treetitl.html).

E-Mail Address Naming Requirement

If you configure iFolder to authenticate users at login based on their e-mail addresses, make sure that each e-mail address in eDirectory satisfies the following naming requirements:

• Conforms to standard e-mail naming conventions

• Is unique in the directory

For example, if two identical e-mail addresses exist in the directory, iFolder could synchronize both of them, but it attempts to authenticate only to the first matching e-mail address it finds. Authentication fails if the password does not match that address.

iFolder does not transform the address the user enters in any way and treats the names as case sensitive. Your users should be aware of the format and case used for their e-mail addresses that are stored in eDirectory.

For example, if user John Smith has an e-mail address based on a user ID of js1234, such as

js1234@example.com, but is allowed to use an e-mail alias such as john.smith@example.com, which address should the user enter as the iFolder user name?

32 Novell iFolder 3.x Administration Guide

Length and Format Considerations for an LDAP Object

In iManager, the maximum number of characters for most LDAP objects is 64 characters. Some fields require common name format and others require fully distinguished name format for objects. View the iManager Help for the different plug-ins to make sure your entries comply with length and format restrictions for the individual plug-in.

Multilingual Considerations

If you have workstations running in different languages, you might want to limit User object names to characters that are viewable on all the workstations. For example, a name entered in Japanese cannot contain characters that are not viewable in Western languages.

IMPORTANT: eDirectory supports only English language characters for usernames and passwords on Linux and HP-UNIX. This applies to OES Linux and Novell Linux Desktop.

For information, see “Multilingual Considerations” (http://www.novell.com/documentation/

edir873/edir873/data/a2iiidp.html#a2iiie7) in the Novell eDirectory 8.7.3 Administration Guide.

novdocx (ENU) 01 February 2006

3.4 Admin User Considerations

During the iFolder install, iFolder creates two administrator users, the iFolder Admin user and the iFolder Proxy user. After the install, you can also configure other users with the iFolder Admin right to make them equivalent to the iFolder Admin user.

iFolder Admin User and Equivalent Users

The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever iFolders are orphaned, ownership is transferred to the iFolder Admin user for reassignment to another user or for deletion. You initially specify the iFolder Admin user during the iFolder enterprise server configuration in YaST.

The iFolder Admin user must be provisioned to enable the iFolder Admin to perform management tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP container or group in the tree, even those that are not identified as Search DNs. The user’s movement can be tracked anywhere in the tree because it is known by the GUID, not the user DN.

The iFolder Admin right can be assigned to other users so that they can also manage iFolder services for the selected server. Use the Administrators page in the Novell iFolder 3 plug-in to add or remove the iFolder Admin right for users. Only users who are in one of the DNs specified in the LDAP Search DN are eligible to be equivalent to the iFolder Admin user.

If you assign the iFolder Admin right to other users, those users are governed by the roster and Search DN relationship. The user is removed from the roster and stripped of the iFolder Admin right if you delete the user, remove the user’s DN from the list of Search DNs, or move the user to a DN that is not in the Search DNs.

iFolder Proxy User

The iFolder Proxy user is the identity used to access the LDAP server to retrieve lists of users in the specified containers, groups, or users that are defined in the iFolder LDAP settings. This identity must have the Read right to the LDAP directory. The iFolder Proxy user is created during the iFolder install. You probably never need to modify this value.

Planning iFolder Services 33

IMPORTANT: If you do modify the iFolder Proxy user, make sure that the identity you specify is different than the iFolder Admin user or other system users because the iFolder Proxy user password is stored in reversible encrypted form in the Simias database on the iFolder server.

When you initially configure the iFolder enterprise server in YaST, iFolder autogenerates a password for the iFolder proxy user.

Table 3-2 Encryption Method for the iFolder Proxy User Password

iFolder Version Encryption Method iFolder Proxy User Password

iFolder 3.2 YaST encryption method Generates an alphanumeric, 13-digit,

mixed-case password

iFolder 3.0 and 3.1 BASH random number generator Generates a number between 0 and

10,000 and appends it to iFolderProxy. For example, iFolderProxy1234.

Initially, the password for the iFolder Proxy user is stored in clear text in the /opt/novell/ ifolder3/etc/simias-server-bootstrap.config file. At the end of the

configuration process, the system reboots Apache 2 and starts iFolder. When iFolder runs this first time after configuration, the iFolder process copies the simias-server-bootstrap.config file to the Simias.config file. The default location of the Simias.config file is /var/

lib/wwwrun/.local/share/simias directory or the /home/wwwrun/.local/ share/simias directory. The proxy user password is stored in a reversible encrypted form in the

Simias database, then the value is removed from both configuration files.

novdocx (ENU) 01 February 2006

The password stored on the system for the iFolder Proxy user must match the password stored in the iFolder Proxy user’s eDirectory object. If you ever modify the iFolder Proxy user password in eDirectory, you must also change the password stored on the system. For example, if you change the iFolder Proxy user assignment, or if you want to set a longer password for the iFolder Proxy user, you must modify the values afterwards in iFolder’s LDAP settings or iFolder cannot access the LDAP server to update the user list. For information, see Section 8.4.5, “Modifying the iFolder

Proxy User Password,” on page 88.

To secure access to the Simias.config file, administrators of the iFolder 3.x server computer must use every precaution to not inadvertently assign file system rights to the /var/lib/

wwwrun/.local/share/simias directory or the /home/wwwrun/.local/share/ simias directory to unauthorized users.

3.5 iFolder User Account Considerations

• Section 3.5.1, “Preventing the Propagation of Viruses,” on page 35

• Section 3.5.2, “Provisioning User Accounts,” on page 35

• Section 3.5.3, “Setting Account Quotas,” on page 35

34 Novell iFolder 3.x Administration Guide

3.5.1 Preventing the Propagation of Viruses

Because iFolder is a cross platform, distributed solution there is a possibility of virus infection on Windows machines migrating across the iFolder server to other platforms, and vice versa. You should enforce server-based virus scanning to prevent viruses from entering the corporate network.

You should also enforce client-based virus scanning. For information, see “Configuring Local Virus

Scanner Settings for iFolder Traffic” in the iFolder User Guide for Novell iFolder 3.2.

3.5.2 Provisioning User Accounts

You can specify any existing containers and groups in the Search DNs field of the iFolder LDAP settings to govern which users are automatically provisioned with accounts for iFolder services. The LDAP synchronization tracks a user object’s eDirectory contexts as you add, move, or relocate user objects, or as you add and remove contexts as Search DNs.

The following guidelines apply:

• If the user is added to an LDAP container, group, or user that is in the Search DN, the user is added automatically to the iFolder user list.

GUID to identify the user in multiple

novdocx (ENU) 01 February 2006

• If a user is moved to a different container, and the new container is also in the Search DN, the user remains in the iFolder user list.

If you intend to keep the user as an iFolder user without interruption of service and loss of memberships and data, the new container must be added as a Search DN before the user is moved.

If the user is moved to a different container that is not specified as a Search DN before the user is moved, the user is removed from the iFolder user list. The user’s iFolders are orphaned and the user is removed as a member of iFolders owned by others. If the new container is later added as a Search DN, the user is treated as a new user, with no association with previous iFolders and memberships.

• If the user appears in multiple defined Search DNs, if one or more DNs are removed from the LDAP settings, the user remains in the iFolder user list if at least one DN containing the user remains.

• If the user is deleted from LDAP or moved from all defined Search DNs, the user is removed as an iFolder user. The user’s iFolders are orphaned and the user is removed as a member of iFolders owned by others.

• The iFolder Admin user and iFolder Proxy user are tracked by their GUIDs, whether their user objects are in a context in the Search DN or not.

3.5.3 Setting Account Quotas

You can restrict the amount of space each user account is allowed to store on the server by setting an account quota. The account quota applies to the total space consumed by the iFolders the user owns. If the user participates in other iFolders, the space consumed on the server is billed to the owner of that iFolder. You can set quotas at the system or user level. Within a give account quota, you can also set a quota for any iFolder.

Planning iFolder Services 35

3.6 iFolders Data and Synchronization Considerations

Consider the following when setting policies for iFolders data and synchronization:

• Section 3.6.1, “Naming Conventions for an iFolder and Its Folders and Files,” on page 36

• Section 3.6.2, “Guidelines for File Types and Sizes to Be Synchronized,” on page 36

3.6.1 Naming Conventions for an iFolder and Its Folders and Files

The iFolder client imposes naming conventions that consider the collective restrictions of the Linux, Windows, and Macintosh file systems. An iFolder, folder, or file must have a valid name that complies with the naming conventions before it can be synchronized.

Use the following naming conventions for your iFolders and the folders and files in them:

• iFolder supports the Unicode* (http://www.unicode.org) character set with UTF-8 encoding.

• Do not use the following invalid characters in the names of iFolders or in the names of folders and files in them:

\/:*?"<>|;

iFolder creates a name conflict if you use the invalid characters in a file or folder name. The conflict must be resolved before the file or folder can be synchronized.

novdocx (ENU) 01 February 2006

• The maximum name length for a single path component is 255 bytes. For filenames, the maximum length includes the dot (.) and file extension.

• Names of iFolders, folders, and files are case insensitive; however, case is preserved. If filenames differ only by case, iFolder creates a name conflict. The conflict must be resolved before the file or folder can be synchronized.

• If users create iFolders on the FAT32 file system on Linux, they should avoid naming files in all uppercase characters. The VFAT or FAT32 file handling on Linux automatically changes the filenames that are all uppercase characters and meet the MS-DOS 8.3 file format from all uppercase characters to all lowercase characters. This creates synchronization problems for those files if the iFolder is set with the Read Only access right.

3.6.2 Guidelines for File Types and Sizes to Be Synchronized

You can set policies to govern which files are synchronized by specifying file type restrictions and the maximum file size allowed to be synchronized. You can set these policies at the system, user account, and iFolder level.

Some file types are not good candidates for synchronization, such as operating system files, hidden files created by a file manager, or databases that are implemented as a collection of linked files. You might include only key file types used for your business, or exclude files that are likely unrelated to business, such as .mp3 files.

36 Novell iFolder 3.x Administration Guide

Operating System Files

You should not convert system directories to iFolders. Most system files change infrequently and it is better to keep an image file of your basic system and key software than to attempt to synchronize those files to the server.

Hidden Files

If your file system uses hidden files to track display preferences, you should determine the file types of these files and exclude them from being synchronized on your system. Usually, they are relevant only to the particular computer where they were created, and they change every time the file or directory is accessed. You do not need to keep these files, and synchronizing them results in repeated file conflict errors.

For example, iFolder automatically excludes two hidden file manager files called thumbs.db and .DS_Store.

Database Files

iFolder synchronizes the changed portions of a file; it does not synchronize files as a set. If you have a database file that is implemented as a collection of linked files, do not try to synchronize them in an iFolder.

Do not try to synchronize your GroupWise remote directories into iFolders. If you do this, the GroupWise data files becomes corrupted after synchronizing the file a few times. GroupWise needs the files in the archive to be maintained as a set of files.

data by making the GroupWise archive, cache, or

novdocx (ENU) 01 February 2006

File Sizes

The maximum file size you allow for synchronization depends on your production environment. While some users work with hundreds of small files, other users work with very large files. You might set a system-wide policy to restrict sizes for most users, then set individual policies for power users.

3.7 Management Tools

Use the following tools to manage the Novell iFolder 3.x enterprise server and Web Access server.

• Section 3.7.1, “iFolder Configuration Plug-Ins for YaST,” on page 37

• Section 3.7.2, “Novell iFolder 3 Plug-In for Novell iManager 2.5,” on page 38

• Section 3.7.3, “Web Access Configuration File,” on page 39

3.7.1 iFolder Configuration Plug-Ins for YaST

iFolder provides the following plug-ins to YaST for configuring basic parameters for your iFolder system:

Planning iFolder Services 37

iFolder Plug-In for YaST Purpose Tasks

novdocx (ENU) 01 February 2006

iFolder 3 Use this function to configure the following

parameters for the iFolder enterprise server.

• LDAP server name, LDAP admin DN, and password

• iFolder system name, store path, and description

• iFolder proxy DN, password, and search context for retrieving user information from LDAP

• iFolder admin DN and password

iFolder 3 Web Access Use this function to configure the following

parameters for the iFolder Web Access server.

• Web Access alias

• iFolder server URL

In YaST, click Network Services, then click iFolder 3.

For information, see Section 6.2,

“Configuring the iFolder Enterprise Server,” on page 53.

In YaST, click Network Services, then click iFolder 3 Web Access.

For information, see Section 6.3,

“Configuring the iFolder Web Access Server,” on page 55.

If both iFolder components are installed on the same computer, both plug-ins are available; otherwise, only the plug-in that is needed is available.

3.7.2 Novell iFolder 3 Plug-In for Novell iManager 2.5

The Novell iFolder 3 plug-in for Novell iManager 2.5 is an administrative tool used to manage the iFolder system, user iFolder accounts, and user iFolders and data. For information about installing iManager, see the Novell iManager 2.5 Installation Guide (http://www.novell.com/documentation/

imanager25/imanager_install_25/data/hk42s9ot.html).

Before you can use Novell iFolder 3 for managing your iFolder system, you must install it in iManager. For information, see Section 6.4, “Installing the Novell iFolder 3 Plug-In for iManager,”

on page 57.

To access Novell iFolder 3, see Section 6.5, “Accessing iManager and the Novell iFolder 3 Plug-In,”

on page 59.

Web Browser Language Setting

An iManager plug-in might not operate properly if the highest priority Language setting for your Web browser is set to a language other than one of the supported languages. To avoid problems, in your Web browser’s Languages setting, set the first language preference in the list to a supported language, such as English.

NOTE: In the initial release, iFolder supports only English. Localization in additional languages is planned for future releases.

Additional Information

For information about iManager, see the Novell iManager 2.5 Administration Guide (http://

www.novell.com/documentation/imanager25/imanager_admin_25/data/hk42s9ot.html).

38 Novell iFolder 3.x Administration Guide

3.7.3 Web Access Configuration File

Use the /opt/novell/ifolder3/webaccess/Web.config file to configure HTTP runtime parameters for your iFolder Web Access server. For information, see Section 9.4,

“Configuring the HTTP Runtime Parameters,” on page 97.

novdocx (ENU) 01 February 2006

Planning iFolder Services 39

novdocx (ENU) 01 February 2006

40 Novell iFolder 3.x Administration Guide

Coexistence and Migration Issues

One of the top priorities in designing Novell® iFolder® 3.x was to ensure that new iFolder services, running on Novell Open Enterprise Server, can be introduced into an existing network environment without disrupting existing Novell iFolder 2.1x services.

This section discusses the following the issues:

• Section 4.1, “Coexistence of iFolder 3.x and 2.1x Servers,” on page 41

• Section 4.2, “Coexistence of the iFolder Client with Novell iFolder 1.x and 2.x Clients,” on

page 42

• Section 4.3, “Migrating from iFolder 2.1x to 3.x Server,” on page 42

• Section 4.4, “Migrating User Files from an iFolder 2.1x to a 3.x Server,” on page 42

4.1 Coexistence of iFolder 3.x and 2.1x Servers

novdocx (ENU) 01 February 2006

If you use both Novell iFolder 3.x and iFolder 2.1x servers, we recommend that you install each version on its own dedicated server. However, iFolder 3.x enterprise and Web access servers can coexist with an iFolder 2.1x server on an OES Linux computer under the following conditions:

• Both iFolder 3.x and iFolder 2.1x run Apache 2 Worker. However, iFolder 2.1x runs a special configuration of Apache 2 Worker where the number of threads is limited. iFolder 3.x runs with the default Apache 2 Worker configuration that comes with OES. The separate instances of Apache run in parallel, with no interaction between them.

