11.5 Managing iFolder Servers

This section describes how to manage a iFolder server for a multi-server setup.

IMPORTANT:You cannot change the settings of any server from the Web Admin page of a different server.

11.5.1 Searching For Servers

The search functionality help you locate the server you want to manage.

  1. In Web Admin, ensure that you are on Servers page.

    If you are not, click the Servers tab to open the Servers page.

  2. Select a filter criterion (Contains, Begins With, Ends With, Equals).

  3. Use one or more of the following search methods, then click Search:

    • Type the name of the server in the Search Servers field.

    • Type one or more letters in the Search Servers field.

    • Type an asterisk (*) in the Search Servers field to return a list of all Servers on the system.

    • Leave the Search Servers field empty to return a list of all Servers on the system.

Do not click anywhere in the page until the page completely refreshes, then you can browse, sort, or manage the servers listed in the Search Results report.

Scroll up and down to browse the search results and locate the Server you want to manage.

Accessing and Viewing the Server Details Page

Follow the steps given below:

  1. On the Server page, use the search functionality to locate the server.

  2. Click the Server's name link to open the Server Details page to the Servers page.

  3. View the following server informations:

    Parameter

    Description

    Name

    The name assigned to the iFolder enterprise server.

    Type

    The host portion of the DNS name of the server. For example, in if3svr.example.com, if3svr is the host name.

    DNS Name

    The DNS name of the iFolder Enterprise server. For example: 192.168.1.1 or svr1.domain.com

    Public URL

    The public IP address corresponding to the iFolder server.

    To change the IP address, edit the address given and click Save to save the changes you have done.

    Private URL

    The private URL corresponding to the iFolder server. This allows communication between the servers within the iFolder domain. The private URL and the public URL can be the same.

    To change the IP address, edit the address given and click Save to save the changes you have done.

    Master URL (Displayed only for Slave servers)

    The IP address corresponding to the iFolder server. Using this address, slave server communicate with the master server in the iFolder domain.

    To change the IP address, edit the address given and click Save to save the changes you have done.

  4. Select the report from the drop down list to view the detailed statistics about the user activities.

    This option is disabled if the Enable Reporting option on the Report page is left unselected.

  5. View the following server log information:

    Parameter

    Description

    System

    Select System to view the simias.log that tracks all the system activities.

    User Access

    Select User Access to view simias.access.log that tracks the user activities on the selected server.

  6. Set the log level information for the System or for each User access.

    1. Select the option from the drop-down list for which you want to set the log level information.

      System is selected by default.

    2. Click View to view the log level information.

      Either you can save it to the machine or open with a desired file format.

      Parameter

      Description

      All

      Shows all the server activities that help Novell support resolve the issues.

      Debug

      Shows the server activities that help Novell support debug the issues..

      Info

      Shows the basic server activities that help Novell support resolve the issues. This option is selected by default.

      Warn

      Shows all the potential system errors.

      Error

      Shows all the system errors that halt system functioning.

      Fatal

      Shows the fatal system errors.

      Off

      Logging is turned off.

  7. Set the LDAP Details:

    1. You can edit the following LDAP related information. Click Save to modify the entries. Click Cancel to cancel your modifications.

      Parameter

      Description

      Up since

      Shows the date and time of the very first synchronization.

      Status

      Reports the current LDAP sync engine status.

      Cycles

      Shows the number of times the synchronization take place.

      Identity Sync

      Updates iFolder users in the selected iFolder domain from the LDAP information at the interval you select.

      Specify the time interval in minutes in the Identity Sync field and click Sync Now to start synchronizing iFolder users with the LDAP users.

      Delete member grace interval

      Specifies the time interval for the iFolder to remove the user information completely from the iFolder server after the user is deleted from LDAP.

      For example, if you specify 10 minutes as Delete member grace interval, iFolder removes all the user information 10 minutes after the deletion of the user from the LDAP or after the change in LDAP context. However, you can recover all the user data within the specified period.

