Installing iFolder and Netstorage in a Separate Tree from eDirectory (LDAP)
Novell Cool Solutions: Tip
Digg This -
Posted: 7 Jan 2004
Many people want to run iFolder and NetStorage on a server in the DMZ that resides in a unique tree from the production (private) tree. This is essentially used as an extra layer of security, since it provides an environment where the web services are in an isolated environment (DMZ) from the production tree without needing to open port 80 to the outside in the production environment.
This will work fine as long as you take these points into consideration.
- This configuration is possible with iFolder 2.1 and NetStorage. (This was a new feature introduced in iFolder 2.1 and will not work with previous versions of iFolder)
- During the iFolder installation, the LDAP server (production tree) should be referenced. You should also be aware that all iFolder server objects will be placed in the production tree and that the data store for iFolder will be placed on the iFolder server itself (within the DMZ tree).
- During the NetStorage installation, the primary authentication domain should be set pointing to the eDirectory/LDAP server (within the production tree). This can be modified post-installation via NSADMIN.
- In order to use secure LDAP, you must copy the ROOTCERT.der from the Production tree to the iFolder server's Apache/iFolder/Server directory and ensure iFolder is configured to point to this directory.
- To allow iFolder and NetStorage communication, you must open ports 389, 636 and 524 on the firewall (between the DMZ and production tree) in order for the iFolder/NetStorage server to properly communicate with the eDirectory/LDAP server. (XTier uses NCP for authentication information)
If anyone else has something to add to this list, please share.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com