• You must use different IP addresses for the iFolder 3.x enterprise server and the iFolder 2.1x server running on the same computer. The iFolder 3.x enterprise server and iFolder 3.x Web access server share the same IP address when they are on the same server.

• The processor, memory, network adapter, and storage disks on the computer must be sized to support the combined workload and storage requirements for the iFolder servers.

•iFolder 3.x and 2.1x are not integrated in any way.

• They are different software packages and share no files in common.

• They use different methods and settings for management, security, policies, data storage, user provisioning, Web access, and backup.

• They do not share or coordinate information about servers, LDAP, administrators, users, or iFolders.

• There are no storage economies for or coordination of iFolder files and data.

• Users must use each server’s corresponding iFolder client to access their iFolder data on that server.

• Users must use the corresponding access method to access their iFolder data via a Web browser. iFolder 3.x requires the iFolder 3.x Web access server, and iFolder 2.1x requires Novell NetStorage.

For more information, see Section 2.4, “Comparison of 2.1x and 3.x Server Features and

Capabilities,” on page 22.

Coexistence and Migration Issues

4.2 Coexistence of the iFolder Client with Novell iFolder 1.x and 2.x Clients

Do not install the iFolderTM client in the same application folder as the Novell iFolder 1.x or 2.x client.

The iFolder client can coexist on the same workstation as the Novell iFolder 1.x client or 2.x client, with the following caveats:

• The iFolder client and its iFolders work only with the Novell iFolder 3.x enterprise server.

• The Novell iFolder 1.x or 2.x client and its iFolder on the workstation continue to work only with the assigned Novell iFolder server of the same release.

• The single iFolder created with the iFolder 1.x or 2.x client can coexist with the multiple iFolders created with the iFolder client. The iFolders function independently on the workstation; they do not exchange information or data. However, you can manually transfer local data between old and new iFolder folders.

• You should not attempt to convert the iFolder for Novell iFolder 1.x or 2.x to an iFolder to be managed by Novell iFolder 3.x. Similarly, you should not covert parent folders of that iFolder to a next-generation iFolder.

novdocx (ENU) 01 February 2006

If the folder is no longer used by a prior version of the Novell iFolder client, such as when you uninstall the old client from the workstation, you can convert the folder or its parent folders to a next-generation iFolder.

For more information, see Section 2.5, “Comparison of 2.1x and 3.x Client Features and

Capabilities,” on page 25.

4.3 Migrating from iFolder 2.1x to 3.x Server

There is no migration path between Novell iFolder 2.1x and Novell iFolder 3.x. There is no migration of configuration, policies, user information, and iFolder data on the server.

4.4 Migrating User Files from an iFolder 2.1x to a

3.x Server

The Novell iFolder 2.1x client and the iFolder client for Novell iFolder 3.x can run independently and concurrently on the same user computer. They are separate applications and should not be installed in the same location.

There is no automatic upgrade or migration from Novell iFolder 2.1x to the iFolder client for Novell iFolder 3.x. Each user can manually copy some or all of the files in the iFolder 2.1x directory to one or more iFolders for synchronization by an iFolder 3.x enterprise server.

Make sure to review the Section 2.5, “Comparison of 2.1x and 3.x Client Features and Capabilities,”

on page 25. Some features, such as encrypted data storage on the server, are not available in the new

iFolder client. You might make both servers available to users if encrypted data storage is essential for some of their files. Work with users to determine what their needs are for encrypted data on the server.

For information about migrating files from iFolder 2.1x to iFolders for the iFolder 33.x enterprise server, see “Migrating Files from iFolder 2.1x to 3.x” in the iFolder User Guide for Novell iFolder

42 Novell iFolder 3.x Administration Guide

3.2. After users have successfully migrated their files to the new system, you can determine the need

to maintain a 2.1x server in your environment.

novdocx (ENU) 01 February 2006

Coexistence and Migration Issues 43

novdocx (ENU) 01 February 2006

44 Novell iFolder 3.x Administration Guide

Prerequisites and Guidelines

novdocx (ENU) 01 February 2006

This section discusses prerequisites and guidelines for this release of Novell® iFolder® 3.x and the iFolder requirements in each of the following:

Client. Before installing and configuring iFolder, make sure that your system meets the

• Section 5.1, “File System,” on page 45

• Section 5.2, “Enterprise Server,” on page 45

• Section 5.3, “Novell eDirectory 8.7.3,” on page 48

• Section 5.4, “Novell iManager 2.5,” on page 48

• Section 5.5, “Mono,” on page 48

• Section 5.6, “Client Computers,” on page 49

• Section 5.7, “Web Browser,” on page 49

5.1 File System

iFolder Application Files

iFolder 3.x installs the iFolder files on the system volume. OES Linux requires the Reiser (default) or EXT3 file system for the system device.

iFolder Data Store

We recommend that you store the users’ iFolder data on a separate volume.

Version Data File System Support

iFolder 3.1 and later EXT3, ReiserFS, or NSS

iFolder 3.0 EXT3 or ReiserFS

5.2 Enterprise Server

We recommend that you install iFolder 3.x enterprise server and Web Access server after your OES Linux system is configured and running properly. You must post-install iFolder if you plan to use NSS volumes for your iFolder data because you cannot set up NSS volumes during an OES Linux install. However, if you plan to use a Linux traditional volume such as EXT3 or ReiserFS for your iFolder data, you can optionally install and configure iFolder when you install OES Linux.

• Section 5.2.1, “Prerequisites for the Operating System,” on page 46

• Section 5.2.2, “Install Guidelines When Using an NSS Volume to Store iFolder Data,” on

page 46

• Section 5.2.3, “Install Guidelines When Using a Linux Traditional Volume to Store iFolder

Data,” on page 47

• Section 5.2.4, “Install Guidelines for Other Components,” on page 47

Prerequisites and Guidelines

• Section 5.2.5, “Installing the OES Linux Server,” on page 48

5.2.1 Prerequisites for the Operating System

novdocx (ENU) 01 February 2006

Novell iFolder 3.2 and earlier is designed to work only on the Novell Open Enterprise Server for

Linux (OES Linux) platform, which is comprised of specific versions of the SUSE

Linux

Enterprise Server platform and the basic OES applications and services.

IMPORTANT: iFolder 3.2 server and earlier does not support SUSE Linux Enterprise Server without the basic OES applications and services. It also does not support OES NetWare.

iFolder 3.x requires the following versions of the OES Linux server:

iFolder Version OES Linux Version

iFolder 3.2 Novell Open Enterprise Server Support Pack 2 for SUSE Linux Enterprise Server 9

Support Pack 3 (OES SP2 Linux)

iFolder 3.1 Novell Open Enterprise Server Support Pack 1 for SUSE Linux Enterprise Server 9

Support Pack 2 (OES SP1 Linux)

iFolder 3.0 Novell Open Enterprise Server for SUSE Linux Enterprise Server 9 Support Pack 1

(OES Linux)

There is no upgrade or migration path from Novell iFolder 2.1x and earlier versions of iFolder.

For information, see the Novell Open Enterprise Server product site (http://www.novell.com/

products/openenterpriseserver).

5.2.2 Install Guidelines When Using an NSS Volume to Store iFolder Data

Modify the OES Linux install and configuration to comply with the following guidelines:

•In YaST, on the Installation Settings page, reconfigure the Partitioning settings as needed to support using NSS.

• Specify a ReiserFS (default) or EXT3 partition as your system device.

• NSS volumes are configured after the install is complete. If you plan to use NSS volumes, some deployment scenarios require that you modify the partitioning to use EVMS (Enterprise Volume Management System) as the device manager of the system device instead of LVM (Linux Volume Manager, default) or a third-party volume manager. Make sure to compare your storage deployment plan to those listed in “Installing Linux with

EVMS as the Volume Manager of the System Device” in the OES Linux Installation

Guide to determine if you need to do this.

For example, if you have only a single device on the server (such as a single physical disk or a hardware RAID 1 or RAID 5 device) and you plan to configure an NSS volume to use as your iFolder data volume, you must modify your partitioning to use EVMS to manage the device.

• In YaST, on the Installation Settings page, modify the Software components to add the NSS package to the install. Plan to install iFolder after your OES Linux server is set up and you have created an NSS volume to use.

46 Novell iFolder 3.x Administration Guide

• In YaST, on the Installation Settings page, make sure you do not add the iFolder 3 or iFolder 3 Web Access components to the install. You will install them later.

• After the OES Linux system is up and running, use the Storage plug-in to iManager to create the NSS volume, create a directory at the volume root, then use YaST to install and configure iFolder. Make sure to specify the path to the directory as the iFolder data store during the iFolder configuration.

5.2.3 Install Guidelines When Using a Linux Traditional Volume to Store iFolder Data

• In YaST, specify an EXT3 or ReiserFS partition as your system device.

• (Optional) Modify the Software components to add the iFolder 3 or iFolder 3 Web Access components to the install.

If you install iFolder at this time, be prepared to configure iFolder as part of the install process. See the following:

• Section 6.2, “Configuring the iFolder Enterprise Server,” on page 53

• Section 6.3, “Configuring the iFolder Web Access Server,” on page 55

novdocx (ENU) 01 February 2006

5.2.4 Install Guidelines for Other Components

We recommend that your iFolder enterprise server and Web Access server run on separate dedicated servers. For small office use, both enterprise server and Web access server can run on the same server without degraded performance. For best performance, configure your iFolder server as an independent system with, at most, the following services:

• OES Linux (Minimum predefined server plus graphics support and NSS if desired)

• Novell eDirectory 8.7.3 (can be configured on a different OES server)

• Novell iManager 2.5 (can be configured on a different OES server)

• Novell iFolder 3.x (typically post-installed on an OES Linux server)

• Enterprise server

• Web Access server (can be installed and configured on a different OES Linux server)

• Mono (The Mono package is required for iFolder 3.x enterprise server and for Web Access server.)

• Apache 2 Web Server (The apache2-worker package is required for iFolder 3.x enterprise server and for Web access server.)

• Other iFolder dependencies as noted in YaST by the iFolder 3.x and iFolder 3.x Web Access install packages.

Installing other applications or services on the iFolder server affects iFolder performance and might introduce conflicts with the required versions of applications iFolder depends on, such as Apache 2 or Mono.

Prerequisites and Guidelines 47

5.2.5 Installing the OES Linux Server

For detailed information about prerequisites, installation, and configuration of your OES Linux server, see the OES for Linux Installation Guide (http://www.novell.com/documentation/oes/

install_linux/data/front.html).

5.3 Novell eDirectory 8.7.3

Novell eDirectoryTM 8.7.3 is a secure identity management solution that provides centralized identity management, infrastructure, Net-wide security, and scalability to all types of applications running behind and beyond the firewall. It natively supports the directory standard Lightweight Directory Access Protocol (LDAP) 3 and provides support for TLS/SSL services based on the OpenSSL source code. eDirectory is available as a component of Novell Open Enterprise Server.

Before you configure iFolder, eDirectory must be configured and running. In iFolder, you specify LDAP containers and groups that contain User objects of users who you want to be iFolder users. You must create contexts and define users in eDirectory. For information, see the following topics in the Novell eDirectory 8.7.3 Administration Guide (http://www.novell.com/documentation/edir873/

edir873/data/a2iii88.html):

novdocx (ENU) 01 February 2006

• “Designing Your Novell eDirectory Network” (http://www.novell.com/documentation/edir873/

edir873/data/a2iiido.html)

• “Managing User Accounts” (http://www.novell.com/documentation/edir873/edir873/data/

afxkmdi.html)

Make sure your LDAP objects comply with the naming conventions for your LDAP services. For information, see Section 3.3, “Naming Conventions for Usernames and Passwords,” on page 32.

5.4 Novell iManager 2.5

Novell iManager 2.5 is a Web-based administration console that provides secure, customized access to network administration utilities and content. Before you can configure the Novell iFolder 3 plugin for iManager, iManager must be installed and configured.

For information, see the Novell iManager 2.5 Administration Guide (http://www.novell.com/

documentation/imanager25/imanager_admin_25/data/hk42s9ot.html).

5.5 Mono

Novell iFolder 3.x requires the Mono® framework for Linux. Mono is a development platform for running and developing modern applications. Based on the ECMA/ISO Standards, Mono can run existing programs that target the .NET or Java frameworks. The Mono Project is an open source effort led by Novell and is the foundation for many new applications. For information about Mono, see the Mono Project Web site (http://www.mono-project.com/Main_Page).

The required version of Mono is included on the .iso files. Mono is installed automatically as a dependency of iFolder during the install of the iFolder enterprise server or the Web Access server.

The iFolder clients for Linux and Macintosh also require Mono 1.1.7. The required version of Mono is packaged in the iFolder client installation files that you distribute to your users. For information, see Section 6.7, “Distributing the iFolder Client to Users,” on page 62. Linux and Macintosh users

48 Novell iFolder 3.x Administration Guide

must install both iFolder and Mono packages. For information, see “Getting Started” in the iFolder

User Guide for Novell iFolder 3.2

Make sure to use the required version of Mono. If you have a different version of Mono on your OES Linux server, uninstall it before you install iFolder.

Novell iFolder 3.x supports only the version of Mono included in its install software. If you need to upgrade Mono for another reason, please check our online documentation to see if we explicitly support that version and to learn any necessary steps to make the upgrade work correctly. For information, see the latest version of the online documentation on the Novell iFolder 3.x

Documentation Web site (http://www.novell.com/documentation/ifolder3).

5.6 Client Computers

The iFolder client supports the following workstation operating systems:

• Novell Linux Desktop 9 and later (requires Mono 1.1.7.1.44342 for Linux)

• Windows 2000/XP/2003 with the latest .NET support patches

• Macintosh OS X v10.3 and later (requires Mono 1.1.7.2 for Macintosh).

novdocx (ENU) 01 February 2006

The Mono modules you need for this release are included on the .iso files for iFolder 3.x.

Make sure you have installed the latest critical updates for your operating system or .NET.

5.7 Web Browser

You need one or more of the following supported Web browsers on the computer you use to access iManager and on the client computers:

• Mozilla* Firefox*

• Microsoft* Internet Explorer

• Safari* on Macintosh

Prerequisites and Guidelines 49

novdocx (ENU) 01 February 2006

50 Novell iFolder 3.x Administration Guide

Installing and Configuring iFolder

novdocx (ENU) 01 February 2006

Services

This section describes how to install and configure Novell® iFolder® 3.x enterprise and Web Access servers.

• Section 6.1, “Installing iFolder on an Existing OES Linux Server,” on page 51

• Section 6.2, “Configuring the iFolder Enterprise Server,” on page 53

• Section 6.3, “Configuring the iFolder Web Access Server,” on page 55

• Section 6.4, “Installing the Novell iFolder 3 Plug-In for iManager,” on page 57

• Section 6.5, “Accessing iManager and the Novell iFolder 3 Plug-In,” on page 59

• Section 6.6, “Provisioning Users and iFolder Services,” on page 60

• Section 6.7, “Distributing the iFolder Client to Users,” on page 62

• Section 6.8, “Updating Novell iFolder 3.x,” on page 64

• Section 6.9, “Updating Mono for the Server and Client,” on page 64

• Section 6.10, “Uninstalling the iFolder 3.x Enterprise Server,” on page 65

• Section 6.11, “What’s Next,” on page 65

6.1 Installing iFolder on an Existing OES Linux

Server

We recommend that you install iFolder after your server operating system is installed and all storage services are configured. The following procedure describes how to install iFolder enterprise server, iFolder Web access server, or both of the servers on an existing OES Linux platform. If you install only one of the iFolder servers, repeat the entire install process for the other on a second OES Linux server.

