AppNote: iFolder 3.1 on NSS with OES SP1
Novell Cool Solutions: AppNote
By Andrew Grant
Digg This -
Updated: 30 Jun 2006
Novell's promise to have iFolder 3 running built with mono and promising to run on NSS has finally arrived. Our iFolder deployment has been delayed for over half a year in anticipation of this version. Immediately the sleeves were rolled up and we got stuck in. The tantalising promise of NSS was offset by the lack of howto in the documentation. After some extensive trial and error here's how we did it.New Update: Making iFolder dependent on NSS Andrew discovered a race condition that affects iFolder on NSS. The problem is that if Tomcat comes up before the NSS daemon, iFolder simply doesn't start. Check the solution here.
Because we will be running from a volume that will only be configured during the post installation tasks, it's suggested that iFolder 3.X and iFolder 3.X web access remain unticked during the software selection stage of the installation.
Once OES is installed, install iManager and configure the NSS partition where you will be storing iFolder. For our test server we used the imaginative volume name NSS (hence the mount point /media/nss/NSS).
Open YaST --> Software --> "Install and Remove Software". With the filter set to Selections, tick both "Novell iFolder 3.x" and "Novell iFolder 3.x Web Services" (optional). Click Accept and allow the necessary software to be loaded.
Close and then re-open YaST to allow any updates of the plugins to take effect. Click "Network Services" --> iFolder 3.x
Plug in the credentials of the admin (or equivalent) user and click Next. If your user doesn't have sufficient privilege, you will be informed that there was a problem with authentication.
Fill in the server name, location where everything will be kept on the filesystem and a description (optional).
Please note that (according to the iFolder documentation) iFolder 3 doesn't like being stored in the root of a volume, hence we followed the suggestion of appending 'data' to the path name to make it happy.
The last stage of configuration is setting up the default iFolder admin user and a context for the proxy user to the created. The admin user (in this case ifolder3admin) is the default iFolder boss which you can use to assign iFolder administration privileges to existing users. Click Next to commit the changes and complete the installation.
Note: A proxy user is automatically created along with the iFolder admin account and will be named something like "iFolderProxy8586".
If all goes well, you will be asked to restart your web services.
The last step on the formal installation process is to open iManager as admin and install the iFolder 3 plugin. When you log in you should be notified that a new plugin is available for installation. Follow the like and install the plugin, restarting your web services to make the plugin available.
NSS File Permissions:
Once this configuration has run, you will notice that the iFolder3 home folder has been created. If you log into iManager and try to connect, you will first be prompted to import the server certificate and will then receive an "An internal error has occurred" and in the details part of the error message you will find " System.UnauthorizedAccessException: Access to the path "/media/nss/NSS/ifolder3/data/simias" is denied."
You need to give the web server access to the iFolder3 home directory. From a machine with the Novell Client, right click and select properties of the ifolder3 folder. Click the "NetWare Rights" tab and add the group "www" as a trustee with all but access control privileges.
You can now log back into iManager and connect to your server.
Making iFolder dependent on NSS
Installing iFolder on NSS creates a race condition. This is where Apache2 and Tomcat sometimes come up before the NSS volume(s) are mounted. If this happens then iFolder won't start. Fortunately, an easy edit to the init scripts ensure that things come up in the right order.
Open a terminal (ssh, xterm etc) and log in as root on the iFolder 3 server. We need to make the same change to these two files:
Using your preferred text editor (in my case vi) and in both files, look for the line with "# Required-Start:" and "# Required-Stop:" and add 'nss' to the end of both of them. The screenshot above is the change made to my apache2 init script.
OES now needs to be told about the new dependency. We'll use insserv to do this (it is also possible to use YaST's runlevel editor).
First we disable both services by issuing the commands:
insserv -r /etc/init.d/apache2
insserv -r /etc/init.d/novell-tomcat4
We then enable them (now with the right dependencies) by issuing the commands:
nsserv -dv /etc/init.d/apache2
insserv -dv /etc/init.d/novell-tomcat4
If all has gone well, iFolder should start consistently when your server does.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com