Novell IFOLDER 3.7 Administration Guide
Novell®
www.novell.com
Administration Guide
novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
iFolder
3.7
December 2008
®
OES 2 SP1: Novell iFolder 3.7 Administration Guide
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please
refer to the Novell International Trade Services Web Page (http://www.novell.com/info/exports/) for more
information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary
export approvals.
novdocx (en) 13 May 2009
Copyright © 2004-2008 Novell, Inc. All rights reserved. Permission is granted to copy, distribute, and/or modify this
document under the terms of the GNU Free Documentation License (GFDL), Version 1.2 or any later version,
published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the GFDL can be found at the GNU Free Documentation Licence (http://www.fsf.org/licenses/
fdl.html).
THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE
TERMS OF THE GNU FREE DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING THAT:
1. THE DOCUMENT IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE DOCUMENT
OR MODIFIED VERSION OF THE DOCUMENT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A
PARTICULAR PURPOSE, OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY, ACCURACY,
AND PERFORMANCE OF THE DOCUMENT OR MODIFIED VERSION OF THE DOCUMENT IS WITH
YOU. SHOULD ANY DOCUMENT OR MODIFIED VERSION PROVE DEFECTIVE IN ANY RESPECT, YOU
(NOT THE INITIAL WRITER, AUTHOR OR ANY CONTRIBUTOR) ASSUME THE COST OF ANY
NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES
AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER; AND
2. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER IN TORT (INCLUDING
NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL THE AUTHOR, INITIAL WRITER, ANY
CONTRIBUTOR, OR ANY DISTRIBUTOR OF THE DOCUMENT OR MODIFIED VERSION OF THE
DOCUMENT, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER
INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE,
COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER DAMAGES OR LOSSES ARISING
OUT OF OR RELATING TO USE OF THE DOCUMENT AND MODIFIED VERSIONS OF THE DOCUMENT,
EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web Page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see The Novell Documentation Web page (http://www.novell.com/documentation).
novdocx (en) 13 May 2009
Novell Trademarks
For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/
legal/trademarks/tmlist.html)
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 13 May 2009
Contents
About This Guide 13
1 Overview of Novell iFolder 3.7 15
1.1 Benefits of iFolder for the Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.1 Seamless Data Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.2 Data Safeguards and Data Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.1.3 Reliable Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.1.4 Encryption Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.5 Productive Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.6 Cross-Platform Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.7 Scalable Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.8 Multi-Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.1.9 Multi-Volume Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.10 Enhanced Web Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.11 No Training Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.1.12 LDAPGroup Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.2 Benefits of iFolder for Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
1.3 Enterprise Server Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4 Key Features of iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4.1 iFolder Enterprise Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.4.2 Novell iFolder 3.7 Web Admin Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.3 iFolder Web Access Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.4 The iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.5 Multi Server Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.6 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.7 Shared iFolders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
1.4.8 iFolder Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.9 Account Setup for Enterprise Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.10 Access Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
1.4.11 File Synchronization and Data Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.12 Synchronization Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.4.13 iFolder Client APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
1.5 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
novdocx (en) 13 May 2009
2 Planning iFolder Services 25
2.1 Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.2 Server Workload Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.3 Naming Conventions for Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.3.1 LDAP Naming Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.2 Length and Format Considerations for an LDAP Object . . . . . . . . . . . . . . . . . . . . . . 27
2.3.3 Multilingual Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.4 Admin User Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.4.1 iFolder Admin User and Equivalent Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.4.2 iFolder Proxy User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.5 iFolder User Account Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.5.1 Preventing the Propagation of Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.5.2 Synchronizing User Accounts with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.5.3 Synchronizing LDAPGroup Accounts with LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.5.4 Setting Account Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Contents 5
2.6 iFolders Data and Synchronization Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.6.1 Naming Conventions for an iFolder and Its Folders and Files . . . . . . . . . . . . . . . . . . 31
2.6.2 Guidelines for File Types and Sizes to Be Synchronized . . . . . . . . . . . . . . . . . . . . . 32
2.7 Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.7.1 iFolder Configuration Plug-Ins for YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.7.2 Novell iFolder Web Admin for Novell iManager 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.7.3 Web Access Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.7.4 Installing iFolder Clients Through Novell ZEN Works . . . . . . . . . . . . . . . . . . . . . . . . 34
3 What’s New 35
3.1 What’s New in Novell iFolder 3.7 (OES 2.0 SP1 Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.2 What’s New in Novell iFolder 3.6 (OES 2.0 Linux). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.3 What’s New in Novell iFolder 3.2 (OES SP2 Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4 What’s New in Novell iFolder 3.1 (OES SP1 Linux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.5 What’s New in Novell iFolder 3.0 (OES Linux). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4 Comparing Novell iFolder 2.x and 3.7 39
4.1 Comparison of 2.x and 3.7 Server Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.2 Comparison of 2.x and 3.7 Client Features and Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4.3 Comparison of 2.x and 3.7 Web Access Features and Capabilities . . . . . . . . . . . . . . . . . . . . 45
novdocx (en) 13 May 2009
5 Prerequisites and Guidelines 47
5.1 File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2 Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
5.2.1 Prerequisites for the Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
5.2.2 Installation Guidelines for Using an NSS Volume to Store iFolder Data . . . . . . . . . . 48
5.2.3 Install Guidelines When Using a Linux POSIX Volume to Store iFolder Data . . . . . . 49
5.2.4 Install Guidelines for Other Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.2.5 Installing the OES 2.0 Linux SP1 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.3 Novell eDirectory 8.8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.4 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
5.5 Novell iManager 2.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.6 Mono 1.2.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.7 Client Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5.8 Web Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6 Installing and Configuring iFolder Services 53
6.1 Installing iFolder on an Existing OES 2 Linux SP1 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.2 Deploying iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6.2.1 Configuring the iFolder Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
6.2.2 Configuring the iFolder Slave Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
6.2.3 Managing Server IP Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.3 Configuring the iFolder Web Access Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
6.3.1 Configuring Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.3.2 Configuring iFolder Web Access for iChain or AccessGateway . . . . . . . . . . . . . . . . 73
6.4 Configuring the iFolder Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.4.1 Configuring Web Admin Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.4.2 Configuring iFolder Web Admin for iChain or AccessGateway . . . . . . . . . . . . . . . . . 75
6.5 Installing the Novell iFolder 3 Plug-In for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
6.5.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6.5.2 Installing a Plug-In When RBS Is Not Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
6 OES 2 SP1: Novell iFolder 3.7 Administration Guide
6.5.3 Installing a Plug-In When RBS Is Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.6 Recovery Agent Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