The Novell iFolder install modules are available on media for the Support Pack releases of OES Linux.

NOTE: If you used the Minimum install option for your OES Linux server, which has no GUI installed, the iFolder services configuration is done with the YaST 2 text-based interface. For example, there are no check boxes and clicking is not possible. Use the standard methods for navigating the text-based interface to achieve the tasks as described here.

1 Before you begin, make sure your OES Linux system setup meets the “Prerequisites and

Guidelines” on page 45.

2 If you have previously installed Mono on your OES SP1 server, make sure the permissions on

Mono directories are set correctly.

This should set the rights correctly for Mono, and enable iFolder 3.1 enterprise server to run.

2a On your Linux computer, open a shell window.

2b At the prompt, log in as the root user by entering su, then entering your root password.

Installing and Configuring iFolder Services

2c At the prompt, enter

cd /usr/lib

2d Change the Mono permissions in the /usr/lib directory. At the prompt, enter

chmod 755 -R mono

2e At the prompt, enter

cd /etc

2f Change the Mono permissions in the /etc directory. At the prompt, enter

chmod 755 -R mono

3 Open YaST2 using one of the following methods:

• On your desktop, click the YaS T shortcut icon to launch YaST, then enter the root password when prompted.

• At a terminal, log in as the root user, then enter

yast2

4 In the left menu, select Software, then select Install and Remove Software.

A window appears in the upper left with a Filter drop-down menu preselected to the Search option.

novdocx (ENU) 01 February 2006

5 Use the Filter drop-down menu to specify the Selections option.

6 You can install the iFolder 3 Enterprise Server and Web Access Server on the same computer or

on different computers. Do one or both of the following, depending on your deployment preferences:

•iFolder 3: In the left Selections menu, locate and select Novell iFolder 3, then select its check box to signify that you want to install the RPMs for Novell iFolder 3 and its dependencies.

• iFolder 3 Web Access: In the left Selections menu, locate and select Novell iFolder 3 Web Access, then select its check box to signify that you want to install the RPMs for

Novell iFolder 3 Web Access and its dependencies.

IMPORTANT: If you install only one of the components, repeat the entire install process for the other on your second server.

You might need to scroll down to locate the entries. All of the RPMs in the Package list should be selected for install (check mark) or for upgrade (green and black arrow icon).

7 If you encounter any dependency conflicts, resolve them before continuing.

8 To begin the installation, click Accept at the bottom right of the screen.

9 When the installation is complete, close YaST.

10 Continue with one or both of the following as needed:

• Section 6.2, “Configuring the iFolder Enterprise Server,” on page 53

• Section 6.3, “Configuring the iFolder Web Access Server,” on page 55

IMPORTANT: If you have problems with Mono after the install, check the POSIX* permissions on Mono directories to make sure they comply with the settings in Step 2 of the iFolder installation.

52 Novell iFolder 3.x Administration Guide

6.2 Configuring the iFolder Enterprise Server

After you install the iFolder enterprise server, you must configure the iFolder services, including the LDAP, iFolder system, and iFolder administration settings.

IMPORTANT: If you install iFolder when you install OES Linux, the same parameters described in this procedure are available as an integrated part of the server install. However, you cannot choose an NSS volume as the iFolder System Store Path because NSS volumes cannot be created during the server platform install.

1 If you plan to use an NSS volume as the System Store Path for the users’ iFolder data, use

iManager to create the NSS volume, then create a directory on the volume.

For information, see “Managing NSS Volumes” in the Novell Storage Services File System

Administration Guide for OES.

2 Log in to the server as the root user, or open a terminal console, enter su, then enter a

password.

3 Start YaST, click Network Services, then click iFolder 3.

4 Follow the Yast on-screen instructions to proceed through the Novell iFolder 3 configuration.

The following table summarizes the decisions you make.

novdocx (ENU) 01 February 2006

IMPORTANT: If you ever need to run the configuration again, you can modify any field except the System Store Path and the iFolder User Login Based on Which LDAP Attribute options. These parameter settings cannot be modified after the initial configuration.

Install Settings Description

LDAP Server Configuration

• Local or Remote Directory Server: Select Local if your LDAP directory services are running on the same server as the iFolder 3 enterprise server. Otherwise, select Remote.

• Directory Server Address: If directory services are Remote, specify the IP address of the LDAP server to use for this iFolder enterprise server.

• LDAP Admin Name: The fully distinguished name of the Admin user with administrative rights to LDAP. This information is needed during the configuration to create User objects for the administrative iFolder Proxy user. The LDAP schema is not extended.

Specify an existing username and an existing context. If the user does not already exist, the username is created only if the context is valid.

For example:

cn=admin.o=acme

• LDAP Admin Password: Specify the LDAP Admin user’s password.

• iFolder User Login Based on Which LDAP Attribute: Specify which

LDAP attribute of the User account to apply when authenticating users. Each user enters a Username in this specified format at login time. Options are Common Name (cn, default) and e-mail address (mail). This setting cannot be changed after the install.

For example, if a user named John Smith has a common name of jsmith and e-mail of john.smith@example.com, this field determines whether the user enters jsmith or john.smith@example.com as the Username when logging in to the iFolder server.

Installing and Configuring iFolder Services 53

Install Settings Description

novdocx (ENU) 01 February 2006

iFolder System Configuration

• System Name: A unique name to identify your iFolder 3 server.

For example, IF3EAST Server.

• System Store Path: The case-sensitive location where this iFolder enterprise server stores the iFolder 3.x application files and the users’ iFolders and files. This location cannot be modified after the initial configuration.

The store path should not be set at the root of a volume, such as the root (/) or the root of a mount point (for example, /mnt/ifolder3). Make sure to add a standard directory to the end of the path.

For example, if you store the data on a ReiserFS volume, the store path might be any one of the following:

/var/opt/novell/ifolder3/data

/ifolder3/data

/mnt/ifolder3/data

For example, if you store the data on an NSS Volume, the store path might be:

/media/nss/NSSVOL/ifolder3/data

If you use an NSS volume, you must set up NSS file system trustee rights for the Web services user object wwwrun before restarting your web services as explained in Step 5.

• System Description: A descriptive label for your iFolder 3 server.

For example, iFolder 3 Eastern Server.

iFolder Admin Configuration

• iFolder Admin DN: The iFolder Admin user manages iFolder services with the iFolder 3 plug-in to iManager. If it does not already exist, this user is created and granted the necessary rights to manage all iFolder services. Specify the fully distinguished name of the iFolder Admin user.

For example:

cn=ifolderadmin.o=acme

• iFolder Admin User Password: The password to use for the iFolder Admin user. Type the password again to verify the entry.

• Proxy Context: The existing context where you want to create the iFolder Proxy user. A generated username and password are used to create the user in the specified context, then the user is granted the Read right to LDAP. The generated username is iFolderProxyxxxx, where xxxx is a four-digit random number.

For example:

o=acme

You should never have to modify the user and password for the iFolder Proxy user, but it is possible. For information, see Section 8.4.2,

“Modifying the iFolder LDAP Settings,” on page 85.

5 If you are using an NSS volume to store user data, you must set up NSS file system trustee

rights for the Web services user object wwwrun before restarting your web services. At a terminal console prompt, log in as the root user or equivalent, then enter

rights -f /media/nss/NSSVOL -r rwfcem trustee wwwrun.ou.o.treename

54 Novell iFolder 3.x Administration Guide

If you ever get An Internal Error has occurred error message within the iManager plug-in, this is a sure sign that you have not set up file system trustee rights within NSS properly.

6 When the system prompts you to restart the Apache server, accept the option by clicking Ye s,

then restart the Apache server and Tomcat Web application. This is necessary to use the new settings.

6a Open a terminal console, then log in as the root user.

6b Stop the Apache server by entering either of the following commands at the prompt:

/etc/init.d/apache2 stop

rcapache2 stop

6c Stop Tomcat by entering either of the following commands at the prompt:

/etc/init.d/novell-tomcat4 stop

rcnovell-tomcat4 stop

6d Start Tomcat by entering either of the following commands at the prompt.

/etc/init.d/novell-tomcat4 restart

rcnovell-tomcat4 start

6e Start Apache by entering either of the following commands at the prompt:

/etc/init.d/apache2 start

rcapache2 start

7 Go to Novell iManager to install the Novell iFolder 3 plug-in or to manage iFolder services.

novdocx (ENU) 01 February 2006

For information, see Installing the Novell iFolder 3 Plug-In for iManager. Use the plug-in to provision users for services and to manage iFolder services, user access, and iFolders.

6.3 Configuring the iFolder Web Access Server

After you install the iFolder Web Access server, you must specify which iFolder enterprise server it supports and the user-friendly URL that users enter in their Web browsers to access it.

IMPORTANT: If you install iFolder when you install OES Linux, the same parameters described in this procedure are available as an integrated part of the server install.

Configuring Web Access

1 Log in as the root user, or open a terminal console, enter su, then enter a password to log in as

root.

2 Start YaST to refresh its list of installed configuration modules.

3 When YaST opens, click Network Services, then click iFolder 3 Web Access.

4 Follow the Yast on-screen instructions to proceed through the iFolder 3 Web Access

configuration. The table summarizes the decisions you make.

Installing and Configuring iFolder Services 55

Install Settings Description

Web Access Alias The user-friendly path for accessing iFolder services on the specified

iFolder 3 enterprise server.

For example:

/ifolder

iFolder Server URL The iFolder 3 Web Access server and the iFolder 3 enterprise server can

reside on the same computer or on different computers. Specify the URL and port number of the iFolder 3 enterprise server served by this instance of Web Access.

Make sure to specify secure HTTP (https://) in the URL for secure communications between the enterprise server and the Web Access server. HTTPS (SSL) encrypts information transmitted over shared IP networks and the Internet. It helps protect your sensitive information from data interception or tampering.

By default, the iFolder enterprise server is configured to communicate with the iFolder Web Access server via SSL (HTTPS). For most deployments, this setting should not be changed. If the iFolder deployment is small so that you can install both the Web Access server and the iFolder enterprise server on the same machine, you can optionally specify HTTP (http://) to use clear traffic, which would increase the performance of local communications between the two servers.

novdocx (ENU) 01 February 2006

For example, use https://192.168.1.1:443 (different servers) or http://localhost:80 (same server).

5 When the system prompts you to restart the Apache server, accept the option by clicking Yes .

Restarting Apache is necessary to use the new settings.

6 (Optional) Tune the performance of the Web Access server by configuring its HTTP runtime

parameters.

For information, see Section 9.4, “Configuring the HTTP Runtime Parameters,” on page 97.

7 If it is not already installed, go to Novell iManager to install the Novell iFolder 3 plug-in or to

manage iFolder services.

For information, see Installing the Novell iFolder 3 Plug-In for iManager. You use the plug-in to provision users for services and to manage iFolder services, user access, and iFolders. There are no specific Web Access settings to with the plug-in.

Reconfiguring Web Access

If you run the iFolder 3.x Web Access configure again, a new link is created on the Novell iFolder

3.x Welcome page to point to the new Web Access Alias. It does this whether you actually change the alias or not. It does not delete the old link when it adds the new one. Each Web Access link in the iFolder Links area of the Welcome page is indistinguishable by its link name alone.

After you finish reconfiguring Web Access, you must manually remove the old URL from the WebLink section in the /var/opt/novell/tomcat4/webapps/welcome/WEB-INF/ XMLData/ifolder3.xml file.

56 Novell iFolder 3.x Administration Guide

For example, edit the file to remove a WebLink section like this one where the Web Access Alias value is ifolder:

<URLDescriptor>Open iFolder 3.x Web Access</URLDescriptor>

<Login>

<URL>https://%*reqservername%/ifolder</URL>

</Login>

</WebLink>

6.4 Installing the Novell iFolder 3 Plug-In for iManager

Before you can manage Novell iFolder 3 services, you must install the iFolder iManager Module for Novell iManager 2.5. After it is installed, this plug-in is named Novell iFolder 3 in the iManager Roles and Tasks list.

novdocx (ENU) 01 February 2006

Make sure you meet prerequisites, then use one of the methods for installing the iFolder plug-in:

• Section 6.4.1, “Prerequisites,” on page 57

• Section 6.4.2, “Installing a Plug-In When RBS Is Not Configured,” on page 58

• Section 6.4.3, “Installing a Plug-In When RBS Is Configured,” on page 58

6.4.1 Prerequisites

Novell iManager 2.5

If you have not already done so, install Novell iManager 2.5 on the same or different server as your iFolder server. For information, see Novell iManager 2.5 Installation Guide (http://

www.novell.com/documentation/imanager25/imanager_install_25/data/hk42s9ot.html)

Role-Based Services

The iFolder 3 plug-in supports the optional use of Role Based Services (RBS) in Novell iManager. RBS gives you the ability to assign specific tasks to iManager admin users and to present the admin user with only the tools necessary to perform a specified set of tasks or manage only objects as determined by their roles. What admin users see when they access iManager is based on their role assignments in Novell eDirectory

For information, see “Configuring Role-Based Services” (http://www.novell.com/documentation/

edir873/edir873/data/a31aexm.html) in the Novell eDirectory 8.7.3 Administration Guide (http:// www.novell.com/documentation/edir873/edir873/data/a2iii88.html)

. Only the roles and tasks assigned to that user are displayed.

Installing and Configuring iFolder Services 57

6.4.2 Installing a Plug-In When RBS Is Not Configured

If you do not have Role-Based Services (RBS) configured for Novell eDirectoryTM, install the iFolder Manager Module as follows:

1 In a Web browser, log in to iManager on the iFolder server where you installed iManager.

https://ifolder.example.com/nps/iManager.html

Replace ifolder.example.com with the IP address (such as 192.168.1.1) or the DNS name of the iFolder server.

If you installed iManager on a different server in the same tree as your iFolder server, log in to iManager on that server.

2 In the toolbar, click the Configure icon (person seated behind a desk).

3 In Roles and Tasks, expand Module Installation, then click Available Novell Plug-In Modules.

4 Locate the iFolder iManager Module plug-in, select its plug-in check box, then click Install.

This install takes a few minutes. You should receive a message confirming a successful install.

5 Click OK to dismiss the message, then close iManager.

6 Stop and start the Tomcat servlet engine by entering the following command at the terminal

console:

/etc/init.d/novell-tomcat4 restart

Tomcat sometimes requires several minutes to fully initialize. Wait at least 5 minutes before trying to log in to iManager.

novdocx (ENU) 01 February 2006

7 Verify that the plug-in is enabled by opening iManager in a Web browser and checking to see if

the Novell iFolder 3 plug-in appears in the list of Roles and Tasks.

For information, see Section 6.5, “Accessing iManager and the Novell iFolder 3 Plug-In,” on

page 59.

8 Continue with Section 6.6, “Provisioning Users and iFolder Services,” on page 60.

6.4.3 Installing a Plug-In When RBS Is Configured

If you are running iManager in Assigned Mode and have RBS configured for eDirectory, complete the following steps to install the iFolder iManager Module.

IMPORTANT: To re-install an existing plug-in, you must first delete the rbsModule object for that plug-in from eDirectory, using the Module Configuration > Delete RBS Module task.

1 In a Web browser, log in to iManager as an RBS Collection Owner on the system where you

installed iFolder.

https://ifolder.example.com/nps/iManager.html

Replace ifolder.example.com with the IP address (such as 192.168.1.1) or the DNS name of the iFolder server.

