AppNote: iFolder Data Cleanup in eDirectory
Novell Cool Solutions: AppNote
By Hans-Robert Vermeulen
Digg This -
Posted: 27 Jan 2005
Have you ever deleted an eDirectory user and tried to figure out what iFolder data directory needs to be cleaned up afterwards? One of the developers of iFolder created this utility for our IS&T people here at Novell to find out which iFolder directory belongs to which user.
The recommended procedure to remove an account's data is to do the following:
- Log in to the https://
/iFolderServer/Admin web interface
- Select "User Management"
- Search for the user
- Check the "iFolder Server" and "iFolder Account Path" properties. Here you can select the "Remove iFolder user data" button.
Now I can imagine this is not the preferred method for lets say school administrators. Having to clear a 1000+ accounts in a short period each year won't be a treat with this procedure.
Why the Problem?
iFolder does not use the username or LDAP context in the directory name of the file storage. This makes it hard to find a relation between the user and the storage system without the LDAP user account.
After a fresh install of iFolder and a basic configuration using "Global Settings" from the iFolder Administration web site, the following structure will exist for the iFolder storage:
- Accounts folder
- Access.log file
- Error.log file
- Server.flg file
Only after a user initially logs in, using either the client or the web interface, the physical storage for the user is created in the iFolder data space.
In my case, several two character folders are added, containing 32- character folder names representing the iFolder storage directory. This is roughly how it works:
Given enough users on a system, iFolder creates a two-letter directory with the HEX values of 00, 04, 08 ... and so on, up to F0, F4, F8, and FC. All the user folders that begin with 00, 01, 02, and 03 will be in the 00 directory. All the user folders that begin with 1C, 1D, 1E, and 1F will be in the 1C folder, etc.
Inside the user folders are two .DAT files: DIRCON.DAT and CONTROL.DAT. The CONTROL.DAT file contains the user name somewhere in the beginning of the file. This is where the IFWHODIR.EXE utility comes in.
The IFWHODIR utility
IFWHODIR.EXE will scan all subdirectories below the path specified on the command line, scanning for and reading the required information from the CONTROL.DAT files. To get a copy of the IFWHODIR.EXE utility, click here.
Let's review the IFWHODIR output from a simple test system:
IFWHODIR.EXE G:\iFolder Directory A5AFB27BF183E9A58C76CC9C71CFDBDF belongs to user johnDirectory
C8192DC1FB41A790D1EE41B69ABDA226 belongs to user dduckDirectory
EDFCBD533160003D9A68107574D61EB8 belongs to user bill Total number of users for G:\iFolder: 3
As can be seen above, IFWHODIR.EXE reports back the CN of the user and the corresponding directory name, allowing you to save the information for future reference.
Another approach is to create a process around the utility to kick in whenever you delete a user's data. To do this, you can use the "/csv" switch to generate the output in csv format, making it easier to re-use the output. For example:
IFWHODIR.EXE G:\iFolder /csv john,A5AFB27BF183E9A58C76CC9C71CFDBDF
bill,EDFCBD533160003D9A68107574D61EB8 Total number of users for G:\iFolder: 3
The proper syntax for IFWODIR.EXE is as follows:
IFWHODIR.EXE <File path> /csv
where <File path> is the mapped drive or UNC path to the iFolder data directory, and /csv specifies csv output to the screen.
In my small test environment I could use IFWHODIR.EXE G:\iFolder to get all of the ifolder users for the entire iFolder server, or IFWHODIR.EXE G:\iFolder\C8 to get just the users in the C8 directory.
Getting a List of Usernames from your Tree
As mentioned earlier, the .csv format makes it ideal to compare the output against your user base in eDirectory, to find out what users are "missing" in eDirectory. This enables you to find those long-deleted users and clean up their iFolder data.
There are obviously many ways to get a list of eDirectory users - here are some examples.
LDAPSEARCH is a small freeware utility available from multiple sources on the internet. Here's a sample LDAPSEARCH command:
ldapsearch -h 192.168.2.120 -p 389 -D cn=admin,o=novell -w novell (objectclass=person) !*
This command gives us the following output:
# Dduck,Users,Novelldn: cn=Dduck,ou=Users,o=Novell # John,Users,Novelldn: cn=John,ou=Users,o=Novell # Bill,Users,Novelldn: cn=Bill,ou=Users,o=Novell
This data is OK, but it would probably require some additional work from an advanced text editor to make it usable in a compare.
GETNAME is part of the JRB utilities. They are a personal favorite of mine and can be found at http://www.jrbsoftware.com/. Give them a try!
First, use CX to set your base context equal to your user context, then run GETNAME.EXE as follows:
getname * /a=CN /c /o=user /x /y=s
The output will generate a list of user names (BillDduckJohn). In this case it's the short name, but it could be anything depending on the options you provide. This output can be directly used to compare against the output of IFWHODIR.EXE.
As a final example, LDAP Exporter from Cool Solutions can be used. This tool enables you to export the results to many file types, such as text, Excel, .html, .csv, etc. The tool is graphical, but you can create a re-usable profile specifically for this purpose. The tool can be found at: http://www.novell.com/coolsolutions/tools/1841.html
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com