6.6.1 Understanding Digital Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
6.6.2 Creating a YaST-based CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6.6.3 Creating Self-Signed Certificates Using YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
6.6.4 Exporting Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
6.6.5 Exporting Self-Signed Private Key Certificates For Key Recovery . . . . . . . . . . . . . . 84
6.6.6 Using KeyRecovery to Recover the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
6.6.7 Managing Certificate Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6.7 Accessing iManager and the Novell iFolder Web Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
6.8 Provisioning Users, Groups and iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
6.8.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
6.9 Distributing the iFolder Client to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.1 Accessing the OES 2 Linux Welcome Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.2 Downloading the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
6.9.3 Installing the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
6.10 Using a Response File to Automatically Create iFolder Accounts . . . . . . . . . . . . . . . . . . . . . . 91
6.10.1 Response Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
6.10.2 Using a Response File to Deploying the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . 94
6.11 Updating Novell iFolder 3.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
6.12 Updating Mono for the Server and Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
6.13 Uninstalling the iFolder 3.7 Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
6.14 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
novdocx (en) 13 May 2009
7 Migrating iFolder Services 99
8 Running Novell iFolder in a Virtualized Environment 101
8.1 What’s Next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
9 Managing an iFolder Enterprise Server 103
9.1 Starting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
9.2 Stopping iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
9.3 Restarting iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
9.4 Managing the Simias Log and Simias Access Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
9.5 Backing Up the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.6 Recovering from a Catastrophic Loss of the iFolder Server. . . . . . . . . . . . . . . . . . . . . . . . . . 106
9.7 Using TSAIF to Back Up and Restore the iFolder Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
9.7.1 Understanding TSAIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
9.7.2 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.7.3 iFolder Path Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.7.4 iFolder Path Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
9.7.5 SMSConfig Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
9.7.6 TSAIF and SMSConfig Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
9.7.7 NBackup Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
9.7.8 TSAIF and NBackup Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
9.7.9 Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
9.8 Recovering iFolder Data from File System Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
9.8.1 Recovering a Regular iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
9.8.2 Recovering Files and Directories from an Encrypted iFolder. . . . . . . . . . . . . . . . . . 115
9.9 Moving iFolder Data from One iFolder Server to Another . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
9.10 Changing The IP Address For iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
9.11 Securing Enterprise Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
9.11.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Contents 7
9.11.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 118
9.11.3 Configuring the Enterprise Server for SSL Communications with the LDAP Server 119
9.11.4 Configuring the Enterprise Server for SSL Communications with the iFolder Client 119
9.11.5 Configuring the Enterprise Server for SSL Communications with the Web Access
Server and Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
9.11.6 Configuring an SSL Certificate for the Enterprise Server . . . . . . . . . . . . . . . . . . . . 120
10 Managing iFolder Services via Web Admin 121
10.1 Accessing the Novell iFolder Web Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
10.2 Connecting to the iFolder Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
10.3 Accessing iFolder Web Admin Via OES 2 SP1 Welcome Page . . . . . . . . . . . . . . . . . . . . . . 123
10.4 Managing Web Admin Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
10.5 Managing the iFolder System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.5.1 Viewing and Modifying iFolder System Information . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.5.2 Viewing Reprovisioning Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
10.5.3 Configuring iFolder Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
10.5.4 Configuring System Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
10.6 Managing iFolder Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
10.6.1 Searching For Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
10.7 Securing Web Admin Server Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
10.7.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
10.7.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 138
10.7.3 Configuring the Web Admin Server for SSL Communications with the Enterprise
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
10.7.4 Configuring the Web Admin Server for SSL Communications with Web Browsers. 139
10.7.5 Configuring an SSL Certificate for the Web Admin Server . . . . . . . . . . . . . . . . . . . 140
novdocx (en) 13 May 2009
11 Managing iFolder Users 141
11.1 Provisioning / Reprovisioning Users and LDAP Groups for iFolder . . . . . . . . . . . . . . . . . . . . 141
11.1.1 Automatic Provisioning Through the LDAP Attribute . . . . . . . . . . . . . . . . . . . . . . . . 141
11.1.2 Manual Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
11.1.3 Manual Reprovisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
11.1.4 Round-Robin Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
11.2 Searching for a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
11.3 Accessing And Viewing General User Account Information. . . . . . . . . . . . . . . . . . . . . . . . . . 143
11.3.1 Enabling or Disabling an iFolder For an User Account . . . . . . . . . . . . . . . . . . . . . . 144
11.3.2 Deleting An iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
11.4 Configuring User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
11.4.1 Viewing the Current User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
11.4.2 Modifying User Account Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
11.5 Enabling and Disabling iFolder User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
12 Managing iFolders 149
12.1 Viewing Details And Configuring Policies for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
12.1.1 Accessing the iFolders Details Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
12.1.2 Viewing The iFolder Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
12.1.3 Searching for an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
12.1.4 Managing iFolder Members . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
12.1.5 Managing an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
12.1.6 Managing iFolder Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
12.1.7 Enabling and Disabling an iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8 OES 2 SP1: Novell iFolder 3.7 Administration Guide
13 Managing an iFolder Web Access Server 157
13.1 Starting iFolder Web Access Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
13.2 Stopping iFolder Web Access Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
13.3 Distributing the Web Access Server URL to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
13.4 Configuring the HTTP Runtime Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
13.5 Securing Web Access Server Communications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.5.1 Using SSL for Secure Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.5.2 Configuring the SSL Cipher Suites for the Apache Server . . . . . . . . . . . . . . . . . . . 159
13.5.3 Configuring the Web Access Server for SSL Communications with the Enterprise
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
13.5.4 Configuring the Web Access Server for SSL Communications with Web Browsers 161
13.5.5 Configuring an SSL Certificate for the Web Access Server. . . . . . . . . . . . . . . . . . . 161
A Troubleshooting Tips For Novell iFolder 3.7 163
A.1 Web Admin Console Fails to Start Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
A.2 Login to the Web Consoles Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
A.3 Mono Crashes in OES2 SP1 64-bit Server Running on XEN . . . . . . . . . . . . . . . . . . . . . . . . 164
A.4 Full Restore of Backed-Up Files Fails in iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
A.5 Enabling a Large Number of Users at the Same Time Times Out . . . . . . . . . . . . . . . . . . . . . 164
A.6 Changes Are Not Reflected After Identity Sync Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
A.7 Synchronizing a Large Number of Files Randomly Requires Multiple Sync Cycles . . . . . . . 165
A.8 iFolder Data Does Not Sync and Cannot be Removed from the Server . . . . . . . . . . . . . . . . 165
A.9 Samba Connection to the Remote Windows Host Times out . . . . . . . . . . . . . . . . . . . . . . . . 165
A.10 Exception Error while Configuring iFolder on a Samba Volume . . . . . . . . . . . . . . . . . . . . . . 165