      Whenever an LDAP context is changed or some user are deleted from the LDAP context, irrespective of the current grace interval period, the first LDAP sync disables the users. The first LDAP sync can be manual by using the Sync Now button, or be scheduled. After the grace interval period, any scheduled or manual LDAP sync removes all the users from iFolder domain and all the user iFolders become orphans.

      Disabled users are never deleted automatically after the grace interval period. The users continue to exist in a disabled state even after the grace interval period until the next LDAP sync cycle. If the users are again created in the LDAP context or the removed context is configured again within the grace interval period, the user becomes active with all the iFolders. However, the user remains in a disabled state. You can enable the user from the Web Admin console. For more information, see Section 12.5, Enabling and Disabling iFolder User Accounts.

      LDAP Context

      Lists all the LDAP contexts. iFolder searches users only from the listed LDAP contexts.

    2. You can edit the following LDAP related information. Click Edit to open a new page where you can modify the entries. You must be authenticated to the LDAP server before you can edit the entries.

      Parameter

      Description

      LDAP Server

      Shows LDAP Server address.

      LDAP SSL

      Allow you to enable or disable LDAP SSL connection.

      Proxy User

      The iFolder Proxy user is the identity used to access the LDAP server to retrieve lists of users in the specified containers, groups, or users that are defined in the iFolder LDAP settings. This identity must have the Read right to the LDAP directory. The iFolder Proxy user is created during the iFolder install.

      Proxy User Password

      The password is used to authenticate the iFolder Proxy user to the LDAP server when iFolder synchronizes users with the LDAP server.

      NOTE:If iFolder is configured to use OES common proxy, then the proxy user password must not be changed from iFolder Web Admin console.

      LDAP Context

      Lists all the LDAP contexts. iFolder searches users only from the listed LDAP contexts.

    3. Authenticate to the LDAP server and modify the LDAP Details, then click OK to apply your changes:

      Parameter

      Description

      LDAP Admin DN

      Specify the fully distinguished name of the LDAP Admin. This might be the same or different as your iFolder Admin.

      LDAP Admin Password

      The password is used to authenticate the LDAP Admin user to the LDAP server.Click OK to update the password stored in the LDAP settings.

      LDAP Server

      Specify the DNS name or IP address of the LDAP server. This might be the same or a different server as any of the iFolder servers in the iFolder system.

      LDAP SSL

      Select Yes to enable LDAP SSL. If SSL is enabled on the server, the value is Yes; otherwise, the value is No.

      Proxy User

      The iFolder Proxy user is an existing proxy user identity used to access the LDAP server with Read access to retrieve a list of authorized users. The proxy user is automatically created during the iFolder enterprise server configuration. The username is auto-generated to be unique on the system.

      Make sure that the user account assigned as the iFolder Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation and is also important because the proxy user password is stored in the file system on the iFolder server.

      Specify the fully distinguished name of an existing user that you want to make the iFolder Proxy user. This identity must have the Read right to the LDAP directory. For example:

      cn=iFolderProxy,o=acme

      Make sure to also enter the new user's password in the Proxy Password field. After you modify the Proxy user, you might want to immediately synchronize the LDAP user lists, using the new iFolder proxy information; otherwise, it is not tested until the next scheduled synchronization of the user list. Use the Sync Now option under LDAP Details on the Server Details page to synchronize the iFolder user list on demand and verify your new Proxy user settings.

      Proxy User Password

      To modify the iFolder Proxy User password, you can directly use this interface to modify the password.This password must match the password stored in the iFolder Proxy user’s eDirectoryTM object.Specify the password twice, then click OK to update the password stored in the LDAP settings.

      LDAP Context

      Specify or edit the LDAP containers, groups, or users where iFolder searches for a list of authorized users to provision for iFolder servers on this enterprise server. LDAP Contexts are entered in LDAP format. For example:

      cn=group,o=acme#cn=dbgroup,o=acme#

      To edit a value, select it, make your changes, then click OK to apply the changes.

