Advanced Novell Network Management: NetWare 6

Chapter 7: Perform Advanced iFolder Tasks and Troubleshooting

 

Objectives:

This chapter discusses configuration and use of iFolder:

  1. Describe iFolder Configuration Files
  2. Perform iFolder Management Tasks
  3. Maintain and Troubleshoot the iFolder Client
  4. Maintain and Troubleshoot the iFolder Server
Concepts:
Describe iFolder Configuration Files

iFolder is a product through which someone can access their files on a Novell network by using a web browser. It makes use of the Apache web server that comes with NetWare 6. A Flash presentation on iFolder is available on the Novell web site.

Two configuration files affect how iFolder functions:

  • SYS:\Apache\iFolder\Server\HTTPD.CONF
  • SYS:\Apache\iFolder\Server\HTTPD_ADDITIONS_NW.CONF

These files are read each time iFolder is started, so any changes made in them will not take effect until iFolder is stopped and started again. The text suggests that you should review the documentation on the Apache server, available at http://www.apache.org/docs/.

The HTTPD.CONF file contains entries in three sections that will affect iFolder:

  • Global environment - Listen server_IP_address:80 (Substitute your server's IP address.)
  • Main server - Server_name IP_address (Substitute your server's name and IP address.)
  • Virtual hosts - This group of three lines will provide SSL access to the server:
    <IfModule mod_tls.c>
    SecureListen server_IP_address:443 “SSL CertificateIP”
    </IfModule>

This file also contains a line at the end that calls the other configuration file. The effect of this call is to configure the Apache server just for iFolder needs.

The discussion of the HTTPD_ADDITIONS_NW.CONF file includes an example with all of its lines. Luckily, you do not need to know this file by heart. You do need to know that two ports are specified in the file, as they are in the example above, allowing both secure and non-secure access to the server. These two addresses provide what the text refers to as two virtual hosts. (Remember that port addresses are also called service addresses. These are two services running on the same physical device.)

Normally, you would edit these files if any of the circumstances below arise:

  • You must add login contexts because you have added new container to your tree, or because you did not configure sufficient login contexts when you installed iFolder. The login contexts are the containers that hold users who are allowed to use iFolder. The list of these containers follows LDAP syntax. Typeful distinguished names are used, but each phrase in a name is followed by a comma, and separate names are separated by semi-colons.
  • You must authorize additional admin users.
  • Your iFolder server needs its own IP address because there are port conflicts on ports 80 and 443 with other web-based services.
  • Your organization has changed its IP addresses.
  • iFolder is being moved from volume SYS to a more suitable volume.

Configuration files may sometimes be edited from the iFolder Server Management Console, and should sometimes be edited manually. Manual changes must be made to change the name of the server or the location of the folder where iFolder actually saves data (the Server Root).

Perform iFolder Management Tasks

iFolder must be stopped and restarted before changes made in the configuration files take effect.

  1. The sequence begins with stopping synchronization on the iFolder management console. This will close files, protect data integrity, and avoid an error when the Apache server is restarted.
  2. The next step is to use the command STOPIFOLDER on the server console.
  3. The third step is to restart iFolder with the console command STARTIFOLDER. If this does not work, stop and start the Apache server. The commands to do so are NVXADMDN and NVXADMUP.

The iFolder Server Management Console can be used to set client policies and server policies that affect users who access iFolder. The Server Management Console is accessed through a browser with one of the following addresses:
https://server_IP_address or
https://DNS name/iFolderServer/Admin

The location of iFolder data, like the location of most Novell data, is on the SYS: volume. This is always done because there is no guarantee that you will have another volume. If you do have one, it is better to move iFolder data there. This location is specified in the SYS:\Apache\iFolder\Server\HTTPD_ADDITIONS_NW.CONF file as the value of iFolderServerRoot.

Maintain and Troubleshoot the iFolder Client

It has been stated that iFolder does not require the standard Novell Client software, but you should remember that it has its own iFolder Client software for a client workstation. The iFolder client sends changes made from a workstation back to the server in 4 kilobit blocks. This is called synchronizing. (A note made in the discussion of the iFolder Client is that files larger than 4 Gigabytes will not synchronize.) A file called a synch index is kept on the client and on the server. It increments when changes are made. When the server determines that changes have been made, files are synchronized.

Some advice is offered about troubleshooting client problems.

  • Files are not synchronizing from client to server - This can be caused by corrupted copies of file maps and dirmaps on the client workstation. File maps are descriptions of the files in your iFolder. Dirmaps are descriptions of the folders in your iFolder. Delete these files on the workstation and log in to iFolder, which will cause new copies to be sent to your workstation.
  • Files are not synchronizing from server to client - This can be caused by a lack of space on the workstation. Files are copied to two places on the workstation: first to the user's working home directory (C:\Program Files\Novell\iFolder\UserID\Home), then to the user's iFolder home directory (C:\Documents and Settings\Administrator\My Documents\iFolder\UserID\Home). The solution is obvious: make more room on the hard drive.
  • Files missing from the conflict bin - You expect to find files that have been deleted from workstations, or overwritten by synchronization, in the conflict bin. They may not be there if they are larger than the default size of the conflict bin (25 MB), or if there is no space left for them in it. Solution: change the size of the conflict bin by accessing its properties. Files may also be missing from the conflict bin if they are deleted from the computer they are created on. This is not considered to be a conflict.
Maintain and Troubleshoot the iFolder Server

A web browser can give a user access to iFolder files, even if the iFolder client is not installed on their workstation. Note that this method does not provide synchronization service.

The iFolder client uses a thread to make a connection to the server to update files. These threads are released when the update is completed. When users access iFolder information without an iFolder client, the browser requires a constant connection to the server until the user logs off. If many users of this type exist on your network, increase the value of ThreadsPerChild. The default value is 150. The maximum value for a server with a 100 Mbps NIC is 312; the maximum value for a server with a 1Gbps NIC is 2048.

If users can access iFolder throught the client (port 80 on the server), but the administrator cannot do so (port 443), and users cannot do so with just a browser (port 443), the problem is likely that the server certificates are corrupted. To correct this, some file maintenance is required. Save a safety copy of SYS:\Apache\iFolder\Server\HTTPD_ADDITIONS_NW.CONF. In the original copy, remove the secure port section. In the non-secure section, add the line
SecureServerPort 80
to enable temporary non-secure access to the iFolder Management Console. (You have to stop and restart iFolder before this setting takes effect.) Access the iFolder Management Console, and correct certificat problems. Then, restore the original configuration file, and restart iFolder again.

It is possible that iFolder and iPrint will have a conflict. They both use port 443 by default. You can resolve this by moving either service to another port.

Users log in to iFolder accounts with pass phrases. The odd fix for this is to remove user account information from the server, then have the user log in again, which will allow the user to create a new pass phrase. Information from the workstation is then automatically synchronized with the server.

Normally, iFolder and the LDAP server communicate over port 636, which is a secure port. If both services run on the same server, they are allowed to communicate over port 389, which is not secure, since the communication does not leave the machine. The wrinkle for this one is that communicating over port 389 requires you configure LDAP to use clear text (unencrypted) passwords.