3.4 Admin User Considerations

During the iFolder install, iFolder creates two Administrator users, the iFolder Admin user and the iFolder Proxy user. After the install, you can also configure other users with the iFolder Admin right to make them equivalent to the iFolder Admin user.

3.4.1 iFolder Admin User and Equivalent Users

The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever iFolders are orphaned, ownership is transferred to the iFolder Admin user for reassignment to another user or for deletion. You initially specify the iFolder Admin user during the iFolder enterprise server configuration.

The iFolder Admin user must be provisioned to enable the iFolder Admin to perform management tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP container or group in the tree, even those that are not identified as LDAP Search contexts.

The iFolder Admin right can be assigned to other users so that they can also manage iFolder services for the selected server. Use the Web Admin console to add or remove the iFolder Admin right for users. Only users who are in one of the contexts specified in the LDAP Search contexts are eligible to be equivalent to the iFolder Admin user.

If you assign the iFolder Admin right to other users, those users are governed by the roster and LDAP Search DN relationship. The user is removed from the roster and stripped of the iFolder Admin right if you delete the user, remove the user’s DN from the list of LDAP Search contexts, or move the user to a context that is not in the LDAP Search contexts.

3.4.2 iFolder Proxy User

The iFolder Proxy user is the identity used to access the LDAP server to retrieve lists of users in the specified containers, groups, or users that are defined in the iFolder LDAP settings. This identity must have the Read right to the LDAP directory container configured during iFolder enterprise server setup. The iFolder Proxy user is created during the iFolder install and appropriate access rights are provided. You probably never need to modify this value. You can modify the Proxy user using the Web Admin console. For more information, see Step 7.b in the Accessing and Viewing the Server Details Page.

IMPORTANT:If you do modify the iFolder Proxy user, make sure that the identity you specify is different than the iFolder Admin user or other system users because the iFolder Proxy user password is stored in reversible encrypted form in the Simias database on the iFolder server. After you change the iFolder Proxy user, ensure that you restart Apache.

When you initially configure the iFolder enterprise server, iFolder autogenerates a password for the iFolder proxy user.

Table 3-2 Encryption Method for the iFolder Proxy User Password

iFolder Version

Encryption Method

iFolder Proxy User Password

iFolder 3.8

iFolder encryption method

Generates an alphanumeric, 21-digit mixed-case password.

iFolder 3.7

iFolder encryption method

Generates an alphanumeric, 21-digit mixed-case password.

iFolder 3.6

iFolder encryption method

Generates an alphanumeric, 21-digit mixed-case password.

iFolder 3.2

iFolder encryption method

Generates an alphanumeric, 13-digit, mixed-case password.

iFolder 3.0 and 3.1

BASH random number generator

Generates a number between 0 and 10,000 and appends it to iFolderProxy. For example, iFolderProxy1234.

Initially, the password for the iFolder Proxy user is stored in clear text in the /datapath/simias/.local.ppf file. At the end of the configuration process, the system reboots Apache 2 and starts iFolder. When iFolder runs this for the first time after configuration, the iFolder process encrypts the password and stores it in the Simias database and remove the entry from the .local.ppf file.