2 In the toolbar, click the Configure icon (person seated behind a desk).

3 In Roles and Tasks, expand Module Installation, then click Available Novell Plug-In Modules.

4 Locate the iFolder iManager Module, select its plug-in check box, then click Install.

58 Novell iFolder 3.x Administration Guide

This install takes a few minutes. You should receive a message confirming a successful install.

5 Click OK to dismiss the message, then close iManager.

6 Stop and start the Tomcat servlet engine by entering the following command at the terminal

console:

/etc/init.d/novell-tomcat4 restart

Tomcat sometimes requires several minutes to fully initialize. Wait at least 5 minutes before trying to log in to iManager.

7 After Tomcat initializes, in a Web browser, log in to iManager as a Collection Owner again.

8 Click the Configure icon.

9 Under Role-Based Services, select RBS Configuration.

The table on the Collections tabbed page displays modules ready to update.

10 Locate the collection where you want to install the plug-in, then click its Out-of-Date number.

The iFolder iManager Module plug-in should be displayed under Modules Not Yet Installed column.

11 Select the iFolder iManager Module plug-in.

12 Click Update.

novdocx (ENU) 01 February 2006

13 Wait for the Completed message, then click OK to continue.

14 Verify that the plug-in is enabled by opening iManager in a Web browser and checking to see if

the Novell iFolder 3 plug-in appears in the list of Roles and Tasks.

For information, see Section 6.5, “Accessing iManager and the Novell iFolder 3 Plug-In,” on

page 59.

15 Continue with Section 6.6, “Provisioning Users and iFolder Services,” on page 60.

6.5 Accessing iManager and the Novell iFolder 3 Plug-In

The Novell iFolder 3 plug-in to Novell iManager 2.5 is the tool used to manage your iFolder server. For information, see Section 6.4, “Installing the Novell iFolder 3 Plug-In for iManager,” on page 57.

1 Open a Web browser to the iManager Login page by entering the following location:

http://servername.example.com/nps/iManager.html

Replace servername.example.com with the DNS name or IP address (such as

192.168.1.1) of the OES Linux server where you installed iManager. This might be the

same or different computer where you installed iFolder 3.x or iFolder 3.x Web Access.

2 (Conditional) If prompted to accept the server’s certificate, review the certificate information,

then click OK to accept it if it is valid.

Installing and Configuring iFolder Services 59

3 On the iManager Login page, specify the Admin username and password you created during

the OES Linux install, then click Login.

The user name can be specified as contextless (such as admin) or with the context (such as cn=admin.o=acme). You must use a dot delimiter in fully distinguished names when working in iManager.

The iManager Web management interface opens with Roles and Tasks listed in the navigator on the left.

novdocx (ENU) 01 February 2006

4 In Roles and Tasks , click Novell iFolder 3 > System.

The Connect Login page opens.

5 Log in to connect to the iFolder 3.x enterprise server you want to manage.

For information, see Section 8.2, “Connecting to the iFolder Server,” on page 82.

Novell iFolder 3.x opens to the System Management page, which consists of a tabbed list of the main administrative functions that can be performed on iFolder.

6.6 Provisioning Users and iFolder Services

After you configure your Novell iFolder 3.x enterprise server, you must specify containers and groups as Search DNs in the LDAP settings. iFolder uses these to provision user accounts.

• Section 6.6.1, “Prerequisites,” on page 61

60 Novell iFolder 3.x Administration Guide

• Section 6.6.2, “Configuring the Search DNs for Provisioning Users,” on page 61

• Section 6.6.3, “Synchronizing the List of Provisioned Users with the LDAP Directory,” on

page 62

6.6.1 Prerequisites

iFolder Plug-Ins

The iFolder plug-in in Novell iManager 2.5 must be installed, and the iManager server must be running. For information, see Section 6.4, “Installing the Novell iFolder 3 Plug-In for iManager,” on

page 57.

Users and LDAP Contexts

The contexts you plan to use as Search DNs in the LDAP settings must exist in the LDAP directory; they are not created and configured from within the iFolder plug-in.

For information about configuring user, group, and container objects, see the Novell eDirectory

8.7.3 Administration Guide (http://www.novell.com/documentation/edir873/treetitl.html).

novdocx (ENU) 01 February 2006

6.6.2 Configuring the Search DNs for Provisioning Users

All users in the containers and groups listed in the iFolder LDAP settings’ Search DN field are automatically provisioned as iFolder users.

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select LDAP to open the System page to the LDAP tab, then click Modify.

3 Repeat the following for each context you want to add or modify:

3a Specify the context:

•Add: Type the DN of the LDAP context you want to add in the Search DN field.

•Search: To search, click the Search icon to open a browsable list of LDAP objects,

then select the context to add.

The LDAP object selector is not available if you logged into iManager in a different LDAP tree than the one where the Server Host (iFolder’s LDAP server) resides.

•Edit: To edit a value, select it from the list of Search DNs, click the Edit icon (pen), then make your changes.

DNs are entered in LDAP format. For example:

o=acme

ou=group,o=acme

Embedded help for completing the fields is available if you mouse-over the field.

The iFolder Admin User is provisioned for services during the install. It is tracked by its GUID, so it is available even if the Search DN is empty, or if you specify Search DNs that do not contain the Folder Admin user. This identity must be provisioned to enable the iFolder Admin to perform management tasks.

3b Click OK to apply the change.

Installing and Configuring iFolder Services 61

4 Continue with Section 6.6.3, “Synchronizing the List of Provisioned Users with the LDAP

Directory,” on page 62.

To modify LDAP settings at any time, see Section 8.4, “Configuring the LDAP Settings for an

iFolder Server,” on page 84.

6.6.3 Synchronizing the List of Provisioned Users with the LDAP Directory

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select LDAP to open the System page to the LDAP tab, then click Modify.

3 Click Update and Synchronize Now.

During LDAP synchronization, the iFolder server queries the LDAP server to retrieve a list of users in the DNs as specified in the Search DN field. This might take several minutes, depending on the size of your LDAP directory.

4 Continue with Section 6.7, “Distributing the iFolder Client to Users,” on page 62.

The iFolder User list is updated periodically based on the LDAP synchronization interval. Whenever you remove users from a LDAP Search DN, or remove contexts from the Search DN list, you should synchronize the list immediately using Update and Synchronize now to enforce your changes. For information, see Section 8.4.6, “Synchronizing the iFolder User List with the LDAP Server,” on

page 89.

novdocx (ENU) 01 February 2006

6.7 Distributing the iFolder Client to Users

After you configure iFolder services on the enterprise server, users can download the install files for the iFolder client from the iFolder 3.x Welcome page.

NOTE: iFolder 3.x does not support a silent install (that is, a scriptable non-interactive install) on any platform. A silent install is possible the Linux client using its .rpm files, but it is not supported.

• Section 6.7.1, “Configuring the iFolder 3.x Welcome Page,” on page 62

• Section 6.7.2, “Accessing the iFolder 3.x Welcome Page,” on page 63

• Section 6.7.3, “Downloading the iFolder Client,” on page 63

• Section 6.7.4, “Installing the iFolder Client,” on page 64

6.7.1 Configuring the iFolder 3.x Welcome Page

The iFolder 3.x enterprise server installs the client install files in the /var/opt/novell/ tomcat4/webapps/ifolder3-client/ directory. The references to these files are in the / var/opt/novell/tomcat4/webapps/welcome/WEB-INF/XMLData/ ifolder3.xml file.

After the iFolder 3.x enterprise server install, you must restart Tomcat 4 to install the iFolder 3.x link in the OES Welcome pages.

Stop and start the Tomcat servlet engine by entering the following commands at the terminal console:

62 Novell iFolder 3.x Administration Guide

/etc/init.d/novell-tomcat4 stop

/etc/init.d/novell-tomcat4 start

Tomcat sometimes requires several minutes to fully initialize. Wait at least 5 minutes before trying to access the OES Welcome pages.

6.7.2 Accessing the iFolder 3.x Welcome Page

1 Open a Web browser to the following location to open the server’s Welcome page:

http://ifolder3.example.com

Replace ifolder3.example.com with the DNS name or the IP address (such as

192.168.1.1) of the Novell iFolder 3.x enterprise server.

2 In the left navigator, click iFolder 3.x to open the iFolder 3.x Welcome page.

novdocx (ENU) 01 February 2006

6.7.3 Downloading the iFolder Client

On the iFolder 3.x Welcome page, users can select one of the following client links to download the install files for the iFolder client for Novell iFolder 3.x:

Link Name Operating System Filename

iFolder 3.x Linux Client Novell Linux Desktop 9 and later ifolder3-linux.tar.gz

iFolder 3.x Windows Client Windows 2000/XP/2003 ifolder3-windows.exe

iFolder 3.x Mac Client Macintosh OS X v10.3 and later ifolder3-mac.tar.gz

After expanding the tar.gz files, users are ready to install the iFolder client and its dependencies with the following files:

Installing and Configuring iFolder Services 63

iFolder Client Install Files

iFolder for Linux ../linux/ifolder3 directory

ifolder3-3.x.yyyymmdd-1.i686.rpm

nautilus-ifolder-3.x.yyyymmdd-1.i586.rpm

simias-1.0.yyyymmdd-1.i686.rpm

../linux/mono directory

gtk-sharp-1.0.9-0.sles9.novell.i586.rpm

libgdiplus-1.1.7-1.ximian.i586.rpm

mono-core-1.1.7.x-xxxxx-x.novell.i586.rpm

mono-data-1.1.7..x-xxxxx-x.novell.i586.rpm

mono-web-1.1.7..x-xxxxx-x.novell.i586.rpm

xsp-1.0.9-0.novell.noarch.rpm

iFolder for Windows ifolder3-windows.exe

iFolder for Mac ifolder3-3.x.yyyymmdd.dmg

novdocx (ENU) 01 February 2006

MonoFramework-1.1.7..x-x.dmg

6.7.4 Installing the iFolder Client

For information about prerequisites and installation, see “Getting Started” in the iFolder User Guide

for Novell iFolder 3.2.

6.8 Updating Novell iFolder 3.x

As patches become available for iFolder 3.x and the iFolder client, they are delivered to the OES Patch channel. Any iFolder server or client patches or updates can be installed through ZENworks

Linux Management (formerly Red Carpet

) channels.

• The iFolder client for Windows checks for updates on the server whenever a user logs in, and prompts the user to install a new update if it exists.

• Patches or updates to the iFolder client for Linux and Macintosh must be delivered through a customer-hosted channel, so that your users have access to them. For information on how to set up a customer-hosted channel, please see documentation for ZENworks Linux Management or Red Carpet.

6.9 Updating Mono for the Server and Client

Novell iFolder 3.x supports only the version of Mono included in the install software. The iFolder client for Linux or Macintosh supports only the version of Mono included in the install software for those platforms. Whenever a Novell iFolder 3.x patch or upgrade includes updates for the iFolder client, the update software also includes any updates for Mono on Linux and Macintosh. You can update Mono concurrently with the iFolder updates on the server or client.

If you need to upgrade Mono for another reason, please check our online documentation to see if we explicitly support that version and to learn any necessary steps to make the upgrade work correctly.

64 Novell iFolder 3.x Administration Guide

For information, see the latest version of the online documentation on the Novell iFolder 3.x

Documentation Web site (http://www.novell.com/documentation/ifolder3).

6.10 Uninstalling the iFolder 3.x Enterprise Server

Use YaST to uninstall the iFolder 3.x enterprise server .rpm file. Uninstalling iFolder 3.x software also removes the Simias store, including all data in /var/opt/novell/ifolder3/simias/ SimiasFiles, from the server.

IMPORTANT: During the uninstall, all user data and iFolder share information on the server is destroyed.

If you want to keep the iFolder data store and share information, make sure to make a backup of the data before you uninstall iFolder. The users still have a local copy of all their data, which might not be the most up-to-date version, depending on when they last synchronized their files.

When the server is re-installed, each of the iFolder clients must remove the old iFolder account and re-create it, even if the server IP address for the iFolder account has not changed. Users must also set up iFolders and share relationships again.

novdocx (ENU) 01 February 2006

6.11 What’s Next

You have now installed and configured your Novell iFolder 3.x enterprise server and provisioned iFolder services for users. To set up system policies for iFolder services, continue with Chapter 8,

“Managing iFolder Services,” on page 81.

Provisioned iFolder users can install the Novell iFolder 3.x client on their workstations, create iFolders, and share iFolders with other authorized Novell iFolder users. For information, see the

iFolder User Guide for Novell iFolder 3.2.

Installing and Configuring iFolder Services 65

novdocx (ENU) 01 February 2006

66 Novell iFolder 3.x Administration Guide

Managing an iFolder Enterprise

novdocx (ENU) 01 February 2006

Server

This section describes how to manage your Novell® iFolder® 3.x enterprise server on Novell Open Enterprise Server platform.

• Section 7.1, “Starting iFolder Services,” on page 67

• Section 7.2, “Stopping iFolder Services,” on page 67

• Section 7.3, “Restarting iFolder Services,” on page 67

• Section 7.4, “Managing the Simias Log and Simias Access Log,” on page 68

• Section 7.5, “Backing Up the iFolder Server,” on page 69

• Section 7.6, “Backing Up the iFolder Store with the TSAIF,” on page 70

• Section 7.7, “Recovering from a Catastrophic Loss of the iFolder Server,” on page 77

• Section 7.8, “Recovering Individual Files or Directories,” on page 78

• Section 7.9, “Moving iFolder Data from One iFolder Server to Another,” on page 79

7.1 Starting iFolder Services

iFolder services start whenever you reboot the system or whenever you start Apache services.

As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 start

7.2 Stopping iFolder Services

iFolder services stop whenever you stop the system or whenever you stop Apache services.

As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 stop

7.3 Restarting iFolder Services

If you need to restart iFolder services, you must stop and start Apache services:

As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 stop

/etc/init.d/apache2 start

Avoid using the Apache Restart command. If any other modules using the Apache instance do not exit immediately in response to the Apache Restart command, iFolder might hang.

Managing an iFolder Enterprise Server

7.4 Managing the Simias Log and Simias Access Log

On the iFolder enterprise, there are two logs that track events:

•Simias Log: The /simias/Simias.log file contains status messages about the health of the Simias Service.

• Simias Access Log: The /simias/Simias.access.log file contains file access events for data and metadata about iFolders, users, membership in shared iFolders, and so on. It reports the success of the event and identifies who did what and when they did it. For example, if a file was deleted on the server, it identifies the user who initiated the deletion.

Review the logs whenever you need to troubleshoot problems with your iFolder system.

The Simias Log4net file (/simias/Simias.log4net) allows you specify output location of the log files and what events are recorded at run time. Its parameters are based on, but not compliant with, the Apache Logging Services (http://logging.apache.org/log4net). The following parameters are modifiable:

novdocx (ENU) 01 February 2006

Parameters Description Examples

Location and name of the log

Maximum size of the log file

How much logged data to retain

The location of the log file. Specify the full path where the file is located on the computer, including the volume, intermediate directories, and filename.

The maximum size of the log file. When the file grows to this size, the content is rolled over into a backup file and the recording continues in the now-empty file. A period and sequential number are appended to the filename of the backup log files, such as

Simias.log.1 and Simias.log.2.

For size, specify the number and unit, such as 10MB or 20MB, with no space between them.

The maximum number of backup log files that are kept before they are overwritten. The log rolls over sequentially until the maximum number of backups are created, then overwrites the oldest log file.