A.11 Giving Slash (/) at the End of the Default iFolder Path Creates Corrupted iFolder . . . . . . . . 165
A.12 LDAP Users Are Not Reflected in iFolder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
A.13 Directory Access Exception on Creating or Synchronizing iFolders . . . . . . . . . . . . . . . . . . . 166
A.14 Changing Permission to the Full Path Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
A.15 iManager Single Sign-on Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
A.16 List of Items Fails to Synchronize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
A.17 Access Permission Error While Logging in Through Web Access . . . . . . . . . . . . . . . . . . . . . 166
A.18 iFolder Upgrade From OES 1 SP2 to OES 2 Fails. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
A.19 Web Admin and Web Access Show a Blank Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
novdocx (en) 13 May 2009
B Caveats for Implementing iFolder 3.7 Services 169
B.1 Loading Certificates to the Recovery Agent Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
B.2 Using Novell iFolder Server to Serve Large Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
B.3 Deployment in an Active Directory Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
B.4 Using a Single Proxy User for a Multi-Server Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
B.5 Slave Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
B.6 LDAP SSL Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
B.7 Novell iFolder Admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
B.8 Novell iFolder with iChain and the Access Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
C Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux 173
C.1 Prerequisites for Clustering iFolder 3.7 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
C.2 Installing Novell Cluster Services for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
C.3 Configuring iFolder 3.7 Servers on a NCS for Linux Cluster . . . . . . . . . . . . . . . . . . . . . . . . . 174
C.4 Creating the iFolder 3.7 Cluster Resource. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Contents 9
C.5 Managing the iFolder 3.7 Cluster Resource. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
C.6 Sample Load Scripts for iFolder 3.7 Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
C.6.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
C.6.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
C.7 Sample Unload Scripts for iFolder 3.7 Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
C.7.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
C.7.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
C.7.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
C.8 Sample Monitor Scripts for iFolder 3.7 Clusters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
C.8.1 Linux POSIX File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
C.8.2 NSS File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
D Decommissioning a Slave Server 183
E Configuration Files 185
E.1 Simias.config File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
E.2 Web.config File for the Enterprise Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
E.3 Web.config File for the Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
E.4 Web.config File for the Web Access Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
novdocx (en) 13 May 2009
F Managing SSL Certificates for Apache 197
F.1 Generating an SSL Certificate for the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
F.2 Generating a Self-Signed SSL Certificate for Testing Purposes . . . . . . . . . . . . . . . . . . . . . . 198
F.3 Configuring Apache to Point to an SSL Certificate on an iFolder Server. . . . . . . . . . . . . . . . 198
F.4 Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder
Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
F.5 Configuring Apache to Point to an SSL Certificate on a NSS Volume for an iFolder Cluster 200
G Frequently Asked Questions 203
G.1 iFolder 3.7 Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
G.1.1 Is iFolder 3.7 supported on a 64-bit OS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
G.1.2 Is iFolder going to support non-eDirectory related platforms as an identity source? 203
G.1.3 Because iFolder is developed on Mono, can it be deployed in a Microsoft
environment? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
G.2 iFolder 3.7 Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
G.2.1 Is iFolder 3.7 supported on Windows Vista? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
G.2.2 Is iFolder 3.7 supported on the Macintosh platform? . . . . . . . . . . . . . . . . . . . . . . . . 204
G.2.3 Can I use the iFolder 2.x client to connect to an iFolder 3.7 server?. . . . . . . . . . . . 204
G.2.4 Can I use the iFolder 3.x client to connect to the iFolder 3.7 server? . . . . . . . . . . . 204
G.2.5 Can I can use iFolder 3.7 on different operating systems on different workstations to
access and share the files? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
G.2.6 There was a 10 MB file limitation using Web Access? Is it still applicable for iFolder
3.7? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
G.2.7 I deleted a file accidentally. Can I recover it? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
G.2.8 What are the migration scenarios recommended and supported by iFolder 3.7? . . 205
G.3 iFolder 3.7 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
G.3.1 What is the management console for iFolder 3.7? . . . . . . . . . . . . . . . . . . . . . . . . . 205
G.3.2 What are the new features in the Web Admin console? . . . . . . . . . . . . . . . . . . . . . 205
G.3.3 Can the administrator control the ability to encrypt iFolder files? . . . . . . . . . . . . . . 206
G.3.4 Are there any enhancements for how bulk users are enabled for iFolder? . . . . . . . 206
G.3.5 Can the administrator control the ability to share files? . . . . . . . . . . . . . . . . . . . . . . 206
10 OES 2 SP1: Novell iFolder 3.7 Administration Guide
G.3.6 How can the iFolder administrator manage the data owned by an iFolder user who has
been removed from the iFolder domain?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
H Product History of iFolder 3 207
H.1 Version History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
H.2 Network Operating Systems Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
H.3 Directory Services Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
H.4 Workstation Operating Systems Support for the iFolder Client . . . . . . . . . . . . . . . . . . . . . . . 208
H.5 Web Server Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
H.6 iFolder User Access Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
H.7 Management Tools Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
I Documentation Updates 211
I.1 October 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
I.1.1 iFolder 3.7 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
I.1.2 Installing iFolder Clients Through Novell ZEN Works . . . . . . . . . . . . . . . . . . . . . . . 212
I.1.3 LDAPGroup Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
I.1.4 Auto Account Creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
I.1.5 Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
I.1.6 Recovery Agent Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
I.1.7 Recovering iFolder Data from File System Backup . . . . . . . . . . . . . . . . . . . . . . . . . 213
I.1.8 Viewing Reprovisioning Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
I.1.9 SSL Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
I.1.10 Simias.config File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
I.1.11 Web.config File for the Web Admin Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
I.1.12 Clustering Novell iFolder Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
novdocx (en) 13 May 2009
Contents 11
novdocx (en) 13 May 2009
12 OES 2 SP1: Novell iFolder 3.7 Administration Guide
About This Guide
novdocx (en) 13 May 2009
This guide describes how to install, configure, and manage the Novell® iFolder® 3.7 enterprise
server, the iFolder 3.7 Web Access server, the iFolder 3.7 Web Admin server, and the iFolder
TM
client. This guide is divided into the following sections:
Chapter 1, “Overview of Novell iFolder 3.7,” on page 15
Chapter 2, “Planning iFolder Services,” on page 25
Chapter 3, “What’s New,” on page 35
Chapter 4, “Comparing Novell iFolder 2.x and 3.7,” on page 39
Chapter 5, “Prerequisites and Guidelines,” on page 47
Chapter 6, “Installing and Configuring iFolder Services,” on page 53
Chapter 7, “Migrating iFolder Services,” on page 99
Chapter 8, “Running Novell iFolder in a Virtualized Environment,” on page 101
Chapter 9, “Managing an iFolder Enterprise Server,” on page 103
Chapter 10, “Managing iFolder Services via Web Admin,” on page 121
Chapter 11, “Managing iFolder Users,” on page 141
Chapter 12, “Managing iFolders,” on page 149
Chapter 13, “Managing an iFolder Web Access Server,” on page 157
Appendix A, “Troubleshooting Tips For Novell iFolder 3.7,” on page 163
Appendix B, “Caveats for Implementing iFolder 3.7 Services,” on page 169
Appendix C, “Clustering iFolder 3.7 Servers with Novell Cluster Services for Linux,” on
page 173
Appendix D, “Decommissioning a Slave Server,” on page 183
Appendix E, “Configuration Files,” on page 185
Appendix F, “Managing SSL Certificates for Apache,” on page 197
Appendix G, “Frequently Asked Questions,” on page 203
Appendix H, “Product History of iFolder 3,” on page 207
Audience
This guide is intended for system administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comment feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
About This Guide 13
Documentation Updates
For the most recent version of the Novell iFolder 3.7 Administration Guide, visit the Novell iFolder
3.x documentation Web site (http://www.novell.com/documentation/beta/ifolder3/).
