Anonymous_User Absent Member.
Absent Member.
3157 views

default LDAP server?

We have Netware 6.5 SP5 running on a handful of servers. iFolder is
running in an office on the west coast and another on the east coast.
LDAP is running on both as well as another server on the east coast
(the "main" ldap server).

iFolder management shows all three servers as valid LDAP servers for
iFolder. The problem is that every user, despite what their iFolder
server is set to, all point to the main LDAP server on the east coast for
authentication. I can't see where you can choose which LDAP server upon
user creation and I can't see where you set the default LDAP server for
each iFolder server?

Any help is appreciated.

Thanks,
Joe
Labels (1)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

,
> iFolder management shows all three servers as valid LDAP servers for
> iFolder. The problem is that every user, despite what their iFolder
> server is set to, all point to the main LDAP server on the east coast for
> authentication. I can't see where you can choose which LDAP server upon
> user creation and I can't see where you set the default LDAP server for
> each iFolder server?


The LDAP servers are defined by the "User LDAP" objects. Look for ldap_01,
ldap_02 etc.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

> ,
> > iFolder management shows all three servers as valid LDAP servers for
> > iFolder. The problem is that every user, despite what their iFolder
> > server is set to, all point to the main LDAP server on the east coast

for
> > authentication. I can't see where you can choose which LDAP server

upon
> > user creation and I can't see where you set the default LDAP server

for
> > each iFolder server?

>
> The LDAP servers are defined by the "User LDAP" objects. Look for

ldap_01,
> ldap_02 etc.



Thanks for the quick reply. I can see the server objects no problem.
Basically, we had a network outage today and our west coast office lost
connectivity to the east coast office. During this time they were not
able to login to iFolder. We found that ALL users (when you view a user
in iFolder) are set to use the main LDAP server on the east coast.

My question is, if there are three LDAP servers listed under "User
LDAPs", how do you assign users to use one LDAP server over the other?
Right now it seems like they always use the server at the top of the list
(which is our main LDAP server on the east coast).

Thanks,
Joe
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

Just an additional FYI. I've noticed that both iFolder servers do NOT
have replicas of the partition LDAP was told to use as a base DN. So, I
can certainly see how this wouldn't work regardless until this is
changed. I'm still confused as to how to "tie and LDAP server to an
iFolder server" or set a specific LDAP server in iFolder manager for a
user?

Thanks
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

,
> I'm still confused as to how to "tie and LDAP server to an
> iFolder server" or set a specific LDAP server in iFolder manager for a
> user?
>

It is not per user, it is per server. A user is on a server and that
server has one or more LDAP servers defined. Ideally that server should
be local and always accessible.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

> ,
> > I'm still confused as to how to "tie and LDAP server to an
> > iFolder server" or set a specific LDAP server in iFolder manager for

a
> > user?
> >

> It is not per user, it is per server. A user is on a server and that
> server has one or more LDAP servers defined. Ideally that server should
> be local and always accessible.


Hmmm.... I guess that is where I am confused then? I can see all three
LDAP servers defined in iFolder manager and I know that LDAP is up and
running on each server (both iFolder servers and also on the "main" ldap
server).

Why are all my users (whether setup on the west coast or east iFolder
server) showing the main LDAP server on the east coast as the "USER LDAP"
server for the iFolder user?


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

,
> Why are all my users (whether setup on the west coast or east iFolder
> server) showing the main LDAP server on the east coast as the "USER LDAP"
> server for the iFolder user?
>

Hmmm... Let me check on that..

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

This is what I got back. I have only one server myself so it is hard to
check 😉 Can you check:

a) What LDAP server address is specified in both server's
ifolder_nw_additions.conf.

B) What addresses are specified in both LDAP_01, LDAP_02 objects in DS.

-----------
Well the iFolder_server attribute is what tells iFolder that the user
is enabled for iFolder. And if you want to have that user be a part of
a different iFolder then it is just a matter of changing that
attribute. It is also important to know which iFolder a user belongs to
for reporting purposes.