68 Novell iFolder 3.x Administration Guide

Parameters Description Examples

novdocx (ENU) 01 February 2006

Level of Simias Services messages

(Use only for the Simias.log.)

Fields to report for file access events

(Use only for the Simias.access.log.)

The type of messages or level of detail you want to capture for the log. Valid levels include the following:

OFF

FATAL

ERROR

WARN

INFO

DEBUG

ALL

Specify which fields to report and the order you want them to appear for each entry. Valid fields include the following:

date

time method (program call or event) status (success or failure)

user uri (relative path of the file in an

iFolder)

id (node key)

<header value="#version:

1.0 #Fields:\td ate\ttime\tmethod\tstatu s\tuser\turi\tid\t & #xA;" />

The fields are tab delimited (\t) by default, but you can specify a space or tab character in front of the field name to serve as a delimiter.

In the Log4net terminology, each output destination is defined in an XML appender tag. If you do not want to log events for the Simias Service or for file access, comment out (!--) the related appender tag and its child elements for that log file.

7.5 Backing Up the iFolder Server

1 Stop the iFolder server by entering the following command as root user:

/etc/init.d/apache2 stop

2 Use your normal file system backup procedures to back up the following data:

• Simias store directory

The default location is /var/opt/novell/ifolder3/simias.

• Simias configuration file

The default locations are /var/lib/wwwrun/.local/share/simias/

Simias.config or /home/wwwrun/.local/share/simias/ Simias.config.

3 Start the iFolder server by entering the following command as root user:

Managing an iFolder Enterprise Server 69

/etc/init.d/apache2 start

7.6 Backing Up the iFolder Store with the TSAIF

The Target Service Agent (TSA) for Novell iFolder 3.x supports the back up of the iFolder store.

• Section 7.6.1, “Understanding TSAIF,” on page 70

• Section 7.6.2, “Syntax,” on page 71

• Section 7.6.3, “iFolder Path Options,” on page 71

• Section 7.6.4, “iFolder Path Examples,” on page 73

• Section 7.6.5, “SMSConfig Options,” on page 73

• Section 7.6.6, “TSAIF and SMSConfig Examples,” on page 74

• Section 7.6.7, “NBackup Options,” on page 74

• Section 7.6.8, “TSAIF and NBackup Examples,” on page 75

• Section 7.6.9, “Additional Information,” on page 76

novdocx (ENU) 01 February 2006

7.6.1 Understanding TSAIF

iFolder TSA

Novell Storage Management Services (SMS) is an API framework that backup applications consume to provide a complete backup solution. The SMS framework is implemented by two main components: The Storage Management Data Requester and the Target Service Agent.

The TSA provides an abstraction of a particular backup target. The TSA uses native interfaces to read target data and transforms it to a continuous stream of data objects. The data objects are formatted in the ECMA standard System Independent Data Format (SIDF).

The TSA for iFolder (TSAIF) provides an implementation of the SMS API for an iFolder store. Backup applications, such as nbackup(1), can make use of its features by writing to the SMS API.

iFolder and Simias

iFolder is built upon Simias technology. Simias is a general-purpose object repository that provides a foundation for building collaborative solutions. A Simias Collection store contains Collection objects. At a minimum, a Simias Collection store contains a Local Database Collection and one or more Domain Collections. The Local Database Collection controls access to the physical storage of the Collection store on the file system. A Domain Collection contains a list of members in a given domain. For example, a Domain might contain all the members from a given LDAP directory. Each Collection is owned by exactly one Domain member.

An iFolder is a type of Simias Collection that has a root directory on the file system. Each file or subdirectory in the iFolder’s root directory has a corresponding FileNode or DirNode in the Collection. An iFolder store is a Simias Collection store that contains one or more iFolders and includes the directories and files associated with the iFolders.

For more information on the iFolder and Simias technologies, see the iFolder Project at

www.ifolder.com (http://www.ifolder.com).

70 Novell iFolder 3.x Administration Guide

iFolder TSA Granularity

TSAIF supports creating archives that contain the following:

• The entire iFolder store

• All iFolders owned by a specified Domain member

• An individual iFolder

TSAIF supports restoring the following:

• The entire iFolder store

• All iFolders owned by a specified Domain member

• An individual iFolder

• An individual subdirectory in an iFolder

• An individual file in an iFolder

The entire iFolder store should be backed up regularly. In certain cases, a backup administrator might choose to back up an individual iFolder or to back up all iFolders owned by a specific owner. These special-case archives can be restored only to the same iFolder store from which they were backed up.

novdocx (ENU) 01 February 2006

IMPORTANT: If you are restoring an entire iFolder and want to ensure that it is in the exact state it was in when it was backed up, you should first delete it from the server using a client or the iFolder 3 plug-in for iManager.

Deleting the iFolder is not necessary to restore any or all of the files in the iFolder; the difference is in what metadata is given preference during the restore. If you do not delete the iFolder before restoring, the attributes of the iFolder, such as the owner, members, file type or size restrictions, remain as they are in the current version.

7.6.2 Syntax

At an OES Linux server terminal console, enter

smsconfig -l tsaif [OPTION]...

The -1 option registers the TSAIF with the Storage Management Data Requester (SMDR).

TSAIF uses the libtsaif.so file. The library implements all the necessary service functions to backup an iFolder target.

7.6.3 iFolder Path Options

The top-level resource for an iFolder store is / (a single forward slash) and represents the root of the iFolder store. The paths for iFolder data objects are specified relative to the root of the iFolder store, using the syntax of the Network File System (NFS) namespace. iFolder paths are logical paths into an iFolder store and do not correspond directly to file system paths.

Managing an iFolder Enterprise Server 71

Parameter Description

novdocx (ENU) 01 February 2006

path

owner

owner-name

owner-id

collection

collection-name

collection-id

relative-path

iFolder path such as the following:

/owner

/owner/collection

/owner/collection/relative-path

owner-name.owner-id

Collection owner name (Simias.Storage.Collection.Owner.Name)

Collection owner ID (Simias.Storage.Collection.Owner.ID)

collection-name.collection-id

Collection name (Simias.Storage.Collection.Name)

Collection ID (Simias.Storage.Collection.ID)

Relative path such as

file

subdir

subdir/relative-path

file

subdir

name of file on file system

name of subdirectory on file system

The \fIowner-id\fR and \fIcollection-id\fR are required because \fIownername\fR and \fIcollection-name\fR are not guaranteed to be unique. Using both the

name and ID properties to identify Collections and Collection owners provides a “friendly” name along with the required unique identifier.

In many configurations, the names of Collections and Collection owners are unique. For example, if Domain members are obtained from an LDAP directory, it is not likely that two members would have the same username. Likewise, it would be unusual for an owner to give two iFolders the same name.

Although a backup application must pass both the name and ID to TSAIF, it might display only the name to the backup administrator to simplify the user interface. The ID would need to be displayed to the backup administrator only when two Collections, or two Collection owners, have the same name and the backup administrator wants to perform an operation on only one of them.

The name of the Collection or Collection owner can be obtained by stripping off the pattern

".????????-????-????-????-????????????"

from the first two components of the path TSAIF returns to the backup application.

72 Novell iFolder 3.x Administration Guide

7.6.4 iFolder Path Examples

The following examples show how to use iFolder paths to backup and restore data at different levels in the iFolder store.

Back up or restore the entire iFolder store.

/myOwner.12345678-1234-1234-1234-123456789abc

Back up or restore all Collections owned by myOwner.

/myOwner.12345678-1234-1234-1234-123456789abc/myCollection.223456781234-1234-1234-123456789abc

Back up or restore the Collection named myCollection. If the Collection is an iFolder, all files and directories in the iFolder will be backed up or restored along with the Simias data in the Collection store.

/myOwner.12345678-1234-1234-1234-123456789abc/myCollection.223456781234-1234-1234-123456789abc/myFile

novdocx (ENU) 01 February 2006

Back up or restore the file named myFile in the root directory of the iFolder along with its Simias data from the Collection store.

/myOwner.12345678-1234-1234-1234-123456789abc/myCollection.223456781234-1234-1234-123456789abc/mySubdir

Back up or restore the subdirectory named mySubdir in the root directory of the iFolder along with its Simias data from the Collection store, and recursively backup or restore each file and subdirectory in mySubdir along with its respective Simias data.

7.6.5 SMSConfig Options

The TSAIF command is not a standalone shell command; it is exercised using smsconfig. All configuration options are managed via smsconfig. The TSAIF can be configured during registration and the configuration persists until TSAIF is unloaded.

All long options (options that have the format --optionname) are case insensitive.

Option Command

--help

--ReadBufferSize

Displays the options supported by the TSA.

This is the amount of data (Bytes) read from the Simias store and/or file system by a single read operation. This switch is based on the buffer sizes used by the applications. For example, if the application requests 32 KB of data for each read operation, set the buffer size to 32 KB to allow the TSA to service the application better. This value works well with Simias store and/or file system reads if set in multiples of 512 Bytes. The default value is 64 KB.

--ReadThreadsPerJob

This enables the TSA to read data ahead of the application request during backup. This switch is based on the number of processors in the system. This switch can also be used to influence the disk activity based on system configuration. The default value is 4.

Managing an iFolder Enterprise Server 73

Option Command

novdocx (ENU) 01 February 2006

--ReadThreadAllocation

--ReadAheadThrottle

--CacheMemoryThreshold

This sets the maximum number of read threads that process a data set at a given time. This determines the percentage of ReadThreadsPerJob that should be allocated to a data set before proceeding to cache another data set. This enables the TSA to store a cache of data sets in a non sequential manner. This sets all read threads to completely process a data set before proceeding to another data set. The default value is 100.

This sets the maximum number of data sets that the TSA caches simultaneously. This prevents the TSA from caching parts of data sets and enables complete caching of data sets instead. Use this switch along with the ReadThreadAllocation switch. The default value is 2.

This is used to specify the percentage of available server memory that the TSA can utilize to store cached data sets. This represents a maximum percentage value of available server memory that the TSA uses to store cached data sets. The default value is 10% of the total server memory.

7.6.6 TSAIF and SMSConfig Examples

The following examples show how to perform typical TSAIF configuration for SMS.

smsconfig -l tsaif --help

Displays the options supported by the TSAIF.

smsconfig -l tsaif --readthreadsperjob=8

Sets the number of read threads that the TSAIF starts per job to 8.

smsconfig -l tsaif --readbuffersize=32768 --cachememorythreshold=15

Sets the read buffer size to 32KB and the maximum amount of cache memory that the TSAIF should use to 15%.

7.6.7 NBackup Options

TSAIF supports the following typical nbackup(1) options:

Option Command

--exclude-file=pattern

-F, --full-paths

-k, --keep-old-files

Excludes all files matching the name (owner, folder, or file) or pattern for back up or restore. Use this option multiple times to exclude more than one pattern.

Stores the full paths for both directories and files in the created archive.

Does not overwrite existing files while extracting files from the archive. Files are overwritten if this option is not present.

-N, --after-date=date

74 Novell iFolder 3.x Administration Guide

Backs up files newer than date.

Option Command

novdocx (ENU) 01 February 2006

-P, --password=password

-R, --remote-target=hostname

--target-type=target_name

-T, --input-file=file

-U, --user=username

The password to connect to the TSA. The password can be supplied at runtime.

Connects to the file system TSA of the host specified in hostname for backup. Use with the --target-type option.

Connects to the TSA specified by target_name, where the target name is Linux, NetWare, or iFolder.

Takes file containing fully qualified paths as input for creating archive. This file should contain one path per line.

Username to use while connecting to the TSA.

TSAIF does not support the following nbackup(1) options:

Option Command

-m, --move-to=path

-r, --restore-to="backup_path new_path"

Extracts the archive to the given path.

This does not work with TSAIF because iFolder puts files in a SimiasFiles directory.

Restores by replacing backup_path with new_path.

This does not work with TSAIF because iFolder puts files in a SimiasFiles directory.

If TSAIF cannot back up or restore a file, it skips the file and returns a warning. This can occur for various reasons. When this occurs, nbackup(1) creates a file with a .warn extension that contains a list of each file that was skipped along with the date and time it was skipped and the error code that was returned.

If files are skipped, try to resolve the issue, then run the operation again.

If you are unable to identify why the file was skipped, try running the operation again when the server is less busy.

If files are skipped during a restore, and if relatively few files are skipped, try individually restoring each skipped file.

7.6.8 TSAIF and NBackup Examples

The following examples show how to perform typical TSAIF backup and restore operations using NBackup.

Managing an iFolder Enterprise Server 75

novdocx (ENU) 01 February 2006

Backup or Restore Tas k

Full backup

Full restore

Owner backup

Owner restore

iFolder backup

iFolder restore

Command

nbackup -cvf full.sidf -U root -P password

--target-type=ifolder /

nbackup -xvf full.sidf -U root -P password

--target-type=ifolder

nbackup -cvf owner.sidf -U root -P password

--target-type=ifolder /owner

nbackup -xvf owner.sidf -U root -P password

--target-type=ifolder

nbackup -xvf full.sidf -U root -P password

--target-type=ifolder --extract-dir=/owner

nbackup -cvf ifolder.sidf -U root -P password

--target-type=ifolder /owner/collection

nbackup -xvf ifolder.sidf -U root -P password

--target-type=ifolder

nbackup -xvf owner.sidf -U root -P password

--target-type=ifolder --extract-dir=/owner/collection

nbackup -xvf full.sidf -U root -P password

--target-type=ifolder --extract-dir=/owner/collection

If you are restoring an entire iFolder and want to ensure that it is in the exact state it was in when it was backed up, you should first delete the current iFolder from the server using a client or the iFolder 3 plug-in for iManager.

Subdirectory restore

nbackup -xvf ifolder.sidf -U root -P password

--target-type=ifolder

--extract-dir=/owner/collection/relative-path

nbackup -xvf owner.sidf -U root -P password

--target-type=ifolder

--extract-dir=/owner/collection/relative-path

nbackup -xvf full.sidf -U root -P

7.6.9 Additional Information

For more information about backup, see the following man pages on your iFolder enterprise server: nbackup(1), sms(7), smdrd(8), smsconfig(1), tsaif.conf(5).

76 Novell iFolder 3.x Administration Guide

7.7 Recovering from a Catastrophic Loss of the iFolder Server

If the iFolder server configuration or data store becomes corrupted, use your iFolder backup files to restore the database to its last good backup. Restoring the iFolder server to the state it was in at the time of the backup also reverts the iFolders on any connected iFolder clients to that same state.

IMPORTANT: All changes made since the time of the backup will be lost on all connected clients.

Consider the following implications of restoring iFolder data:

• Any new file or directory is deleted if it was added to an iFolder since the time of the backup.

• Any file that was modified is reverted to its state at the time of the backup.

• Any file or directory is restored if it was deleted since the time of the backup.

Before restoring the iFolder server, consider notifying all users to save copies of any files or directories they might have modified in their iFolders since the time of the last backup. After the iFolder server is restored, they can copy these files or directories back into their respective iFolders

novdocx (ENU) 01 February 2006

1 Notify users to save copies of iFolders or files that have changed since the time of the backup

you plan to use for the restore.

2 Stop the iFolder server by entering the following command as root user:

/etc/init.d/apache2 stop

3 Remove the following corrupted data:

• Simias store directory

The default location is /var/opt/novell/ifolder3/simias.

• Simias configuration file

The default locations are /var/lib/wwwrun/.local/share/simias/

Simias.config or /home/wwwrun/.local/share/simias/ Simias.config.

4 Use your normal file system restore procedures to restore the following data to its original

locations:

• Simias store directory

The default location is /var/opt/novell/ifolder3/simias.