Additional Documentation
For information, see the following:
Novell iFolder 3.x Security Administrator Guide (http://www.novell.com/documentation/
ifolder3/security/data/front.html)
iFolder User Guide for Novell iFolder 3.7 (http://www.novell.com/documentation/beta/
ifolder3/ifolder37_user/data/bookinfo.html).
Novell iFolder 3.x documentation (http://www.novell.com/documentation/ifolder3/index.html)
Novell Open Enterprise Server product site (http://www.novell.com/products/
openenterpriseserver)
Novell Open Enterprise Server documentation (http://www.novell.com/documentation/oes/
index.html)
Novell eDirectory
Novell iManager 2.7 documentation (http://www.novell.com/documentation/imanager27/)
TM
8.8 documentation (http://www.novell.com/documentation/edir88/)
novdocx (en) 13 May 2009
Novell Linux Desktop 9 product site (http://www.novell.com/products/desktop/)
Novell Linux Desktop 9 documentation (http://www.novell.com/documentation/nld/
treetitl.html)
Novell Support (http://support.novell.com/support_options.html)
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and
items in a cross-reference path.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
14 OES 2 SP1: Novell iFolder 3.7 Administration Guide
1
Overview of Novell iFolder 3.7
Novell® iFolder® 3.7 is the next generation of iFolder, supporting multiple iFolders per user, usercontrolled sharing, and a centralized network server for secured file storage and distribution. With
iFolder, users’ local files automatically follow them everywhere—online, offline, all the time—
across computers. Users can share files in multiple iFolders, and share each iFolder with a different
group of users. Users control who can participate in an iFolder and their access rights to the files in
it. Users can also participate in iFolders that others share with them.
This section familiarizes you with the various benefits and features of iFolder and its main
components:
Section 1.1, “Benefits of iFolder for the Enterprise,” on page 15
Section 1.2, “Benefits of iFolder for Users,” on page 18
Section 1.3, “Enterprise Server Sharing,” on page 20
Section 1.4, “Key Features of iFolder,” on page 20
Section 1.5, “What’s Next,” on page 23
novdocx (en) 13 May 2009
1
1.1 Benefits of iFolder for the Enterprise
Benefits of iFolder to the enterprise include the following:
Section 1.1.1, “Seamless Data Access,” on page 15
Section 1.1.2, “Data Safeguards and Data Recovery,” on page 16
Section 1.1.3, “Reliable Data Security,” on page 16
Section 1.1.4, “Encryption Support,” on page 17
Section 1.1.5, “Productive Mobile Users,” on page 17
Section 1.1.6, “Cross-Platform Client Support,” on page 17
Section 1.1.7, “Scalable Deployment,” on page 17
Section 1.1.8, “Multi-Server Support,” on page 17
Section 1.1.9, “Multi-Volume Support,” on page 18
Section 1.1.10, “Enhanced Web Administration,” on page 18
Section 1.1.11, “No Training Requirements,” on page 18
Section 1.1.12, “LDAPGroup Support,” on page 18
1.1.1 Seamless Data Access
Novell iFolder greatly simplifies the IT department’s ability to keep users productive. It empowers
users by enabling their data to follow them wherever they go.
The days of users e-mailing themselves project files so they can work on them from home are gone,
along with the frustration associated with sorting through different versions of the same file on
different machines. iFolder stores and synchronizes users’ work in such a way that no matter what
Overview of Novell iFolder 3.7
15
client or what location they log in from, their files are available and in the condition that they expect
eDirectory
LDAP server
iFolder Client
for Novell Linux Desktop
iFolder Client
for Windows Vista/XP
Access Methods Authentication/File Encryption iFolder 3.7 Services
iFolder Client
for Macintosh OS X 10.3x
iFolder 3.
7
Enterprise servers
iFolder 3.
7 Web Access
via a Web browser
iFolder 3.7 Web Access
server on the same
or different OES server
HTTP(S
)
Sync
Upload or Download
HTTP(S
)
HTTP(S
)
HTTP(S
)
HTTP(S
)
eDirectory LDAP
server on the
same or different
OES server
Master
OES Linux
Servers (slaves)
them to be. Users can access the most up-to-date version of their documents from any computer by
using the iFolder client or by using Web Access.
Figure 1-1 Novell iFolder 3.7 Access Methods
novdocx (en) 13 May 2009
1.1.2 Data Safeguards and Data Recovery
With Novell iFolder, data stored on the server can be easily safeguarded from system crashes and
disasters that can result in data loss. When a user saves a file to an iFolder on a local machine, the
iFolder client can automatically update the data on the iFolder server, where it immediately becomes
available for an organization’s regular network backup operations. iFolder makes it easier for IT
managers to ensure that all of an organization’s critical data is protected.
1.1.3 Reliable Data Security
With Novell iFolder, LDAP-based authentication for access to stored data helps prevent
unauthorized network access.
16 OES 2 SP1: Novell iFolder 3.7 Administration Guide
1.1.4 Encryption Support
In a corporate environment, enterprise-level data is generally accessible to the IT department, which
in turn can lead to intentional or unintentional access by unauthorized personnel. Because of this,
executives have been hesitant to store some confidential documents on the network.
With encryption support, iFolder ensures higher security for users’ confidential documents by
encrypting them at the client side before transferring them to the server. Data is thus stored
encrypted on the server, and is retrievable only by the user who created that iFolder.
iFolder makes it easier for IT managers to ensure that all of an organization's critical data is
protected on the iFolder servers without involving any significant risks. iFolder also gives Internet
Service Providers (ISPs) the ability to offer a user-trusted backup solution for their customers'
critical business or personal data.
1.1.5 Productive Mobile Users
A Novell iFolder solution makes it significantly easier to support mobile users. VPN connections
are no longer needed to deliver secure data access to mobile users. Authentication and data transfer
use Secure Sockets Layer (SSL) technology to protect data on the wire.
novdocx (en) 13 May 2009
Users do not need to learn or perform any special procedures to access their files when working
from home or on the road. iFolder does away with version inconsistency, making it simple for users
to access the most up-to-date version of their documents from any connected desktop, laptop, Web
browser, or handheld device.