Well, when they login to iFolder with a specific server, that server
should go to the iFolder that is specified in the iFolderAdmin. Is it
not doing this? If it is not doing this, I will need to know what the
users attributes are set to as well as the LDAP attributes found in the
iFolderServer/Admin. And how are they checking this, through an LDAP
trace on the server?

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

Thank you. Sorry I couldn't get back to you sooner.

ServerA - running iFolder and LDAP. iFolder Manager (under USER LDAPS)
shows this server as iFolder_LDAP1.

ServerB - running iFolder and LDAP. iFolder Manager show this server as
iFolder_LDAP02.

MainServer - running LDAP but not iFolder. iFolder manager shows this
server as iFolder_MainServer.

I couldn't find a "ifolder_nw_additions.conf" file but I did find
a "httpd_ifolder_nw.conf" file. It has the correct servers listed under
the LdapHost heading (ie. ServerA has ServerA listed as the LDAP host).

Thanks again,
Joe


> This is what I got back. I have only one server myself so it is hard to
> check 😉 Can you check:
>
> a) What LDAP server address is specified in both server's
> ifolder_nw_additions.conf.
>
> B) What addresses are specified in both LDAP_01, LDAP_02 objects in DS.
>
> -----------
> Well the iFolder_server attribute is what tells iFolder that the user
> is enabled for iFolder. And if you want to have that user be a part of
> a different iFolder then it is just a matter of changing that
> attribute. It is also important to know which iFolder a user belongs to
> for reporting purposes.
>
> Well, when they login to iFolder with a specific server, that server
> should go to the iFolder that is specified in the iFolderAdmin. Is it
> not doing this? If it is not doing this, I will need to know what the
> users attributes are set to as well as the LDAP attributes found in the
> iFolderServer/Admin. And how are they checking this, through an LDAP
> trace on the server?
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

,
> I couldn't find a "ifolder_nw_additions.conf" file but I did find
> a "httpd_ifolder_nw.conf" file. It has the correct servers listed under
> the LdapHost heading (ie. ServerA has ServerA listed as the LDAP host).
>

OK. Have you verified, LDAP trace, what server is hot when you log in?

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

OK. Here is the scoop. Now what Joe suggests actually makes sense. Ie
have the USer LDAPs hit something like myclosestldap.acme.com. Then
have that resolve differently, or just put it in each server's hosts
file.

---------------
Okay, here is the issue. The only attribute that is associated with the user
is the iFolder_server, quota, etc.. The iFolder_LDAP is not associated to a
user. When we use an iFolder server it simply goes though the list in
alphabetical order according to the object name. It will use the first one
in that list (which is typically ldap01). The if that server fails we will
move on to the next one in the list.

The only option that I can think of for the customer is that if he wants to
separate it by region then he could do it with DNS and remove iFolder from
the picture. In other words, lets say you have three reagons (A, B, and C).
You could setup each region with the same DNS name for LDAP, but have them
resolve to different ldap servers. This would of course require you to have
your DNS resolution segmented and local but long story short is that
iFolder doesn't have the capability that he is looking for.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

Thanks for your help. That's the info I was looking for.

Thanks again,
Joe

> OK. Here is the scoop. Now what Joe suggests actually makes sense. Ie
> have the USer LDAPs hit something like myclosestldap.acme.com. Then
> have that resolve differently, or just put it in each server's hosts
> file.
>
> ---------------
> Okay, here is the issue. The only attribute that is associated with the user
> is the iFolder_server, quota, etc.. The iFolder_LDAP is not associated to a
> user. When we use an iFolder server it simply goes though the list in
> alphabetical order according to the object name. It will use the first one
> in that list (which is typically ldap01). The if that server fails we will
> move on to the next one in the list.
>
> The only option that I can think of for the customer is that if he wants to
> separate it by region then he could do it with DNS and remove iFolder from
> the picture. In other words, lets say you have three reagons (A, B, and C).
> You could setup each region with the same DNS name for LDAP, but have them
> resolve to different ldap servers. This would of course require you to have
> your DNS resolution segmented and local but long story short is that
> iFolder doesn't have the capability that he is looking for.
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: default LDAP server?

Good. Just FYI:
http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=kc&externalId=10100543html&sliceId=&dialogID=4017171

Might help someone else who runs into that same problem.

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.