Highlighted
shawn_lobo Absent Member.
Absent Member.
2556 views

Novell Filr - Multiple LDAP conns and Multiple Storage loc

We currently have a little org. added under our purview which has its own MS AD with its MS storage setup. Our existing users are on eDir so the source had already been added and sync'd with the OES on Novell Filr and alls good

but, now for the New Org...
For the new org. we had added a new LDAP source. On running the sync now option, the 1st source which was eDir on the list started to sync. Not sure why the sync operation started with the 1st source although I explicitly clicked on apply for the 2nd source configuration 😞

Note: The Test connection option would be a great advantage here for the credentials so, not sure why its not there as one would like to test the connection and then run the sync at non-peak hours. (If i remember correct, the Novell Access Manager has a basic test LDAP credential option which was created to address such an issue)

Problem 1: How should one proceed to add the new source to Filr with the New users configured to the MS storage? that is, so that both eDir and MS users could login concurrently and access respective storage areas.

Problem 2: We have a handful of users in higher management which belong to both the trees so... Is there any way to link the Netfolder location to a particular LDAP and to challenge users for authenication based on storage location accessed or to link/map users somehow... How should one go about this one?

Additionally, as part of troubleshooting I dont see much in how do I configure log levels and log locations to one consolidated location on the UI. Any docs on this?

Cheers,
Shawn
0 Likes
6 Replies
jmarton2 Absent Member.
Absent Member.

Re: Novell Filr - Multiple LDAP conns and Multiple Storage loc

shawn lobo wrote:

> Problem 1: How should one proceed to add the new source to Filr with
> the New users configured to the MS storage? that is, so that both eDir
> and MS users could login concurrently and access respective storage
> areas.


After adding the AD LDAP source and importing users, users who have a
home directory defined should get NF servers created automatically
pointing to the appropriate Windows servers. This will provision their
"My Files" access. You can go on and create additional NF servers and
NF themselves to give AD users access to resources just as you've done
with the eDir users and their respective resources.

> Problem 2: We have a handful of users in higher management which
> belong to both the trees so... Is there any way to link the Netfolder
> location to a particular LDAP and to challenge users for
> authenication based on storage location accessed or to link/map users
> somehow... How should one go about this one?


Not currently. An eDir user can share files with an AD users and vice
versa with the proxy user defined in the respective NF servers being
used for access rights. But it's not possible to assign a user to a NF
if they aren't in the NF server's LDAP source.

> Additionally, as part of troubleshooting I dont see much in how do I
> configure log levels and log locations to one consolidated location on
> the UI. Any docs on this?


There isn't any config around this currently. If you need to
troubleshoot LDAP imports, NF syncing, etc most of that is logged in
/opt/novell/filr/apache-tomcat/logs/ssf.log.

--
Your world is on the move. http://www.novell.com/mobility/
We know what your world looks like. http://www.novell.com/yourworld/

Joe Marton Emeritus Knowledge Partner
0 Likes
shawn_lobo Absent Member.
Absent Member.

Re: Novell Filr - Multiple LDAP conns and Multiple Storage l

jmarton;2263134 wrote:
shawn lobo wrote:

> Problem 1: How should one proceed to add the new source to Filr with
> the New users configured to the MS storage? that is, so that both eDir
> and MS users could login concurrently and access respective storage
> areas.

After adding the AD LDAP source and importing users, users who have a
home directory defined should get NF servers created automatically
pointing to the appropriate Windows servers. This will provision their
"My Files" access. You can go on and create additional NF servers and
NF themselves to give AD users access to resources just as you've done
with the eDir users and their respective resources.


Well, running the sync on the 2nd source seemed to run sync on the 1st source. So had no choice but to remove the eDir source and troubleshoot the issue with the AD sync. It would seem that a small typo was the issue.
After correcting the issue, ran the AD sync, followed by adding the eDir again but, this time it would be the 2nd source. The sync against the eDir worked fine on apply...so, not sure if the failure to sync one source moves over to the next source on the list although, i am not sure why this should be the case since I Applied "Run Immediately" for the second source only.
In any case was able to solve this little issue. Thanks.

> Problem 2: We have a handful of users in higher management which
> belong to both the trees so... Is there any way to link the Netfolder
> location to a particular LDAP and to challenge users for
> authenication based on storage location accessed or to link/map users
> somehow... How should one go about this one?

Not currently. An eDir user can share files with an AD users and vice
versa with the proxy user defined in the respective NF servers being
used for access rights. But it's not possible to assign a user to a NF
if they aren't in the NF server's LDAP source.


Kewl, this question was more centered around users who have multiple accounts in this case, both in the eDir and the MS AD. If I login to one tree in Novell Filr then, on clicking the other storage location which is configured to another LDAP source if it could popup authentication to the other source and somehow bind the sessions rather than have users log out and login, time and again, based on the data he needs.