In preparation to travel or work from home, users no longer need to copy essential data to their
laptop from various desktop and network locations. The iFolder client can automatically update a
user’s local computer with the most current file versions. Even when a personal computer is not
available, users can access all their files via Web Access on any computer connected to the Internet.
1.1.6 Cross-Platform Client Support
The iFolder client is available for Linux,Macintosh and Windows desktops. The Novell iFolder 3.7
Web Access server provides a Web interface that allows users to access their files on the enterprise
server through a Web browser on any computer with an active network or Internet connection.
1.1.7 Scalable Deployment
iFolder easily scales from small to large environments. You can install iFolder on multiple servers,
allowing your iFolder environment to grow with your business. A single iFolder enterprise server
handles unlimited user accounts, depending on the amount of memory and storage available. Users
in an LDAP context can be concurrently provisioned for iFolder services simply by assigning the
context to an iFolder server.
1.1.8 Multi-Server Support
Handling large amount of data and provisioning multiple enterprise users in a corporate
environment is a major task for any administrator. iFolder simplifies these tasks with multi-server
configuration. Multi-server support is designed exclusively for meeting your enterprise
requirements. It serves the purpose of provisioning many users and hosting large amount of data on
Overview of Novell iFolder 3.7 17
your iFolder domain. You can scale up the domain across servers to meet enterprise-level user
requirements by adding multiple servers to a single domain. This will allow you to leverage underutilized servers in an iFolder domain. With multi-server deployment, thus, Enterprise level
provisioning can be effectively managed and Enterprise level data can be scaled up.
1.1.9 Multi-Volume Support
One of the key features of iFolder is its storage scalability. With multi-volume support, Internet
service providers and enterprise data centers can manage large amounts of data above the file system
restrictions per volume. This facilitates moving data between the volumes, based on file size and
storage space availability.
1.1.10 Enhanced Web Administration
Management of all iFolder enterprise servers is centralized through the enhanced iFolder Web
Admin Console. Administrators can perform server management and maintenance activities from
any location, using a standard Web browser. iFolder also frees IT departments from routine
maintenance tasks by providing secure, automatic synchronization of local files to the server.
novdocx (en) 13 May 2009
1.1.11 No Training Requirements
IT personnel no longer need to condition or train users to perform special tasks to ensure the
consistency of data stored locally and on the network. With Novell iFolder, users simply store their
files in the local iFolder directory. Their files are automatically updated to the iFolder server and any
other workstations that share the iFolder. iFolder works seamlessly behind the scenes to ensure that
data is protected and synchronized.
1.1.12 LDAPGroup Support
Provisioning and de-provisioning users separately is a task in itself when the total number of users
are more. Even while sharing a particular file with 10 or 20 members of a same team, you need to
select all members separately and then share. With the LDAPGroups feature, all the above problems
are resolved. You can use the group facility for provisioning and de-provisioning, for setting same
policy for a set of users. The users can share the iFolders with multiple users using groups.
1.2 Benefits of iFolder for Users
Typically, when users work in multiple locations or in collaboration with others, they must
conscientiously manage file versions. With iFolder, the most recent version of a user’s files can
follow the user to any computer where the iFolder client is installed and a shared iFolder is set up.
iFolder also allows users to share multiple iFolders and their separate content with other users of the
iFolder system. Users decide who participates in each shared iFolder, and also controls their level of
access. Similarly, users can participate in shared iFolders that are owned by others in the
collaboration environment.
In the following example, Ulrik owns an iFolder named Denmark and shares it via his iFolder
enterprise account with Nigel, Luc, and Alice. Nigel travels frequently, so he also sets up the iFolder
on his laptop. Any iFolder member can upload and download files from the Denmark iFolder from
anywhere, using the iFolder Web Access server. In addition, Alice shares a non-work iFolder named
Scooters with her friend Ulrik.
18 OES 2 SP1: Novell iFolder 3.7 Administration Guide
Figure 1-2 Collaboration and Sharing with iFolder
* iFolder Owner
Internet
Nigel's Desktop
Denmark
Liverpool
MyDocs
iFolder 3.
7
Enterprise Server
Storage
Luc's Desktop
Denmark
HR
Mtn Biking
Alice's Desktop
Denmark
Scooters*
Utah
Ulrik's Desktop
Denmark*
Scooters
MyStuff
iFolder 3.
7
Web Access
Server
Nigel's Laptop
Denmark
TeamOne
Customers
Kiosk
iFolder 3.7
Web Access
* iFolder Owner
novdocx (en) 13 May 2009
With an enterprise server, the iFolders are stored centrally for all iFolder members. The iFolder
server synchronizes the most recent version of documents to all authorized users of the shared
iFolder. All that the iFolder owner and iFolder members need is an active network connection and
the iFolder client.
Novell iFolder provides the following benefits:
Guards against local data loss by automatically backing up local files to the iFolder server and
multiple workstations
Prevent unauthorized network access to sensitive iFolder files.
Allows multiple servers to participate in a single iFolder domain, to allow scaling up the
number of users and data transfer bandwidth.
Transparently updates a user’s iFolder files to the iFolder enterprise server and multiple
member workstations with the iFolder client
Tracks and logs changes made to iFolder files while users work offline, and synchronizes those
changes when they go online.
Provides access to user files on the iFolder server from any workstation without the iFolder
client, using a Web browser and an active Internet or network connection.
With SSL encryption enabled, protects data as it travels across the wire.
Makes files on the iFolder server available for regularly scheduled data backup.
Overview of Novell iFolder 3.7 19
1.3 Enterprise Server Sharing
The iFolder client included in this release supports synchronization across multiple computers
through a central Novell iFolder 3.7 enterprise server.
Users can share files across computers.
Users can share files with other users or groups.
Each user can own multiple iFolders.
User are allowed to set the encryption policy for their individual iFolder files.
Each user can participate in multiple iFolders owned by other users.
Files can be synchronized via the central server at any time and with improved availability,
reliability, and performance.
Data is transferred encrypted over the wire.
Users are autoprovisioned for iFolder services based on their assignment to administrator-
specified LDAP containers and groups. If there are multiple servers participating in a single
domain, its users are balanced across the servers.
novdocx (en) 13 May 2009
A list of iFolder users is synchronized at regular intervals with the LDAP directory services.
Local files are automatically backed up to the server at regular intervals and on demand.
iFolder data on the server can be backed up to backup media and restored.
Administrators can manage the iFolder system, user accounts, and user iFolders using the
Novell iFolder 3 Web Admin.
