You can have an unlimited number of iFolder servers and up to eight LDAP-enabled servers.
Through the iFolder Management Console, you can change your iFolder server's IP address, DNS name, or assigned ports. Your first iFolder server is automatically added to the iFolder Management Console for you. All additional iFolder server must be manually add into the iFolder Management Console in order for you to manage them.
The Upgrade button is used to enable iFolder accounts on a server that has been upgraded from iFolder Standard Edition to iFolder Professional Edition.
If the DNS name or IP address of your iFolder server goes directly to the iFolder server without being routed through another device, meaning that your iFolder server is not behind a firewall, you are only required to fill in the information beneath the Public heading. If the DNS name or IP address of your iFolder server goes through another device, like an L4 switch or a firewall which redirects the request to the iFolder server, you need to fill in the information under both the Public and Private headings.
IMPORTANT: If you have Network Address Translation (NAT) functionality built into your routers or switches, see your iFolder public and private DNS names and IP addresses as instructed in this document.
If your public DNS name or IP address redirects requests to a private iFolder IP address, specify a DNS name (not an IP address) as the public address of the iFolder server. Then, make sure you are using an internal DNS server to resolve the DNS name to the private address for internal users and use an external DNS server to resolve the DNS name to the public address of external users.
The Private settings allow the iFolder servers to communicate directly to each other within the iFolder system. The Public settings allow you to access the iFolder server from outside the firewall.
The ports that you enter into the iFolder Management Console must match the ports that you specified during the iFolder installation. You can have multiple iFolder servers using the same port numbers if they all have a unique DNS name or IP address.
Port 80 is used to send the encrypted username and password and data from the iFolder client to the iFolder server. iFolder uses RSA* encryption to encrypt the username and password, and Blowfish* encryption to encrypt the user data. Port 443 is used to access the iFolder Management Console and the Java applet via SSL and HTTPS.
For more information, see Authentication and Encryption.
You can regulate how much disk space will be allotted to each iFolder user or how much time will pass before a session times out.
Log in to the Global Settings section of the iFolder Management Console with your Admin username and password.
Click Global Policies and then click the Display button next to Server Policies.
Edit the information and then click Update.
For NetWare servers, when you click Debug Output, you can view all of the synchronization activity on each NetWare server. This information is displayed on the Apache screen located on each iFolder server.
To use Debug Output for Windows NT 4/2000, follow these steps:
Create a logs directory at c:\inetpub\wwwroot\iFolder\DocumentRoot.
Add the following line to the Windows Registry (located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\iFolderServer):
ifolderserverlogging c:\inetpub\wwwroot\iFolder\DocumentRoot\logs\index.html
To access this information, in a browser enter the IP or DNS name of your server, followed by the directory and filename.
For example: http://serveripaddress/logs/index.html
To use Debug Output for Linux servers, follow these steps:
Edit the HTTPD_ADDITIONS_LINUX.CONF file located at /usr/local/apache2/ifolder/Server, and add the following parameter to the end of the Virtual Hosts sections for both port 80 and port 443:
iFolderServerLogging "/usr/local/apache2/ifolder/DocumentRoot/logs/index.html"
The debug information will go to the INDEX.HTML file that is created for you in DocumentRoot under the logs directory.
To access this information, do one of the following:
For example: http://serveripaddress/logs/index.html
# tail -f pathandfilename For example: # tail -f /usr/local/apache2/ifolder/DocumentRoot/logs/index.html NOTE: Apache must have permissions to be able to create and write to the log file. This can be done by entering this chmod command at the server console: # chmod 777 /usr/local/apache2/ifolder/DocumentRoot/logs
Whenever you add an LDAP server through the iFolder Management Console for user authentication, you are required to enter a name for the LDAP server, its DNS or IP address, a port number and, if necessary, the location of the root certificate. You can choose either port 389 or 636.
Choose port 389 if you want to use LDAP without SSL encryption or if your LDAP server does not support SSL. Port 389 is also a good choice if iFolder and LDAP are running on the same server (no communication or data is being transferred across the wire, so no encryption is necessary).
If you choose port 389, the LDAP Group object must be marked to allow clear text passwords. To verify this, launch ConsoleOne®, locate the context where your server resides, right-click the LDAP Group object, click Properties, and then check Allow Clear Text Passwords.
Choose port 636 if you want to use SSL, which provides your network with encryption and security when data is transferred across the wire. SSL requires a Root Certificate.
If you choose port 636, make sure you have previously copied the ROOTCERT.DER file from your LDAP server's SYS:PUBLIC directory to an iFolder server's SYS:PUBLIC dirctory. When you add a secure LDAP server to your iFolder system, the root certificate is copied into an attribute of the iFolderSettings class on the Global Settings LDAP.
In the contexts field, list all of the contexts, separated by a semicolon (;). The order of the contexts is the order in which the contexts will be searched. The first context that is listed should be the context that contains the Admin user.