> Additionally, as part of troubleshooting I dont see much in how do I
> configure log levels and log locations to one consolidated location on
> the UI. Any docs on this?


There isn't any config around this currently. If you need to
troubleshoot LDAP imports, NF syncing, etc most of that is logged in
/opt/novell/filr/apache-tomcat/logs/ssf.log.


The logs did provide clues but it would great if we have more of the auditing and logging documented for PCI/SoX/Government Compliance and Administrator Troubleshooting purposes.

Thanks for the assist jmarton.



[At the back of my mind, a question keeps me wondering... if I have multiple LDAP sources which have been sync'd and if the attribute value by which the user is identified on one source is the same as the value of another LDAP source for authentication then, would it deny entry to this user due to the existance of duplicates (like in NAM) OR login as both users OR would it depend on which LDAP source is searched 1st (how does one alter priority for multiple sources..)?]
0 Likes
janbroman Absent Member.
Absent Member.

Re: Novell Filr - Multiple LDAP conns and Multiple Storage l

shawn_lobo;2263183 wrote:
jmarton;2263134 wrote:
shawn lobo wrote:
[At the back of my mind, a question keeps me wondering... if I have multiple LDAP sources which have been sync'd and if the attribute value by which the user is identified on one source is the same as the value of another LDAP source for authentication then, would it deny entry to this user due to the existance of duplicates (like in NAM) OR login as both users OR would it depend on which LDAP source is searched 1st (how does one alter priority for multiple sources..)?]


I have the same reflection. We have two Edirectory where a user has the same UID in both edirectorys and log into the two trees simultaneously using NW client. A user can have file rights in both directories. If you set up two ldap sources, users will only be imported ones because it becomes a uid conflict. Here one would like to have a match of the two UID so that it became one in filr, or at least an opportunity to link the two uid to one.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Novell Filr - Multiple LDAP conns and Multiple Storage l

janbroman;2263586 wrote:
shawn_lobo;2263183 wrote:


I have the same reflection. We have two Edirectory where a user has the same UID in both edirectorys and log into the two trees simultaneously using NW client. A user can have file rights in both directories. If you set up two ldap sources, users will only be imported ones because it becomes a uid conflict. Here one would like to have a match of the two UID so that it became one in filr, or at least an opportunity to link the two uid to one.


Basically you can't have two userid in any source with the same "name".
Example:
eDir is importing via GUID and has userid: jsmith
You ADD an LDAP data source (2nd) for AD and specify uid and AD ALSO has a userid: jsmith

(or 2 eDir trees with same userid, etc.)

Currently doesn't work/not allowed with the 1.0 version of FILR.

You'll have to setup 2 FILR instances each pointing to the separate LDAP source if you want to use it currently.
0 Likes
janbroman Absent Member.
Absent Member.

Re: Novell Filr - Multiple LDAP conns and Multiple Storage l

kjhurni;2263638 wrote:
janbroman;2263586 wrote:


Basically you can't have two userid in any source with the same "name".
Example:
eDir is importing via GUID and has userid: jsmith
You ADD an LDAP data source (2nd) for AD and specify uid and AD ALSO has a userid: jsmith

(or 2 eDir trees with same userid, etc.)

Currently doesn't work/not allowed with the 1.0 version of FILR.

You'll have to setup 2 FILR instances each pointing to the separate LDAP source if you want to use it currently.


Yes I know, that's what I wrote. Wishes for the future perhaps? Perhaps using more than one edirectorys or trees is belonging to the past. So it's probably better to adapt the infrastructure to the future needs rather than adapt the third generation of file sharing to the past.
0 Likes
shawn_lobo Absent Member.
Absent Member.

Re: Novell Filr - Multiple LDAP conns and Multiple Storage l

janbroman;2263671 wrote:
kjhurni;2263638 wrote:


We get the following in the log on addition of a user from the MS ActDir tree since the user was already added from the eDir (the guids are different but, their user ids are the same).

2013-05-15 05:46:22,600 ERROR [http-apr-8443-exec-10] [org.kablink.teaming.module.ldap.impl.LdapModuleImpl] - An error occurred trying to create the user the 2nd time: testuser123

Well Janbroman, fingers crossed on sooner than later... We see the Filr Appliance as a Storage Access Gateway much like the Web Access Gateway of Novell. We are aware of quite a few orgs out there we work with who have Novell and have more than one source and I am not sure whether this fact is going to change anytime soon. For that matter, I know the NiDP has multiple sources support configured to authenticate to based on which web application I am logging into, where and from which source I need to log into it all in one go... Imagine if we or other customers were told that we need a NAM instance for every source we have... not sure if it would have sat well with Management.

In anycase, the Novell Filr I would believe, in Engineering terms, have certain intersecting problem use cases/user stories that would need to be served. Hoping their Product Mgmt has this stuff in on the next update... 🙂
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.