1.4 Key Features of iFolder
Section 1.4.1, “iFolder Enterprise Server,” on page 20
Section 1.4.2, “Novell iFolder 3.7 Web Admin Console,” on page 21
Section 1.4.3, “iFolder Web Access Console,” on page 21
Section 1.4.4, “The iFolder Client,” on page 21
Section 1.4.5, “Multi Server Support,” on page 21
Section 1.4.6, “Encryption,” on page 21
Section 1.4.7, “Shared iFolders,” on page 21
Section 1.4.8, “iFolder Access Rights,” on page 22
Section 1.4.9, “Account Setup for Enterprise Servers,” on page 22
Section 1.4.10, “Access Authentication,” on page 22
Section 1.4.11, “File Synchronization and Data Management,” on page 23
Section 1.4.12, “Synchronization Log,” on page 23
Section 1.4.13, “iFolder Client APIs,” on page 23
1.4.1 iFolder Enterprise Server
The iFolder enterprise server is a central repository for storing iFolders and synchronizing files for
enterprise users.
20 OES 2 SP1: Novell iFolder 3.7 Administration Guide
1.4.2 Novell iFolder 3.7 Web Admin Console
The Novell iFolder 3.7 Web Admin is an administrative tool used to manage the iFolder system,
user accounts, and user iFolders and data.
1.4.3 iFolder Web Access Console
The iFolder 3.7 Web Access console provides the users an interface for remote access to iFolders on
iFolder enterprise server.
1.4.4 The iFolder Client
The iFolder client integrates with the user’s operating system to provide iFolder services in a native
desktop environment. It supports the following client operating systems:
SUSE® Linux Enterprise Desktop (SLED) 10 SP1
openSUSE®
Windows Vista SP1/XP SP2/2000 Professional SP4
novdocx (en) 13 May 2009
Macintosh OS X (Intel architecture) v10.4.11 and later. PowerPc architecture is not supported.
An iFolder session begins when the user logs in to an iFolder services account and ends when the
user logs out of the account or exits the iFolder client. The iFolders synchronize files with the
enterprise server only when a session is active and the computer has an active connection to the
network or Internet. Users can access data in their local iFolders at any time; it does not matter if
they are logged in to their server accounts or if they are connected to the network or Internet.
The iFolder client allows users to create and manage their iFolders. For information, see the OES 2
SP1: Novell iFolder 3.7 Cross-Platform User Guide.
1.4.5 Multi Server Support
Hosting large amounts of data as well as provisioning multiple users is necessary in any enterprise
environment. In earlier versions of iFolder, the iFolder domain was dedicated to a single server,
which limits the number of users and the hosting bandwidth. With multi-server support, iFolder 3.7
overcame these major limitations.
Multi-server support expands an iFolder domain across servers, so that the enterprise-level user
provisioning can be effectively managed and enterprise-level data can be scaled up accordingly.
1.4.6 Encryption
Encryption support offers full security to iFolder 3.7 users for their sensitive iFolder documents.
Users can back up and encrypt their confidential files on the server without fear of losing it or
having it exposed or falling into the wrong hands.
1.4.7 Shared iFolders
An iFolder is a local directory that the user selectively shares with other users in a collaboration
environment. The iFolder files are accessible to all members of the iFolder and can be changed by
those with the rights to do so. Users can share iFolders across multiple workstations and with others.
Overview of Novell iFolder 3.7 21
Because the iFolder client is integrated into the operating environment, users can work with iFolders
directly in a file manager or in the My iFolders window. Within the iFolder, users can set up any
subdirectory structure that suits their personal or corporate work habits. The subdirectory structure is
constant across all member iFolders. Each workstation can specify a different parent directory for
the shared iFolder.
1.4.8 iFolder Access Rights
The iFolder client provides four levels of access for members of an iFolder:
Owner: Only one user serves as the owner. This is typically the user who created the iFolder.
The owner or an iFolder Administrator can transfer ownership status from the owner to another
user.
The owner of an iFolder has the Full Control right. This user has Read/Write access to the
iFolder, manages membership and access rights for member users, and can remove the Full
Control right for any member. With an enterprise server, the disk space used by the owner’s
iFolders count against the owner’s user disk quotas on the enterprise server.
If a user is deleted from the iFolder system, the iFolders owned by the user are orphaned.
Orphaned iFolders are assigned temporarily to the iFolder Admin user, who becomes the owner
of the iFolder. Membership and synchronization continues while the iFolder Admin user
determines whether an orphaned iFolder should be deleted or assigned to a new owner.
Full Control: A member of the shared iFolder, with the Full Control access right. The user
with the Full Control right has Read/Write access to the iFolder and manages membership and
access rights for all users except the owner.
Read/Write: A member of the shared iFolder, with the Read/Write access right to directories
and files in the iFolder.
novdocx (en) 13 May 2009
Read Only: A member of the shared iFolder, with the Read Only access right to directories
and files in the iFolder. This member can copy an iFolder file to another location and modify it
outside the iFolder.
When used with an enterprise server account, the server hosts every iFolder created for that account.
Users create an iFolder and the enterprise server makes it available to the specified list of users. A
user can have a separate account on each enterprise server. A user’s level of membership in each
shared iFolder can differ.
1.4.9 Account Setup for Enterprise Servers
The iFolder client allows you to set up multiple accounts, with one each allowed per enterprise
server. Users specify the server address, username, and password to uniquely identify an account.
On his or her computer, a user sets up accounts while logged in as the local identity he or she plans
to use to access that account and its iFolders. Under the local login, the user can set up multiple
iFolder accounts, but each account must belong to a different iFolder enterprise server.
1.4.10 Access Authentication
Whenever iFolder connects to an enterprise server to synchronize files, it connects with HTTP
BASIC and SSL connections to the server, and the server authenticates the user against the LDAP
directory service.
22 OES 2 SP1: Novell iFolder 3.7 Administration Guide
1.4.11 File Synchronization and Data Management
When you set up an iFolder account, you can enable Remember Password so that iFolder can
synchronize iFolder invitations and files in the background as you work. The iFolder client runs
automatically each time you log in to your computer’s desktop environment. The session runs in the
background as you work with files in your local iFolders, tracking and logging any changes you
make. With an enterprise server, you can synchronize the files at specified intervals or on demand.
1.4.12 Synchronization Log
The log displays a log of your iFolder background activity.
1.4.13 iFolder Client APIs
As part of the iFolder project, APIs are available for the client. For iFolder Client developer
documentation, see the iFolder Software Developers Kit (http://forge.novell.com/modules/xfmod/
docman/?group_id=1372).
novdocx (en) 13 May 2009
1.5 What’s Next
Before you install iFolder, review the following sections:
“Planning iFolder Services” on page 25
“Migrating iFolder Services” on page 99
“Prerequisites and Guidelines” on page 47
When you are done, install and configure your iFolder enterprise server and Web Access server. For
information, see “Installing and Configuring iFolder Services” on page 53.
Overview of Novell iFolder 3.7 23
novdocx (en) 13 May 2009
24 OES 2 SP1: Novell iFolder 3.7 Administration Guide
2
Planning iFolder Services
This section discusses the planning considerations for providing Novell® iFolder® 3.7 services on
Open Enterprise Server (OES) 2.0 Linux.