• Simias configuration file

The default locations are /var/lib/wwwrun/.local/share/simias/

Simias.config or /home/wwwrun/.local/share/simias/ Simias.config.

5 Delete all files in the Simias log directory.

The default location is /var/opt/novell/ifolder3/simias/log/*.

IMPORTANT: Be careful not to modify anything else under the Simias store directory.

6 Start the iFolder server by entering the following command as root user:

/etc/init.d/apache2 start

Managing an iFolder Enterprise Server 77

7 Notify users that they can return their saved files to their iFolders for upload to the server.

Users should coordinate this with other members of the iFolder to avoid competing updates.

7.8 Recovering Individual Files or Directories

1 Collect information that uniquely identifies the file or directory to be recovered, such as a

combination of the following:

• iFolder name, such as MyiFolder

•iFolder owner

• iFolder member list

• Relative path of the file or directory, such as /MyDir1/MyDir2/myfile.txt

• Time stamp or approximate time of the version desired

• Other files or directories in the iFolder

2 Open a Web browser to iManager, then log in with your Admin username and password.

3 Under Roles and Tasks, expand Novell iFolder 3, select iFolders, then wait for the page to

refresh.

novdocx (ENU) 01 February 2006

4 If prompted, connect to the iFolder server where the iFolder is stored by entering the name of

the iFolder server and iFolder Admin user credentials as needed.

5 On the Search for iFolders page, search for the target iFolder, such as MyiFolder.

6 Under Search Results, click the Name link of the target iFolder, then note the path to its root

directory. For example:

/var/opt/novell/ifolder3/simias/SimiasFiles/62ba1844-6987-47fc83ab-84bbd5d6130b/MyiFolder

7 On the iFolder server, use your normal file system restore procedures to restore the target file or

directory from backup to a temporary location.

For example, restore /var/opt/novell/ifolder3/simias/SimiasFiles/

62ba1844-6987-47fc-83ab-84bbd5d6130b/MyiFolder/MyDir1/MyDir2/ MyFile to /tmp/MyFile.

IMPORTANT: Do not restore the file to its original location, or to any location under the Simias store directory.

8 Use one of the following methods to restore the recovered file to the target iFolder:

• Via E-Mail: Send the restored files or directory to the iFolder owner or to any member who has the Write right to the iFolder.

For example, e-mail the recovered file, such as /tmp/MyFile, to the user. A user with the Write right can restore the file to an iFolder simply by copying it back to the appropriate location on an iFolder client. For example, copy MyFile to /home/ username/MyiFolder/MyDir1/MyDir2/MyFile.

• Via Web Access: In iManager, expand the Novell iFolder 3 role, select Folders, search for the iFolder you want to manage, and then click the Name link for the iFolder. On the iFolder page, click Members, then add yourself as a member of the target iFolder.

In a Web browser, log in to iFolder 3.x Web Access, browse to locate and open the iFolder, then navigate to the directory where the files were originally located. Upload the file to the

78 Novell iFolder 3.x Administration Guide

iFolder. For example, upload MyFile to MyiFolder/MyDir1/MyDir2/MyFile. If necessary, create the directory you want to restore, then upload the files in it.

You can only upload one file at a time, so this option might be viable when only a few files need to be restored.

7.9 Moving iFolder Data from One iFolder Server to Another

You can relocate iFolder services and the iFolder data in the Simias Store from one iFolder server to another, such as if you want to migrate to a more powerful computer.

1 Notify users that the iFolder server is going down.

2 Stop iFolder services. As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 stop

3 Use your normal file system backup procedures to back up the following data:

• Simias store directory

The default location is /var/opt/novell/ifolder3/simias.

novdocx (ENU) 01 February 2006

• Simias configuration file

The default locations are /var/lib/wwwrun/.local/share/simias/

Simias.config or /home/wwwrun/.local/share/simias/ Simias.config.

4 Install and configure iFolder on the target server, using the same configuration information and

location as on the old computer, including the IP address.

5 On the target server, use your normal file system restore procedures to restore the following

data to its original locations:

• Simias store directory

The default location is /var/opt/novell/ifolder3/simias.

• Simias configuration file

The default locations are /var/lib/wwwrun/.local/share/simias/

Simias.config or /home/wwwrun/.local/share/simias/ Simias.config.

6 Start iFolder services. As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 start

7 Notify users that the server is back up.

8 Disconnect the original server from the network, then uninstall iFolder to remove iFolder

software and the iFolder data. Make sure to reconfigure its IP address before using it on the network again.

Managing an iFolder Enterprise Server 79

novdocx (ENU) 01 February 2006

80 Novell iFolder 3.x Administration Guide

Managing iFolder Services

This section discusses how to manage services for the Novell® iFolder® 3.x enterprise server with Novell iManager.

• Section 8.1, “Accessing the Novell iFolder 3 Plug-In for iManager,” on page 81

• Section 8.2, “Connecting to the iFolder Server,” on page 82

• Section 8.3, “Viewing General System Information,” on page 83

• Section 8.4, “Configuring the LDAP Settings for an iFolder Server,” on page 84

• Section 8.5, “Configuring System Policies,” on page 90

• Section 8.6, “Configuring iFolder Administrators,” on page 93

• Section 8.7, “Securing Enterprise Server Communications,” on page 94

8.1 Accessing the Novell iFolder 3 Plug-In for

novdocx (ENU) 01 February 2006

iManager

Use the Novell iFolder 3 plug-in for Novell iManager 2.5 to manage the iFolder system, user accounts, and iFolders. For information about iManager, see the Novell iManager 2.5

Administration Guide (http://www.novell.com/documentation/imanager25/imanager_admin_25/ data/hk42s9ot.html#bktitle).

1 Open a Web browser to the following URL:

https://svrname.example.com/nps/iManager.html

Replace svrname.example.com with the actual DNS name or IP address (such as

192.168.1.1) of the server where iManager is running. This might be the same server as your iFolder server.

IMPORTANT: The URL is case sensitive.

2 If prompted to verify the certificates, review the certificate information, then click Yes if it is

valid.

3 On the iManager Login page, log in as an admin user or equivalent.

The admin user can be the same or different user than the iFolder Admin user or equivalent.If the usernames do not have the effective iFolder Admin right needed to manage the iFolder server, you must specify the iFolder Admin user credentials whenever you log in to the iFolder server you want to manage.

If you log in to the Novell eDirectory you are modifying LDAP settings, you can browse the tree to specify containers or groups as Search DNs.

tree where the server you want to manage resides, if

However, if you log in to a different tree, you are unable to browse the tree; you must explicitly specify Search DNs to use for provisioning iFolder users.

Managing iFolder Services

4 In Roles and Tasks, expand the Novell iFolder 3 role to show its tasks.

5 Select any of the tasks to go to the Connection page where you log in to the iFolder server you

want to manage.

When you first log in to iManager or if you have disconnected from an iFolder server management session, any task you select takes you to the Connection page.

6 Continue with Section 8.2, “Connecting to the iFolder Server,” on page 82.

8.2 Connecting to the iFolder Server

novdocx (ENU) 01 February 2006

Although you are logged in to iManager, you must provide the iFolder administrator credentials to authenticate to the specific iFolder server you want to manage. The iFolder Admin username can be the same LDAP identity as your iManager Admin username, depending on how you configure your iFolder system.

If you are not logged in to an iFolder server, whenever you click a task under the Novell iFolder 3 role, the Connection page opens to allow you to log in to the iFolder enterprise server you want to manage. Log in with the iFolder Admin username and password for the target server.

NOTE: You cannot manage Novell iFolder 2.1x servers with the Novell iFolder 3 plug-in to iManager.

To connect to the iFolder server you want manage:

1 In a Web browser, log in to iManager.

For information, see Section 8.1, “Accessing the Novell iFolder 3 Plug-In for iManager,” on

page 81.

2 In Roles and Tasks, expand the Novell iFolder 3 role, then select the task you want to perform.

82 Novell iFolder 3.x Administration Guide

You can click any of the Novell iFolder 3 tasks to open the Connection page.

novdocx (ENU) 01 February 2006

3 Specify the DNS name or IP address of the iFolder enterprise server you want to manager.

For example, type svr1.example.com or 192.168.1.1.

4 Specify the port to use for your management session and indicate whether the port traffic is

secure (select Secure) or insecure (deselect Secure).

The default setting is Port 443 for secure traffic.

5 Do one of the following:

• If you logged in to iManager with the same username as the iFolder Admin user of the target server, select Authenticate Using Current iManager Credentials.

• If you logged in to iManager with a different username than the iFolder Admin user of the target server, deselect Authenticate Using Current iManager Credentials, then specify the iFolder Admin username and password.

6 Click OK to connect to the iFolder server.

7 (Conditional) If prompted to accept the server’s certificate, review the certificate information,

then click OK to accept it if it is valid.

When you are done managing the iFolder server, click Disconnect (located in the upper right corner) or close your Web browser to disconnect from the iFolder server you are managing. If you do not log out, the connection to the iFolder enterprise server remains open until your session times out, which can be a security risk.

8.3 Viewing General System Information

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

By default, the System option opens to the General tab on the Systems page.

2 View the following information:

Managing iFolder Services 83

Parameter Description

Domain Descriptive name of the iFolder enterprise server. Each server is an iFolder

domain.

Host Name The host portion of the DNS name of the server. For example, in

if3svr.example.com, if3svr is the host name.

Machine Name The local name of the server

OS The operating system as reported by Mono

UNIX.

User Name The username of the session that spawned the iFolder services process. For

example, wwwrun.

. Mono might report Linux as

novdocx (ENU) 01 February 2006

Total Disk Space Used

Total User Quotas The total combined administrative size (in MB) of space allocated for use by

The total combined physical size (in MB) of all iFolders on the system

iFolder users on this system. The administrative total can exceed the actual physical size of the system disks. Space is assigned as needed; it is not reserved.

If no space restrictions are set for iFolder user accounts, the system reports No Limit.

If space restrictions are set only for a subset of users, the reported size can be less than the current reported physical size.

8.4 Configuring the LDAP Settings for an iFolder Server

Use the LDAP Settings page to manage LDAP Settings for your iFolder server. In iManager, expand the Novell iFolder 3 role, then select System > LDAP to open the System page to the LDAP tab.

• Section 8.4.1, “Viewing the Current LDAP Settings,” on page 84

• Section 8.4.2, “Modifying the iFolder LDAP Settings,” on page 85

• Section 8.4.3, “What to Do If the iFolder Admin User Is Deleted from LDAP,” on page 88

• Section 8.4.4, “Securing Access to the iFolder Proxy User Password,” on page 88

• Section 8.4.5, “Modifying the iFolder Proxy User Password,” on page 88

• Section 8.4.6, “Synchronizing the iFolder User List with the LDAP Server,” on page 89

8.4.1 Viewing the Current LDAP Settings

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select LDAP to open the System page to the LDAP tab.

3 View the following information:

84 Novell iFolder 3.x Administration Guide

Parameter Description

Server Host The DNS name or IP address of the LDAP server. This might be the same or a

different server as your iFolder enterprise server or iFolder Web Access server.

Server Port The port used for exchanging information between LDAP server and the

iFolder enterprise server or Web Access server. Use port 636 (secure) or port 389 (insecure).

novdocx (ENU) 01 February 2006

Port Is Secure (SSL)

Proxy User DN The fully distinguished name of the iFolder Proxy user. For example:

Indicates whether the iFolder server is configured for SSL exchanges. If SSL is enabled on the server, the value is Yes; otherwise, the value is No.

cn=ifolderproxy,o=acme

This identity must have the Read right to the LDAP service. The Read right for the LDAP service is the default.

Proxy User Password

Search DNs The LDAP containers and groups where iFolder searches to compile a list of

Minimum Synchronization Interval

Synchronization on Start

The password is used to authenticate the iFolder Proxy user to the LDAP server when iFolder synchronizes users for the iFolder user list. This password must match the password stored in the iFolder Proxy user’s eDirectory object. For information, see Section 8.4.5, “Modifying the iFolder Proxy User

Password,” on page 88.

authorized users to provision for iFolder services on this enterprise server.

The interval of time (in seconds) between synchronization sessions with the LDAP server. For example, 86400 seconds (24 hours).

During an LDAP synchronization session, the iFolder server queries the LDAP server to retrieve a list of users in the contexts that are specified in the Search DN field, then synchronizes that list with its list of iFolder users. The interval timer is reset to the Synchronization Interval value at the end of a session. When the time elapses, another session is started.

If this option is enabled, the server synchronizes the LDAP information immediately upon server startup.

If this option is disabled, the synchronization of LDAP data is not performed until the specified Synchronization Interval has elapsed.

Values are Yes or No.

Last Synchronization Attempt

Last Successful Synchronization Time

The date and time of the most recent attempt to connect to the LDAP server to retrieve data.

The date and time that LDAP data was successfully retrieved from the LDAP server and the iFolder user list was updated.

8.4.2 Modifying the iFolder LDAP Settings

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select LDAP to open the System page to the LDAP tab, then click Modify.

3 Modify any of the following fields, then click OK to apply your changes.

Managing iFolder Services 85

Parameter Description

Server Host Specify the DNS name or IP address of the LDAP server.

This might be the same or a different server as your iFolder enterprise server or iFolder Web Access server. Make sure this new LDAP server is in the same LDAP tree as the original LDAP server that you specified as Server Host when you configured the iFolder enterprise server in YaST.

Server Port Specify port 636 (secure) or port 389 (insecure). If the LDAP server is on the

same machine as the iFolder servers, a secure port is unnecessary.

Default Value: 636

novdocx (ENU) 01 February 2006

Port Is Secure (SSL)

Proxy User DN The iFolder Proxy user is an existing proxy user identity used to access the

Specify whether the iFolder server is configured for SSL exchanges. If SSL is enabled on the server, the value is Yes; otherwise, the value is No.

Default Value: Yes

LDAP server with Read access to retrieve a list of authorized users. The proxy user is automatically created during the iFolder enterprise server configuration in YaST. The username is autogenerated to be unique on the system. For most deployments, this username should never change. Keep the autogenerated iFolder Proxy username.

The iFolder Admin user or equivalent can use the iFolder 3 plug-in for iManager to change the iFolder Proxy user identity in the LDAP settings for the iFolder server. Make sure that the user account assigned as the iFolder Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation and is also important because the proxy user password is stored in the file system on the iFolder server.

Specify the fully distinguished name of an existing user that you want to make the iFolder Proxy user. This identity must have the Read right to the LDAP directory. For example:

cn=iFolderProxy1234,o=acme

Make sure to also enter the new user’s password in the Proxy Password field.

After you modify the Proxy user, you might want to immediately synchronize the LDAP user lists, using the new iFolder proxy information; otherwise, it is not tested until the next scheduled synchronization of the user list. Use the Update and Synchronize option on the LDAP Settings page to synchronize the iFolder user list on demand and verify your new Proxy user settings. (In iManager, expand the Novell iFolder 3 role, select Systems, select the LDAP tab, then click Update and Synchronize Now.)

86 Novell iFolder 3.x Administration Guide

Parameter Description

novdocx (ENU) 01 February 2006

Proxy User Password

Search DNs Specify the LDAP containers and groups where iFolder 3.x searches for a list of

Specify the password twice, then click OK to update the password stored in the LDAP Settings.

Whenever you modify the Proxy User DN, you must also specify the password associated with the new iFolder Proxy user. The password is used to authenticate the iFolder Proxy user to the LDAP server when iFolder synchronizes users for the iFolder user list. This password must match the password stored in the iFolder Proxy user’s eDirectory object.