      During LDAP synchronization, the iFolder server queries the LDAP server to retrieve a list of users in the DNs (as specified in the LDAP Contexts field) at the specified synchronization interval. The usernames in the iFolder domain are matched against this official LDAP list. Any new user in the specified LDAP contexts are added to the iFolder domain. If a user is no longer in the specified LDAP contexts, the username is removed from the domain, any iFolders the user owns are orphaned and reassigned to the iFolder Admin user, and the user is removed as a member of other iFolders.

      The iFolder Admin User is provisioned for servers during the install. It is tracked by its GUID, so it is available even if you do not specify a container, group, or user, or if you specify Search DNs that do not contain the Folder Admin user. This identity must be provisioned to enable the iFolder Admin to perform management tasks.

  8. Manage the Data store.

    Data Store represents the iFolder storage that can span across multiple volumes (mount points) in a given server. By default, every iFolder server has a default store which cannot be disabled. With web interface, you can add and configure multiple Data Stores across which iFolder data is load balanced. When a user uploads an iFolder, it checks for the Data Store with maximum free space, and stores the iFolder data in that particular Data Store thereby balancing the load. You can add as many Data Stores as you want. Having multiple Data Stores thus makes it possible to scale the data storage capacity in a large deployment to meet the enterprise-level requirements.

    You can view the following data store information:

    Parameter

    Description

    Name

    Shows the unique name you have specified for the Data Store.

    Full Path

    Shows the path to the Data Store, where the volume is mounted on. This is the data path that you have specified while adding the data store using the web interface.

    Free Space

    Shows the space available in the volume.

    Enabled

    Shows the given Data Store is enabled or not. Default Data Store cannot be disabled.

    Deleting a Data Store: You can delete a Data Store if no iFolder is created on it. To delete a Data Store, select the check box next to that Data Store and click Delete.

    Enable or Disable Data Store: Select the Data Store you want to disable or enable and click Disable or Enable respectively. When the user uploads an iFolder, disabled Data Stores are always skipped while checking for the maximum free space availability for storing the iFolder data.

    To add a new Data Store,

    1. Specify the following information:

      Name: Assign a unique name to the Data Store, such as ifolder-store.

      Path: Enter the path where the new volume is mounted. If it is a remote volume (CIFS, NFS, AFP), then ensure that the volume is mounted on every restart for proper functioning and load balancing. You need to check the permissions of the path specified, and change the ownership to Apache-user (wwwrun). Unless you have set the permission for the directory on to which the volume is mounted, you cannot create or sync iFolders on this volume.

Accessing and Viewing the Report Page

Use this interface to enable reporting and generate reports for iFolder and Directories.

It generate reports based on the frequency you select.

  1. Select Enable Reporting to enable reporting.

  2. Select the frequency from the given options (Daily, Weekly, Monthly).

  3. Select the time when you want to generate the report.

  4. Select the output option from the given options (Report iFolder, Report Directories)

  5. Select the format for generating the report.

  6. Click Save to save the settings.

    Click Cancel to cancel the settings.

11.5.2 Upgrading a Slave Server to a Master Server

In a multi-server (master-slave) setup, you may be required to upgrade a slave server to a master server based on your needs. For instance, consider a scenario where you have a master-slave configuration and the hardware on your master server is outdated. You have a slave server with high-end configuration that you would like to be a master server. iFolder enables you to upgrade a slave server to be a master server. On upgrading the slave server to a master server, the following changes take effect:

  • The previous master server is designated as a slave server.

  • All the slave servers in the multi-server setup are updated with new master information. If the slave servers are not updated with new master information, you must update the simias.config file with master server URL and restart the servers.

NOTE:To upgrade a slave server to a master server, all servers in the multi-server setup must be running the same version of iFolder.

All activities pertaining to the upgrade process are logged in the simias.log and adminweb.log files. You can upgrade a slave server to a master server using the Web Admin console.

  1. In the Web Admin console, click the Servers tab.

  2. Click the server that you want to upgrade to display the Server Details page.

  3. Click Set as Master to designate the server as a master server.

After performing the above steps, it is recommended that you re provision the iFolder admin user to the new master server. For more information on re provisioning users, see Section 12.1.2, Manual Reprovisioning.