Section 2.1, “Security Considerations,” on page 25
Section 2.2, “Server Workload Considerations,” on page 25
Section 2.3, “Naming Conventions for Usernames and Passwords,” on page 26
Section 2.4, “Admin User Considerations,” on page 27
Section 2.5, “iFolder User Account Considerations,” on page 29
Section 2.6, “iFolders Data and Synchronization Considerations,” on page 31
Section 2.7, “Management Tools,” on page 33
2.1 Security Considerations
novdocx (en) 13 May 2009
2
For information about planning security for your iFolder 3.x system, see the OES 2 SP1 Linux:
Novell iFolder 3.7 Security Administration Guide.
2.2 Server Workload Considerations
The iFolder 3.7 enterprise server supports a complex usage model where each user can own multiple
iFolders and participate in iFolders owned by other users. Instead of a single user working from
different workstations at different times, multiple users can be concurrently modifying files and
synchronizing them. Whenever a user adds a new member to an iFolder, the workload on the server
can increase almost as much as if you added another user to the system.
iFolder 3.7 provides you multi-server and multi-volume support to enhance the storage capability of
it’s servers. Multi-Volume feature is exempt from the single iFolder per-volume restriction, so it
enables you to move the data across multiple volume available on a single server. With the Web
Admin console, you can add multiple mount points to a single server to increase the effective space
available. The iFolder server also has the capability to configure the volume on which a particular
iFolder needs to be created through the Web Admin console.
Multi-server support is another key feature in iFolder 3.7 that makes server workload management
significantly easier for administrators. In the past, an iFolder domain was dedicated to a single
server that limited the number of users and data transfer bandwidth. With multi-server support,
iFolder 3.7 has the capability to add more than one server to a single iFolder domain, so enterprise
provisioning is effectively managed and hosting enterprise data is scaled up.
You can even set user account quotas to control the maximum storage space consumed by a user’s
iFolders on the server. The actual bandwidth usage for each iFolder depends on the following:
The number of members subscribed to the iFolder.
The number of computers actively sharing the iFolder.
How much data is stored in the iFolder.
The actual and average size of files in the iFolder.
Planning iFolder Services
25
The number of files in the iFolder.
How frequently files change in the file.
How much data actually changes.
How frequently files are synchronized.
The available bandwidth and throughput of network connections.
We recommend that you set up a pilot program to assess your operational needs and performance
based on your equipment and collaboration environment, then design your system accordingly.
The following is a suggested baseline configuration for an iFolder 3.7 server with a workload
similar to a typical iFolder 2.1x server. It is based on an example workload of about 12.5 GB of data
throughput (up and down) each 24 hours, including all Ethernet traffic and protocol overhead. Your
actual performance might differ.
Table 2-1 Suggested Baseline Configuration for an iFolder Enterprise Server
Component Example System Configuration
novdocx (en) 13 May 2009
Hardware 1.8 GHz Single processor
1.2 GB RAM
300 GB hard drive
iFolder Services 500 users per server (multi-server configuration)
500 MB user account quota per user
1 iFolder per user that is not shared with other users
5% change in each user’s data per 24-hour period
If iFolder server is serving large number of requests, it is possible that for some requests you may
receive HTTP 500 error. To manage this and to enable iFolder to serve more requests, do the
following:
1 Edit the
* soft nofile 100000
* hard nofile 110000
2 Save the
/etc/security/limits.conf file
limits.conf
file and reboot the server.
add the following lines:
2.3 Naming Conventions for Usernames and Passwords
Section 2.3.1, “LDAP Naming Requirement,” on page 27
Section 2.3.2, “Length and Format Considerations for an LDAP Object,” on page 27
Section 2.3.3, “Multilingual Considerations,” on page 27
26 OES 2 SP1: Novell iFolder 3.7 Administration Guide
2.3.1 LDAP Naming Requirement
Usernames and passwords must comply with the constraints set by your LDAP service. For
information, see the Novell eDirectory 8.8 Administration Guide (http://www.novell.com/
documentation/edir88/treetitl.html).
2.3.2 Length and Format Considerations for an LDAP Object
In iManager, the maximum number of characters for most LDAP objects is 64 characters. Some
fields require common name format and others require fully distinguished name format for objects.
View the iManager Help for the different plug-ins to make sure your entries comply with length and
format restrictions for the individual plug-in.
2.3.3 Multilingual Considerations
If you have workstations running in different languages, you might want to limit User object names
to characters that are viewable on all the workstations. For example, a name entered in Japanese
cannot contain characters that are not viewable in Western languages.
novdocx (en) 13 May 2009
IMPORTANT: eDirectory supports only English language characters for usernames and passwords
on Linux and HP-UNIX. This applies to OES 2 Linux SP1 and SLED.
For information, see “Multilingual Considerations” (http://www.novell.com/documentation/edir88/
edir88/data/a2iiidp.html#a2iiie7) in the Novell eDirectory 8.8 Administration Guide.
2.4 Admin User Considerations
During the iFolder install, iFolder creates two Administrator users, the iFolder Admin user and the
iFolder Proxy user. After the install, you can also configure other users with the iFolder Admin right
to make them equivalent to the iFolder Admin user.
Section 2.4.1, “iFolder Admin User and Equivalent Users,” on page 27
Section 2.4.2, “iFolder Proxy User,” on page 28
2.4.1 iFolder Admin User and Equivalent Users
The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever
iFolders are orphaned, ownership is transferred to the iFolder Admin user for reassignment to
another user or for deletion. You initially specify the iFolder Admin user during the iFolder
enterprise server configuration in YaST.
The iFolder Admin user must be provisioned to enable the iFolder Admin to perform management
tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP
container or group in the tree, even those that are not identified as LDAP Search contexts.
The iFolder Admin right can be assigned to other users so that they can also manage iFolder services
for the selected server. Use the Web Admin console to add or remove the iFolder Admin right for
users. Only users who are in one of the contexts specified in the LDAP Search contexts are eligible
to be equivalent to the iFolder Admin user.
Planning iFolder Services 27
If you assign the iFolder Admin right to other users, those users are governed by the roster and
LDAP Search DN relationship. The user is removed from the roster and stripped of the iFolder
Admin right if you delete the user, remove the user’s DN from the list of LDAP Search contexts, or
move the user to a context that is not in the LDAP Search contexts.
2.4.2 iFolder Proxy User
The iFolder Proxy user is the identity used to access the LDAP server to retrieve lists of users in the
specified containers, groups, or users that are defined in the iFolder LDAP settings. This identity
must have the Read right to the LDAP directory container configured during iFolder enterprise
server setup. The iFolder Proxy user is created during the iFolder install and appropriate access
rights are provided. You probably never need to modify this value. You can modify the Proxy user
using the Web Admin console. For more information, see Step 7b on page 134 in the “Accessing and
Viewing the Server Details Page” on page 132.