For information, see Section 8.4.5, “Modifying the iFolder Proxy User

Password,” on page 88.

authorized users to provision for iFolder services on this enterprise server. DNs are entered in LDAP format. For example:

o=acme

ou=group,o=acme

To add a DN, type it in the Search DN field, then click OK.

To edit a DN in the list, select it, then click the Edit icon (pen) to bring it to the Search DN field. Make your changes, then click OK to accept the changes.

To search, click the Search icon to open a browsable list of LDAP objects, select the container or group you want to add, then click OK. The LDAP Object selector is not available if you logged into iManager in a different LDAP tree than the one where the Server Host (iFolder’s LDAP server) resides.

Minimum Synchronization Interval

Synchronization on Start

To delete a DN from the list, select it, click the Delete icon (red X), then click OK. When you delete a DN from the Search DNs, users in that DN are removed from the iFolder user list the next time the iFolder server synchronizes LDAP information.

During LDAP synchronization, the iFolder server queries the LDAP server to retrieve a list of users in the DNs (as specified in the Search DN field). The usernames in the iFolder user list are matched against this official LDAP list. Any new user in the specified Search DNs are added to the iFolder user list. If a user is no longer in the specified DNs, the username is removed from the user list, any iFolders the user owns are orphaned and reassigned to the iFolder Admin user, and the user is removed as a member of other iFolders.

Specify the synchronization interval (in seconds) for the elapsed time to wait between attempts to retrieve an updated list of system users from the LDAP server.

Default Value: 86400 seconds (elapsed time of 24 hours from whenever the timer is reset)

Specify Yes to immediately synchronize the list of users with the LDAP server when you start the iFolder server, or specify No to wait until the specified Synchronization Interval has elapsed after startup to begin synchronizing.

Default Value: Yes

Managing iFolder Services 87

8.4.3 What to Do If the iFolder Admin User Is Deleted from LDAP

If the iFolder Admin user is accidentally deleted from LDAP, the iFolder enterprise server cannot be managed from iManager, but the iFolder server is still usable. All services continue to run under the existing settings.

1 In iManager, select the Users role, then re-create the iFolder Admin username with the same

GUID as the original iFolder Admin user.

2 Stop the iFolder server.

3 Edit the Simias.config file to add the new iFolder Admin user.

The default locations of the Simias.config file are the /var/lib/wwwrun/.local/ share/simias/ directory and the /home/wwwrun/.local/share/simias/

directory.

In the Domain section, modify the AdminDN value by entering the username of the iFolder Admin user in LDAP format. For example:

</section>

4 Start the iFolder server.

novdocx (ENU) 01 February 2006

8.4.4 Securing Access to the iFolder Proxy User Password

The password for the iFolder Proxy user is stored in clear text in the /var/lib/wwwrun/ .local/share/simias/Simias.config file on the iFolder enterprise server. To secure

access to the Simias.config file, administrators of the iFolder 3.x server computer must use every precaution to not inadvertently assign file system rights to the /var/lib/wwwrun/.local/ share/simias directory to unauthorized users.

To protect the password when authenticating to the LDAP server, make sure to configure the LDAP Server Port and Port Is Secure options in the iFolder LDAP settings for secure (default) communications between the servers and the LDAP server. For information, see Section 8.4.2,

“Modifying the iFolder LDAP Settings,” on page 85.

8.4.5 Modifying the iFolder Proxy User Password

Manage the iFolder Proxy user and password with the Users role in iManager, as you would for any network user. If you need to modify the iFolder Proxy User password, change it for the iFolder Proxy user object in eDirectory, then update the value stored in the iFolder enterprise server’s LDAP Settings for every server that uses that iFolder Proxy user. The Folder server cannot synchronize its list of users with the LDAP server until the passwords match in the LDAP User object and the eDirectory LDAP settings.

1 Log in to iManager in the tree where the LDAP server and iFolder enterprise server reside.

2 Modify the iFolder Proxy user password in its eDirectory object.

2a In Roles and Tasks, expand the eDirectory Users role, then click Modify User.

2b Specify the iFolder Proxy user in DN format or browse to locate the user object, then click

OK.

88 Novell iFolder 3.x Administration Guide

For example, type SimiasProxy.acme. The Modify User page opens to the General tab.

2c Click the Restrictions tab, then click Set Password (at the bottom of the page) to open the

Set Password dialog box.

2d Specify the password twice, then click OK.

2e Click OK to dismiss the confirmation message.

3 Update the iFolder Proxy user password stored in the iFolder server’s LDAP settings. Repeat

this process for every iFolder server that uses the same iFolder Proxy user.

3a In Roles and Tasks, expand the Novell iFolder 3 role, then click System.

3b If you are not connected to the iFolder server, specify the iFolder Admin credentials, then

click OK to open the Systems page.

3c Click the LDAP tab, then click Modify (at the bottom of the page) to open the Modify

LDAP Settings page.

3d Specify the Proxy User Password twice, then click OK.

Make sure you type the same password you entered for the LDAP user object. When the password updates, the LDAP Settings page opens.

4 Verify that the password in LDAP settings matches the password in eDirectory. In iManager

Roles and Tasks, expand the Novell iFolder 3 role, select Systems, select the LDAP tab, then click Update and Synchronize Now.

If the user list synchronization is successful, the passwords match and scheduled synchronizations of the user list should succeed.

novdocx (ENU) 01 February 2006

8.4.6 Synchronizing the iFolder User List with the LDAP Server

The iFolder user list includes enterprise users that are provisioned for iFolder services. The list is based on users found in the LDAP containers and groups that you specify as Search DNs in the LDAP settings for the iFolder enterprise server. The list comprises information about each user, such as a user’s username, full name, and LDAP GUID. The LDAP GUID matches the Simias GUID, which is used to uniquely identify the iFolder user in the iFolder system.

The user list is updated periodically and on-demand by retrieving a list of current LDAP users in the Search DNs. iFolder compares its user list with this master list and takes none, one, or both of the following actions to synchronize the user list.

• If there are new users in the retrieved list, those users are provisioned for iFolder services and added to the user list.

• If users were deleted from the LDAP containers and groups or if contexts were removed, the deleted users that were formerly in the iFolder user list are no longer eligible for iFolder accounts. Deleted users are removed from the list. The iFolders owned by the deleted users are marked as orphaned. If the deleted user was a member in other iFolders, the user is removed from the list of members.

For information, see Section 11.9, “Managing Orphaned iFolders,” on page 116.

Synchronizing at Regular Intervals

The LDAP Synchronization Interval determines the elapsed time between sessions with the LDAP server. During the synchronization session, iFolder retrieves and compiles a list of users in the

Managing iFolder Services 89

LDAP containers and groups that are specified as Search DNs, and then synchronizes the iFolder user list with this master list. The timer is reset when the synchronization session ends, whether the synchronization was successful or not. When the specified interval time elapses, a new session with the LDAP server is initiated.

IMPORTANT: Whenever you synchronize on demand, the interval timer is reset.

To change how often the user list is updated, modify the LDAP Synchronization Interval field on the Modify LDAP page. For information, see Section 8.4.2, “Modifying the iFolder LDAP Settings,” on

page 85.

Synchronizing On Demand

To force an immediate synchronization of user information:

1 In iManager, expand the Novell iFolder 3 role.

2 Select System, then wait for the page to refresh.

3 Select LDAP to open the System page to the LDAP tab.

4 Click Update and Synchronize Now.

novdocx (ENU) 01 February 2006

iFolder immediately connects to the LDAP server, retrieves and compiles a list of users in the specified Search DNs, synchronizes the iFolder user list with it, and automatically resets the interval timer for the LDAP Synchronization Interval.

5 Verify the successful update by confirming the time noted in the Last Successful

Synchronization Time field on the LDAP Settings tab.

The time should be after the time that you initiated the Updated and Synchronize Now command.

8.5 Configuring System Policies

Use the System Policies page to manage system-wide policies. In iManager Roles and Tasks, expand the Novell iFolder 3 role, then select System > Policy to open the System page to the Policy tab.

• Section 8.5.1, “Viewing the Current System Policies,” on page 90

• Section 8.5.2, “Modifying iFolder System Policies,” on page 91

8.5.1 Viewing the Current System Policies

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select Policy to open the System page to the Policy tab.

3 View the following information:

Parameter Description

User Disk Space Limit

90 Novell iFolder 3.x Administration Guide

Specifies the maximum total space that each user’s iFolder data is allowed to use, across all iFolders the user owns.

Parameter Description

novdocx (ENU) 01 February 2006

Maximum File Size Limit

File Type Restriction

Minimum Synchronization Interval

Specifies the maximum file size (in MB) that iFolder is allowed to synchronize. If a quota is specified, the effective maximum file size limit is the same as the quota.

Specifies a list of file types to include or to exclude from synchronization for all iFolders on the system.

If this option is enabled, specifies the minimum interval (in seconds) for synchronizing iFolder data for each user account. Larger values are more restrictive.

If the option is disabled, the value is No Limit.

The interval timer is reset to the Synchronization Interval value at the end of a synchronization session. When the time elapses, another session is started.

8.5.2 Modifying iFolder System Policies

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select Policy to open the System page to the Policy tab, then click Modify.

3 Select a Policy check box to enable the policy, specify values for the policy, then click OK to

apply it:

Parameter Description

Enable User Disk Space Limit

Deselect the check box to disable a system-wide quota.

Select the check box to enable a system-wide quota, then specify the total space quota (in MB) for a user’s account.

If you enable a system-wide quota that is less than a user’s current total space for iFolder data, the user’s data stops synchronizing until the data is decreased below the limit or until the quota is increased to a value that is larger than the user’s total space consumed.

Enabling or modifying the system-wide quota does not affect existing individual user quotas. Any existing user quota always overrides system-wide quota, whether the user quota is lower or higher than the system-wide quota.

Default Value: 100 MB

Managing iFolder Services 91

Parameter Description

novdocx (ENU) 01 February 2006

Enable Maximum File Size Limit

Deselect the check box to disable the Maximum File Size Limit policy. If the policy is disabled, the value is reported as No Limit.

Select the check box to enable the Maximum File Size Limit policy, then specify the maximum allowed file size in MB.

If a quota is specified, the default maximum file size limit is the same as the quota.

Consider the following demands on your system to determine an appropriate file size limit for iFolders in your environment:

• Intended use

• How often the largest files are modified

• How the applications that use the largest files actually save changes to the file (whole file or deltas)

• How frequently the files are synchronized by each member

• How many users share an iFolder

• Whether users access iFolder on the local network or across WAN or Internet connections

• The average and peak available bandwidth

Even if you set a very large value as a file size limit and if there is no quota to limit file sizes, the practical limit is governed by the file system on the user’s computer. For example, FAT32 volumes have a maximum file size of 4 GB minus 1 byte.

Enable File Type Restriction

Minimum Synchronization Interval

Default Value: Disabled, No Limit

Specify whether to restrict file types that are synchronized by inclusion or exclusion filters. You cannot set both.

Type a file extension, then click OK to add it to the list.

To edit an extension, select the value, click Edit (the pen icon), modify the entry, then click OK.

To enable a policy, select the check box, then specify the minimum synchronization interval in seconds. For example, a practical value is 600 seconds (10 minutes). Larger values are more restrictive.

To disable the policy, deselect the check box. The value is reported as No Limit.

Default Value: Enabled, value=0 seconds.

The effective minimum synchronization interval is always the largest value of the following settings:

• The system policy (default of zero), unless there is a user policy set. If a user policy is set, the user policy overrides the system policy, whether the user policy is larger or smaller in value.

• The local machine policy, or the setting on the client machine synchronizing with the server.

• The iFolder (collection) policy.

92 Novell iFolder 3.x Administration Guide

8.6 Configuring iFolder Administrators

In iManager, expand the Novell iFolder 3 role, select System > Administrators to open the System page to the Administrators tab.

• Section 8.6.1, “Understanding the iFolder Admin User,” on page 93

• Section 8.6.2, “Adding the iFolder Admin Right for a User,” on page 93

• Section 8.6.3, “Removing the iFolder Admin Right for a User,” on page 93

8.6.1 Understanding the iFolder Admin User

The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever iFolders are orphaned, ownership is transferred to the iFolder Admin user for re-assignment to another user or for deletion. You initially specify the iFolder Admin user during the iFolder enterprise server configuration in YaST. For information, see Section 6.2, “Configuring the iFolder

Enterprise Server,” on page 53.

The iFolder Admin user must be provisioned to enable the iFolder Admin to perform management tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP context in the tree, even those that are not identified as search contexts. The user’s movement can be tracked anywhere in the tree because it is known by the GUID, not the user DN.

novdocx (ENU) 01 February 2006

The iFolder Admin right can be assigned to other users so that they can also manage iFolder services for the selected server. Use the Administrators page in the Novell iFolder 3 plug-in to iManager to add or remove the iFolder Admin right for users. Only users who are in one of the contexts specified in the LDAP Search DN are eligible to be equivalent to the iFolder Admin user. For information, see

Section 8.4, “Configuring the LDAP Settings for an iFolder Server,” on page 84.

If you assign the iFolder Admin right to other users, those users are governed by the iFolder user list and Search DN relationship. The user is removed from the user list and stripped of the iFolder Admin right if you delete the user, remove the user’s context from the list of Search DNs, or move the user to a context that is not in the Search DNs.

8.6.2 Adding the iFolder Admin Right for a User

You add the iFolder Admin right to one user at a time, but you can assign it to multiple users.

Repeat the following process for each user who you want to become an iFolder Admin user:

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select Administrators to view a list of users with the iFolder Admin right.

3 Click Add to open the User Search page.

4 Search for the user who you want to give the iFolder Admin right.

5 Select the User check box next to the user, then select OK.

The username is added in the list of users with the iFolder Admin right.

8.6.3 Removing the iFolder Admin Right for a User

You can delete the iFolder Admin right from all users in the list except the original iFolder Admin user.

Managing iFolder Services 93

If you delete the iFolder Admin right from the username you used to log in to the server, you are immediately disconnected. You must log in to the iFolder server under a different username with the iFolder Admin right to continue managing the server.

You remove the iFolder Admin right for one user at a time. Repeat the following process for each user who you want to remove as an iFolder Admin user:

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select Administrators to view a list of users with the iFolder Admin right.

3 Select the User check box next to the user who you want to remove as an iFolder Admin user.

4 Click Remove.

5 Click OK to confirm, or click Cancel to back out of the action.

The username is removed from the list of users with the iFolder Admin right.

8.7 Securing Enterprise Server Communications

This section describes how to configure SSL traffic between the iFolder enterprise server and other components. HTTPS (SSL) encrypts information transmitted over shared IP networks and the Internet. It helps protect your sensitive information from data interception or tampering.

novdocx (ENU) 01 February 2006

• Section 8.7.1, “Using SSL for Secure Communications,” on page 94

• Section 8.7.2, “Configuring the SSL Cipher Suites for the Apache Server,” on page 95

• Section 8.7.3, “Configuring the Enterprise Server for SSL Communications with the LDAP

Server,” on page 95

• Section 8.7.4, “Configuring the Enterprise Server for SSL Communications with the iFolder

Client,” on page 96

• Section 8.7.5, “Configuring the Enterprise Server for SSL Communications with the Web

Access Server,” on page 96

• Section 8.7.6, “Configuring an SSL Certificate for the Enterprise Server,” on page 96

For information about configuring SSL traffic for the iFolder Web access server, see Section 9.5,

“Securing Web Access Server Communications,” on page 99.

