2.3 Configuring Synchronizer Web Admin

Synchronizer Web Admin is the management and administration tool for your Synchronizer system.

2.3.1 Searching Multiple LDAP Contexts for Users and Groups

During installation, you specify one LDAP container to search in for user information and another container to in search for group information. After installation, you can add more containers for Synchronizer Web Admin to search in for users and groups when you need to add users and groups to your Synchronizer system.

IMPORTANT:Subcontainers are also searched, so you do not need to add them separately.

  1. In Synchronizer Web Admin, click Manage Global Settings Global Settings icon.

    Manage Global Settings page

  2. To search in an additional container for users, specify the container context in the text entry field under LDAP Base User DNs, then click Plus icon to add the container to the list of containers to search.

  3. To search in an additional container for groups, specify the container context in the text entry field under LDAP Base Group DNs, then click plus icon to add the container to the list of containers to search.

  4. Click Save LDAP Settings.

  5. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

Users and groups from the new container contexts are immediately available for adding to connectors.

2.3.2 Setting Up Multiple Synchronizer Administrator Users

During installation, you establish the initial user who can access Synchronizer Web Admin. After installation, you can grant this right to additional users.

  1. In a terminal window on the Synchronizer server, become root by entering su - and the root password.

  2. Change to the following directory:

    /etc/datasync/configengine

  3. Open the configengine.xml file in a text editor.

  4. Locate the following section:

    <admins>
     <dn>cn=user_name,ou=organizational_unit,o=organization</dn> 
</admins>

    This section identifies the original Synchronizer user that you established during installation.

  5. Copy the line for the original Synchronizer user to a new line between the <admins> tags, then modify it as needed to identify an additional Synchronizer administrator user.

  6. Save the configengine.xml file, then exit the text editor.

  7. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.3 Adjusting the Synchronizer Web Admin Polling Rate for Groups

When you add an LDAP group to your Synchronizer system in Synchronizer Web Admin, the LDAP group’s existing members are added to the group as displayed in Synchronizer Web Admin. Subsequently, Synchronizer Web Admin polls for updates to LDAP group membership, so that the group membership displayed in Synchronizer Web Admin always matches the LDAP group membership.

By default, Synchronizer Web Admin polls the LDAP directory for group membership changes every 30 minutes. It polls only the groups in containers that it has been configured to search, as described in Section 2.3.1, Searching Multiple LDAP Contexts for Users and Groups.

  1. In Synchronizer Web Admin, click Manage Global Settings Global Settings icon.

    Manage Global Settings page

  2. Adjust the polling rate as needed to synchronize the group membership in Synchronizer Web Admin with current LDAP group membership to meet the needs of your Synchronizer system.

  3. Click Save LDAP Settings.

  4. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.4 Adjusting the Synchronizer Web Admin Timeout

By default, Synchronizer Web Admin times out after one hour. You can adjust the session time by editing the Synchronizer Web Admin configuration file.

  1. In a terminal window on the Synchronizer server, become root by entering su - and the root password.

  2. Change to the following directory:

    /etc/datasync/webadmin

  3. Open the server.xml file in a text editor.

  4. Add the following line between the <config> tags:

    <sessionTimeout>seconds</sessionTimeout>

  5. Replace seconds with the number of seconds you want to elapse before Synchronizer Web Admin times out.

    The default is 3600 seconds (60 minutes). Increase or decrease the setting as needed to meet your security needs.

  6. Save the server.xml file, then exit the text editor.

  7. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.5 Changing the Synchronizer Web Admin Port Number

When you access Synchronizer Web Admin from your Web browser, the default port number is 8210. You can configure Synchronizer Web Admin to use a different port number, such as a port number that is already open through your firewall to provide external access to Synchronizer Web Admin.