IMPORTANT: If you do modify the iFolder Proxy user, make sure that the identity you specify is
different than the iFolder Admin user or other system users because the iFolder Proxy user password
is stored in reversible encrypted form in the Simias database on the iFolder server. After you change
the iFolder Proxy user, ensure that you restart Apache.
novdocx (en) 13 May 2009
When you initially configure the iFolder enterprise server in YaST, iFolder autogenerates a
password for the iFolder proxy user.
Table 2-2 Encryption Method for the iFolder Proxy User Password
iFolder Version Encryption Method iFolder Proxy User Password
iFolder 3.7 YaST encryption method Generates an alphanumeric, 21-digit mixed-
case password.
iFolder 3.6 YaST encryption method Generates an alphanumeric, 21-digit mixed-
case password.
iFolder 3.2 YaST encryption method Generates an alphanumeric, 13-digit,
mixed-case password.
0
iFolder 3.0 and 3.1 BASH random number generator Generates a number between
10,000
example,
Initially, the password for the iFolder Proxy user is stored in clear text in the
.local.ppf
file. At the end of the configuration process, the system reboots Apache 2 and starts
and appends it to iFolderProxy. For
iFolderProxy1234
/datapath/simias/
and
.
iFolder. When iFolder runs this for the first time after configuration, the iFolder process encrypts the
password and stores it in the Simias database and remove the entry from the
.local.ppf
file.
IMPORTANT: Currently, the Proxy user password cannot be changed in the iFolder system.
Ensure that you don’t change the password in the LDAP directory as well. Changing the password in
the LDAP directory makes iFolder non-functional.
28 OES 2 SP1: Novell iFolder 3.7 Administration Guide
2.5 iFolder User Account Considerations
This section describes iFolder user account considerations.
Section 2.5.1, “Preventing the Propagation of Viruses,” on page 29
Section 2.5.2, “Synchronizing User Accounts with LDAP,” on page 29
Section 2.5.3, “Synchronizing LDAPGroup Accounts with LDAP,” on page 30
Section 2.5.4, “Setting Account Quotas,” on page 31
2.5.1 Preventing the Propagation of Viruses
Because iFolder is a cross platform, distributed solution there is a possibility of virus infection on
Windows machines when migrating data across the iFolder server to other platforms, and vice versa.
You should enforce server-based virus scanning to prevent viruses from entering the corporate
network.
You should also enforce client-based virus scanning. For information, see “Configuring Local Virus
Scanner Settings for iFolder Traffic” in the OES 2 SP1: Novell iFolder 3.7 Cross-Platform User
Guide.
novdocx (en) 13 May 2009
2.5.2 Synchronizing User Accounts with LDAP
You can specify any existing containers and groups in the Search DNs field of the iFolder LDAP
settings. Based on the Search DNs, users are automatically provisioned with accounts for iFolder
services.
The list of iFolder users is updated periodically when the LDAP synchronization occurs. New users
are added to the list of iFolder users. Deleted users are removed from the list of iFolder users. (This
might create orphaned iFolders if the deleted user owned any iFolders). If by mistake user is deleted
from the LDAP, you can create that user again with the same FDN within the Delete member grace
interval so that you can recover the user’s iFolders. For more information on this, see Step 7 on
page 133 in the “Accessing and Viewing the Server Details Page” on page 132.
IMPORTANT: Whenever you move a user between contexts and you want to provide continuous
service for the user, make sure to add the target context to the list of LDAP Search DNs before you
move the User object in eDirectory.
TM
The LDAP synchronization tracks a user object’s eDirectory
contexts. It tracks as you add, move, or relocate user objects, or as you add and remove contexts as
Search DNs.
The following guidelines apply:
If the user is added to an LDAP container, group, or user that is in the Search DN, the user is
added automatically to the iFolder user list.
GUID to identify the user in multiple
If a user is moved to a different container, and the new container is also in the Search DN, the
user remains in the iFolder user list.
If you intend to keep the user as an iFolder user without interruption of service and loss of
memberships and data, the new container must be added as a Search DN before the user is
moved.
Planning iFolder Services 29
If the user is moved to a different container that is not specified as a Search DN before the user
is moved, the user is removed from the iFolder user list. The user’s iFolders are orphaned and
the user is removed as a member of iFolders owned by others. If the new container is later
added as a Search DN, the user is treated as a new user, with no association with previous
iFolders and memberships.
If the user appears in multiple defined Search DNs, and if one or more DNs are removed from
the LDAP settings, the user remains in the iFolder user list if at least one DN containing the
user remains.
If the user is deleted from LDAP or moved from all defined Search DNs, the user is removed as
an iFolder user. The user’s iFolders are orphaned and the user is removed as a member of
iFolders owned by others.
The iFolder Admin user and iFolder Proxy user are tracked by their GUIDs, whether their user
objects are in a context in the Search DN or not.
2.5.3 Synchronizing LDAPGroup Accounts with LDAP
You can specify any existing containers and groups in the Search DNs field of the iFolder LDAP
settings. Based on the Search DNs, LDAPGroups are automatically provisioned with accounts for
iFolder services.
novdocx (en) 13 May 2009
The list of LDAPGroup is updated periodically when the LDAP synchronization occurs. New
LDAPGroups are added to the list of iFolder users. Deleted LDAPGroups are removed from the list
of iFolder users. (This might create orphaned iFolders if the deleted LDAPGroup owned any
iFolders). If by mistake LDAPGroup is deleted from the LDAP, you can create that LDAPGroup
again with the same FDN within the Delete member grace interval so that you can recover the user’s
iFolders. For more information on this, see Step 7 on page 133 in the “Accessing and Viewing the
Server Details Page” on page 132.
IMPORTANT: Whenever you move a LDAPGroup between contexts and you want to provide
continuous service for the LDAPGroup, make sure to add the target context to the list of LDAP
Search DNs before you move the LDAPGroup object in eDirectory.
TM
The LDAP synchronization tracks a LDAPGroup object’s eDirectory
GUID to identify the
LDAPGroup in multiple contexts. It tracks as you add, move, or relocate LDAPGroup objects, or as
you add and remove contexts as Search DNs.
The following guidelines apply:
If the LDAPGroup is added to an LDAP container, group, or LDAPGroup that is in the Search
DN, the LDAPGroup is added automatically to the iFolder LDAPGroup list.
Any changes to the LDAPGroup member list are automatically synchronized during next
synchronization cycle.
If a LDAPGroup is moved to a different container, and the new container is also in the Search
DN, the LDAPGroup remains in the iFolder LDAPGroup list.
If you intend to keep the LDAPGroup as an iFolder LDAPGroup without interruption of
service and loss of memberships and data, the new container must be added as a Search DN
before the LDAPGroup is moved.
30 OES 2 SP1: Novell iFolder 3.7 Administration Guide
Loading...