8.7.1 Using SSL for Secure Communications

In a default deployment, the iFolder 3 enterprise server uses SSL 3.0 for secure communications between components as shown in the following table.

iFolder Component Web Access Server LDAP Server Client Web Browser

Enterprise Server

XXX

iFolder uses the SSL 3.0 protocol instead of SSL 2.0 because it provides authentication, encryption, integrity, and non-repudiation services for network communications. During the SSL handshake, the server negotiates the cipher suite to use, establishes and shares a session key between client and server, authenticates the server to the user, and authenticates the user to the server.

The key exchange method defines how the shared secret symmetric cryptography key used for application data transfer will be agreed upon by client and server. SSL 2.0 uses only RSA key

94 Novell iFolder 3.x Administration Guide

exchange, while SSL 3.0 supports a choice of key exchange algorithms, including the RC4 and RSA key exchange, when certificates are used, and Diffie-Hellman key exchange for exchanging keys without certificates and without prior communication between client and server. SSL 3.0 also supports certificate chains, which allows certificate messages to contain multiple certificates and support certificate hierarchies.

8.7.2 Configuring the SSL Cipher Suites for the Apache Server

To restrict connections to SSL 3.0 and to ensure strong encryption, we strongly recommend the following configuration for the Apache server’s SSL cipher suite settings.

• Use only High and Medium security cipher suites, such as RC4 and RSA.

• Remove from consideration any ciphers that do not authenticate, such as Anonymous DiffieHellman (ADH) ciphers.

• Use SSL 3.0, and disable SSL 2.0.

• Disable the Low, Export, and Null cipher suites.

To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite directive) in the /etc/httpd/conf/httpd.conf file.

novdocx (ENU) 01 February 2006

1 Stop the Apache server: At a terminal console, enter

/etc/init.d/apache2 stop

2 Open the /etc/httpd/conf/httpd.conf file in a text editor, then locate the

SSLCipherSuite directive in the Virtual Hosts section:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

3 Modify the plus (+) to a minus (-) in front of the ciphers you want to disable and make sure

there is a ! (not) before ADH:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:eNULL

4 Save your changes.

5 Start the Apache server: At a terminal console, enter

/etc/init.d/apache2 start

For more information about configuring strong SSL/TLS security solutions, see SSL/TLS Strong

Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) on the Apache.org Web

site.

8.7.3 Configuring the Enterprise Server for SSL Communications with the LDAP Server

By default, the iFolder enterprise server is configured to communicate via SSL with the LDAP Server. For most deployments, this setting should not be changed. If the LDAP server is on the same machine as the enterprise server, communications do not need to be secured with SSL.

1 In iManager, expand the Novell iFolder 3 role, select System, then wait for the page to refresh.

2 Select LDAP to open the System page to the LDAP tab, then click Modify.

Managing iFolder Services 95

3 In the Port Is Secure field, specify Yes to configure for SSL exchanges, or specify No for

insecure exchanges.

4 Click OK to apply your changes.

8.7.4 Configuring the Enterprise Server for SSL Communications with the iFolder Client

By default, the iFolder enterprise server is configured to require SSL. All iFolder client communication to the server is encrypted using the SSL protocol. In most deployments, this setting should not be changed because iFolder uses HTTP BASIC for authentication, which means passwords are sent to the server in the clear. Without SSL encryption, the iFolder data is also sent in the clear.

To modify the setting, edit the SSL parameters in the appSettings section of the /opt/ novell/ifolder3/web/web.config file on the enterprise server.

To configure secure Web traffic with SSL, modify the value of SimiasRequireSSL to Yes and the SimiasSSLPort to 443. For example:

novdocx (ENU) 01 February 2006

</appSettings>

To configure insecure Web traffice with HTTP BASIC, modify the value of SimiasRequireSSL to No and the SimiasSSLPort to 80. For example:

</appSettings>

8.7.5 Configuring the Enterprise Server for SSL Communications with the Web Access Server

By default, the iFolder enterprise server is configured to communicate via SSL with the iFolder Web Access server. For most deployments, this setting should not be changed. If the iFolder deployment is small and the Web Access server co-exists on the same machine as the iFolder enterprise server, an Administrator could reconfigure to disable SSL, which would increase the performance of local communications between the two servers.

Communications between the two servers are governed by the Web access server’s settings for SSL traffic. For information, see Section 9.5.3, “Configuring the Web Access Server for SSL

Communications with the Enterprise Server,” on page 100.

8.7.6 Configuring an SSL Certificate for the Enterprise Server

For information, see “Managing SSL Certificates for Apache” on page 133.

96 Novell iFolder 3.x Administration Guide

Managing an iFolder Web Access

novdocx (ENU) 01 February 2006

Server

This section describes how to manage your Novell® iFolder® 3.x Web Access server on Novell Open Enterprise Server.

• Section 9.1, “Starting iFolder Web Access Services,” on page 97

• Section 9.2, “Stopping iFolder Web Access Services,” on page 97

• Section 9.3, “Distributing the Web Access Server URL to Users,” on page 97

• Section 9.4, “Configuring the HTTP Runtime Parameters,” on page 97

• Section 9.5, “Securing Web Access Server Communications,” on page 99

9.1 Starting iFolder Web Access Services

iFolder Web Access services start whenever you reboot the system or whenever you start Apache services.

As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 start

9.2 Stopping iFolder Web Access Services

iFolder services stop whenever you stop the system or whenever you stop Apache services.

As a root user, enter the following command at the terminal console:

/etc/init.d/apache2 stop

9.3 Distributing the Web Access Server URL to Users

After you install and configure the iFolder Web Access server, distribute the URL of the server Login page to users.

For information about configuring the URL, see Section 6.3, “Configuring the iFolder Web Access

Server,” on page 55.

9.4 Configuring the HTTP Runtime Parameters

Two HTTP runtime parameters—Execution Time-Out (executionTimeout) and Maximum Request Length (maxRequestLength)—can affect the successful upload of a file to the Web Access server. The following table defines these run time parameters and their default values:

Managing an iFolder Web Access Server

Parameter Description

novdocx (ENU) 01 February 2006

executionTimeout

maxRequestLength

The interval of time in seconds to wait between the command to upload a file and the successful execution where the file is stored on the iFolder enterprise server. The default time out is 3 minutes.

Default Value: 180 (in seconds)

The maximum file size in bytes that a user is allowed to upload to the server via the Web Access server. The default maximum size is 10 MB for Web access. This maximum is a software hard limit. You can modify the maximum length for any value up to 10 MB.

Default Value: 10240 (in KB)

Using Web Access, a user can upload a local file to the user’s iFolder on the enterprise server. If the file does not upload successfully before the interval times out or if the file size exceeds the allowed maximum, the upload is stopped and reported as a failure. Because the Web browser is controlling the errors, a problem of timing out or exceeding the maximum size might result in a Bad Request or other generic error.

The Execution Time-Out and Maximum Request Length parameters must be configured with compatible settings in the /opt/novell/ifolder3/web/web.config file for the iFolder enterprise server and in the /opt/novell/ifolder3/webaccess/Web.config file for the Web Access server. The settings in Web.config for the enterprise server must be the same size or larger than the settings in ../webaccess/Web.config for the Web Access server.

For example, the following code is the httpRuntime element with the default settings in the ../

webaccess/Web.config file for Web Access:

<httpRuntime

executionTimeout="180"

maxRequestLength="10240"

To modify the httpRuntime parameters:

1 Stop iFolder.

2 Set the httpRuntime parameters on the iFolder Web Access server by editing the values in the /

opt/novell/ifolder3/webaccess/Web.config file.

3 If necessary, set the httpRuntime parameters on the iFolder enterprise server by editing the

values in the /opt/novell/ifolder3/web/web.config file.

IMPORTANT: Make sure the values are the same size or larger than those set for the Web Access server.

4 Start iFolder.

For example, to set the time-out to 5 minutes (300 seconds) and the maximum file size to 5 megabytes (5120 KB) for the Web Access server, modify its httpRuntime parameter values in the ../webaccess/Web.config file:

98 Novell iFolder 3.x Administration Guide

<httpRuntime

executionTimeout="300"

maxRequestLength="5120"

If the ../webaccess/Web.config values exceed the values in ../web/web.config for the enterprise server, you must also increase the sizes of runtime parameters in that file.

9.5 Securing Web Access Server Communications

This section describes how to configure SSL traffic between the iFolder Web Access server and other components. HTTPS (SSL) encrypts information transmitted over shared IP networks and the Internet. It helps protect your sensitive information from data interception or tampering.

• Section 9.5.1, “Using SSL for Secure Communications,” on page 99

• Section 9.5.2, “Configuring the SSL Cipher Suites for the Apache Server,” on page 99

• Section 9.5.3, “Configuring the Web Access Server for SSL Communications with the

Enterprise Server,” on page 100

novdocx (ENU) 01 February 2006

• Section 9.5.4, “Configuring the Web Access Server for SSL Communications with Web

Browsers,” on page 101

• Section 9.5.5, “Configuring an SSL Certificate for the Web Access Server,” on page 101

For information on how to configure SSL traffic on the iFolder enterprise server, see Section 8.7,

“Securing Enterprise Server Communications,” on page 94.

9.5.1 Using SSL for Secure Communications

In a default deployment, the iFolder 3.x Web Access server uses SSL 3.0 for secure communications between components as shown in the following table.

iFolder Component Enterprise Server LDAP Server Client Web Browser

Web Access Server

For more information about SSL 3.0, see Section 8.7.1, “Using SSL for Secure Communications,”

on page 94.

9.5.2 Configuring the SSL Cipher Suites for the Apache Server

To restrict connections to SSL 3.0 and to ensure strong encryption, we strongly recommend the following configuration for the Apache server’s SSL cipher suite settings.

• Use only High and Medium security cipher suites, such as RC4 and RSA.

• Remove from consideration any ciphers that do not authenticate, such as Anonymous DiffieHellman (ADH) ciphers.

• Use SSL 3.0, and disable SSL 2.0.

Managing an iFolder Web Access Server 99

• Disable the Low, Export, and Null cipher suites.

To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite directive) in the /etc/httpd/conf/httpd.conf file.

1 Stop the Apache server: At a terminal console, enter

/etc/init.d/apache2 stop

2 Open the /etc/httpd/conf/httpd.conf file in a text editor, then locate the

SSLCipherSuite directive in the Virtual Hosts section:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

3 Modify the plus (+) to a minus (-) in front of the ciphers you want to disable and make sure

there is a ! (not) before ADH:

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:eNULL

4 Save your changes.

5 Start the Apache server: At a terminal console, enter

/etc/init.d/apache2 start

novdocx (ENU) 01 February 2006

For more information about configuring strong SSL/TLS security solutions, see SSL/TLS Strong

Encryption: How-To (http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) on the Apache.org Web

site.

9.5.3 Configuring the Web Access Server for SSL Communications with the Enterprise Server

By default, the iFolder enterprise server is configured to communicate with the iFolder Web Access server via SSL. For most deployments, this setting should not be changed because iFolder uses HTTP BASIC for authentication, which means passwords are sent to the server in the clear. If the iFolder deployment is small and the Web Access server co-exists on the same machine as the iFolder enterprise server, an Administrator could reconfigure to disable SSL, which would increase the performance of local communications between the two servers.

The communication between the Web Access server and the iFolder enterprise server is determined during the YaST configuration of the Web Access server. Specify an https:// in the URL for the enterprise server for SSL (HTTPS) communications between the servers. Traffic between the two servers is secure. If you specify an http:// in the URL, HTTP is used for communications between the servers and traffic is insecure.

The setting is stored in the /opt/novell/ifolder3/webaccess/Web.config file under the following tag:

If you disable SSL between Web Access server and the enterprise server and if the two servers are on different machines, you must also disable the iFolder server SSL requirement. Because the enterprise SSL setting also controls the traffic between the enterprise server and the client, all Web traffic between servers and between the clients and the enterprise server would be insecure.

100 Novell iFolder 3.x Administration Guide

Novell IFOLDER 3 ADMINISTRATION GUIDE

Specifications and Main Features

Frequently Asked Questions

User Manual

Novell iFolder 3.x Administration Guide

About This Guide

1.1 Benefits of iFolder for the Enterprise

1.1.1 Seamless Data Access

Overview of Novell iFolder 3.x

1.1.2 Data Safeguards and Data Recovery

1.1.3 Reliable Data Security

1.1.4 Productive Mobile Users

1.1.5 Cross-Platform Client Support

1.1.6 Scalable Deployment

1.1.7 Simple Data and Account Management

1.1.8 No Training Requirements

1.2 Benefits of iFolder for Users

1.3 Enterprise Server Sharing

1.4 Key Components of iFolder

1.4.1 iFolder Enterprise Server

1.4.2 Novell iFolder 3 Plug-in to Novell iManager 2.5

1.4.3 iFolder Web Access

1.4.4 The iFolder Client

1.4.5 Shared iFolders

1.4.6 iFolder Access Rights

1.4.7 Account Setup for Enterprise Servers

1.4.8 Access Authentication

1.4.9 File Synchronization and Data Management

1.4.10 Synchronization Log

1.4.11 iFolder Client APIs

1.5 What’s Next

What’s New

2.1 What’s New in Novell iFolder 3.2 (OES SP2 Linux)

2.2 What’s New in Novell iFolder 3.1 (OES SP1 Linux)

2.3 What’s New in Novell iFolder 3.0 (OES Linux)

2.4 Comparison of 2.1x and 3.x Server Features and Capabilities

2.5 Comparison of 2.1x and 3.x Client Features and Capabilities

2.6 Comparison of 2.1x and 3.x Web Access Features and Capabilities

Planning iFolder Services

3.1 Security Considerations

3.2 Server Workload Considerations

3.3 Naming Conventions for Usernames and Passwords

3.4 Admin User Considerations

3.5 iFolder User Account Considerations

3.5.1 Preventing the Propagation of Viruses

3.5.2 Provisioning User Accounts

3.5.3 Setting Account Quotas

3.6 iFolders Data and Synchronization Considerations

3.6.1 Naming Conventions for an iFolder and Its Folders and Files

3.6.2 Guidelines for File Types and Sizes to Be Synchronized

3.7 Management Tools

3.7.1 iFolder Configuration Plug-Ins for YaST

3.7.2 Novell iFolder 3 Plug-In for Novell iManager 2.5

3.7.3 Web Access Configuration File

Coexistence and Migration Issues

4.1 Coexistence of iFolder 3.x and 2.1x Servers

4.2 Coexistence of the iFolder Client with Novell iFolder 1.x and 2.x Clients

4.3 Migrating from iFolder 2.1x to 3.x Server

Prerequisites and Guidelines

5.1 File System

5.2 Enterprise Server

5.2.1 Prerequisites for the Operating System

5.2.2 Install Guidelines When Using an NSS Volume to Store iFolder Data

5.2.3 Install Guidelines When Using a Linux Traditional Volume to Store iFolder Data

5.2.4 Install Guidelines for Other Components

5.2.5 Installing the OES Linux Server

5.3 Novell eDirectory 8.7.3

5.4 Novell iManager 2.5

5.5 Mono

5.6 Client Computers

5.7 Web Browser

Installing and Configuring iFolder Services

6.2 Configuring the iFolder Enterprise Server

6.3 Configuring the iFolder Web Access Server

6.4 Installing the Novell iFolder 3 Plug-In for iManager

6.4.1 Prerequisites

6.4.2 Installing a Plug-In When RBS Is Not Configured

6.4.3 Installing a Plug-In When RBS Is Configured

6.5 Accessing iManager and the Novell iFolder 3 Plug-In

6.6 Provisioning Users and iFolder Services