![]() |
Use this interface to modify the LDAP settings for the selected Novell® iFolder® 3.7 or later server on this iFolder domain.
Modify any of the following fields, then click OK to apply your changes:
Parameter | Description |
LDAP Admin DN |
Specify the fully distinguished name of the LDAP Admin. This can be the same or different as your iFolder Admin. |
LDAP Admin Password |
The password is used to authenticate the LDAP Admin user to the LDAP server. Click OK to update the password stored in the LDAP settings. |
LDAP Server |
Specify the DNS name or IP address of the LDAP server. This can be any of the iFolder servers in the iFolder system. |
LDAP SSL |
Select Yes to enable LDAP SSL. If SSL is enabled on the server,
the value is Yes; otherwise, the value is No. |
Proxy User |
The iFolder Proxy user is an existing proxy user identity used to access the LDAP server with Read access to retrieve a list of authorized users. The proxy user is automatically created during the iFolder enterprise server configuration in YaST. The username is auto-generated to be unique on the system. Make sure that the user account assigned as the iFolder Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation and is also important because the proxy user password is stored in the file system on the iFolder server. Specify the fully distinguished name of an existing user that you want to make the iFolder Proxy user. This identity must have the Read right to the LDAP directory. For example: cn=iFolderProxy,o=acme Make sure to also enter the new user's password in the Proxy Password field. After you modify the Proxy user, you might want to immediately synchronize the LDAP user lists, using the new iFolder proxy information; otherwise, the Proxy user information is not tested until the next scheduled synchronization of the user list. Use the Sync Now option under LDAP Details on the Server Details page to synchronize the iFolder user list on demand and verify your new Proxy user settings. |
Proxy User Password |
The password is used to authenticate the iFolder Proxy user to the LDAP server when iFolder synchronizes users with the LDAP server. To modify the iFolder Proxy User password, you do not need to update the value stored in LDAP settings for the iFolder system. You can directly use this interface to modify the password. This password must match the password stored in the iFolder Proxy users eDirectoryTM object. Specify the password twice, then click OK to update the password stored in the LDAP settings. Note: If iFolder is configured to use OES common proxy, then the proxy user password must not be changed from iFolder Web Admin console. |
LDAP Contexts |
Specify or edit the LDAP containers, groups, or users where iFolder searches for a list of authorized users to provision for iFolder servers on this enterprise server. LDAP contexts are entered in LDAP format. For example: cn=group,o=acme#cn=dbgroup,o=acme# To edit a value, select it, make your changes, then click OK to apply the changes. The iFolder Admin User is provisioned for servers during the install. It is tracked by its GUID, so it is available even if you do not specify a container, group, or user, or if you specify search DNs that do not contain the Folder Admin user. This identity must be provisioned to enable the iFolder Admin to perform management tasks. LDAP synchronization can be scheduled or performed manually by clicking the Sync Now button. On performing LDAP synchronization, the iFolder server queries the LDAP server and retrieves list of users from the DN specified in the LDAP Context field. The usernames in the iFolder domain are compared with the LDAP list. If a user is added or deleted from the specified LDAP context, the iFolder domain is also subsequently updated. Even if a user is deleted from the LDAP context, the first LDAP synchronization only disables the user from the iFolder domain regardless of the Grace Interval Policy. The disabled user is never deleted automatically after the grace interval period and continues to exist in the iFolder domain in a disabled state. If this user is configured again within the grace interval period, the user becomes active with all the iFolders. After the Grace Interval period, the subsequent LDAP synchronization deletes the user from the iFolder domain and all the iFolders of the user are orphaned. The orphaned iFolders are reassigned to the iFolder Admin user. |
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.