  1. In a terminal window on the Synchronizer server, become root by entering su - and the root password.

  2. Change to the following directory:

    /etc/datasync/webadmin

  3. Open the server.xml file in a text editor.

  4. Change 8120 to the desired port number.

  5. Save the server.xml file, then exit the text editor.

  6. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.6 Enabling and Disabling SSL for the Synchronizer LDAP Connection

During Mobility Pack installation, you chose whether to use SSL for the connection between the Synchronizer Web Admin and the LDAP directory. You can change the setting after installation as needed.

  1. In Synchronizer Web Admin, click Manage Global Settings Global Settings icon.

    Manage Global Settings page

  2. Select or deselect Secure to enable or disable SSL.

  3. In the LDAP Port field, adjust the port number as needed to match the port number used by the LDAP server.

    The default secure SSL port is 636. The default non-secure port is 389.

  4. Click Save LDAP Settings.

  5. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.7 Changing the LDAP Server for Authentication

During Mobility Pack installation, you selected an LDAP server for Synchronizer Web Admin to communicate with when authenticating to the LDAP directory. You can change the LDAP server after installation as needed.

  1. In Synchronizer Web Admin, click Manage Global Settings Global Settings icon.

    Manage Global Settings page

  2. In the LDAP Server Hostname field, specify the IP address or DNS hostname of the LDAP server that you want to use for authentication.

  3. (Conditional) If needed for the new LDAP server, adjust the port number and secure SSL setting.

    The default secure SSL port is 636. The default non-secure port is 389.

  4. (Conditional) If needed for the new LDAP server, adjust the LDAP base DNs for users and groups.

  5. (Conditional) If needed for the new LDAP server, adjust the LDAP administrator DN and password.

    If you accidentally change any LDAP server information so that you are prevented from logging in to Synchronizer Web Admin using the new LDAP information, you can still log in using the root user name and password, as described in Section 2.3.9, Accessing Synchronizer Web Admin When the LDAP Server Is Inaccessible.

  6. Click Save LDAP Settings.

  7. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart

2.3.8 Using Synchronizer Web Admin with a Single Sign-On Solution

If you are using a single sign-on solution such as Novell Access Manager or WSTrust, Synchronizer Web Admin does not require authentication when you are already logged in to the single sign-on solution.

  • For Novell Single Sign-On, no extra configuration is required.

  • For WSTrust, you must provide WSTrust settings in Synchronizer Web Admin. On the Manage Global Settings page, click WSTrust Settings. For more information, see WSTrust.

2.3.9 Accessing Synchronizer Web Admin When the LDAP Server Is Inaccessible

Occasionally, you might need to log in to Synchronizer Web Admin when the LDAP server is unavailable. At all times, you can log in to Synchronizer Web Admin using the root user name and password.

After three unsuccessful attempts to log in to Synchronizer Web Admin as root, Synchronizer Web Admin is locked against logging in as root. To release the lock, you must restart the Web Admin service, as described in Section 1.2.3, Managing the Web Admin Service.

2.3.10 Configuring Synchronizer Web Admin for a Specific Language

The Synchronizer Web Admin interface has been translated into the following languages:

  • Dutch

  • French

  • German

  • Spanish

  • Swedish

By default, Synchronizer Web Admin displays in the same language as your Web browser when you are using one of the supported languages. However, if you are using an unsupported language in your Web browser, Synchronizer Web Admin displays in English.

You can configure Synchronize Web Admin to use the supported language of your choice instead of English.

  1. In a terminal window on the Synchronizer server, become root by entering su - and the root password.

  2. Change to the following directory:

    /etc/datasync/webadmin

  3. Open the server.xml file in a text editor.

  4. Add the following line between the <config> tags:

    <lang>language_code</lang>

  5. Replace language_code with the supported language that you want to use for Synchronizer Web Admin instead of English.

    Language

    Language Code

    Dutch

    nl

    French

    fr

    German

    de

    Spanish

    es

    Swedish

    sv

  6. Save the server.xml file, then exit the text editor.

  7. Restart the Synchronizer services to put the new setting into effect:

    rcdatasync restart