Anonymous_User Absent Member.
Absent Member.
2399 views

"You are not authorized to use iFolder"

Hi!
I've installed and configured iFolder on my NW6.5SP5-server.

iFolder Client(Latest) is installed and i Enabled "admin" to use iFolder.
If i try to login iFolder using admin, then i get this msg;
You are not authorized to use iFolder

What have i forgot to do?

--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
Labels (1)
0 Likes
12 Replies
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Ronny Simonsen,

> Hi!
> I've installed and configured iFolder on my NW6.5SP5-server.
>
> iFolder Client(Latest) is installed and i Enabled "admin" to use iFolder.
> If i try to login iFolder using admin, then i get this msg; You are not
> authorized to use iFolder
>
> What have i forgot to do?


After having enabled the user through the iFolder Admin page, the user
needs to login once using the iFolder Client, in order to initiate the
iFolder account. Once that's done the user can login through the iFolder
web interface. Have you performed these steps?

--
___________________________________________
Niclas Ekstedt, CNA/CNE/CNS/CLS
Systems Engineer/NSC Sysop
Telindus Göteborg AB

Telindus. Change things your way
http://www.telindus.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Yes of course!
I first enabled iFolder in iFolder Admin-page.
Then i try to login using latest iFolder Client and then i get this msg.

RS

På Wed, 25 Oct 2006 09:42:06 +0200, skrev Niclas Ekstedt
<niclas.ekstedt@nospam.telindus.se>:

> Ronny Simonsen,
>
>> Hi!
>> I've installed and configured iFolder on my NW6.5SP5-server.
>>
>> iFolder Client(Latest) is installed and i Enabled "admin" to use
>> iFolder.
>> If i try to login iFolder using admin, then i get this msg; You are not
>> authorized to use iFolder
>>
>> What have i forgot to do?

>
> After having enabled the user through the iFolder Admin page, the user
> needs to login once using the iFolder Client, in order to initiate the
> iFolder account. Once that's done the user can login through the iFolder
> web interface. Have you performed these steps?
>




--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Ronny Simonsen,
> Yes of course!
> I first enabled iFolder in iFolder Admin-page.
> Then i try to login using latest iFolder Client and then i get this msg.
>

OK. Can we seen an LDAP trace?

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

In article <op.thysarvaazysw0@ronnys.oscarsborg.vgs.no>, Ronny Simonsen
wrote:
> If i try to login iFolder using admin, then i get this msg;
> You are not authorized to use iFolder
>

More than one Admin account in the tree?

Craig Johnson
Novell Support Connection SysOp

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

I did now an LDAP Trace and i can see som -669 for context:
cn=admin,o=Tomcat-roles
Then i check in Tomcat-roles and there is a group called "admin" and maybe
this is causing problem.

Then i tried another user.
I activate iFolder in iFolder-admin page and try to authenticate to this
user in iFolder Client.
I get the same result; "You are not authorized to use iFolder".

Then i do a LDAP Trace for this user and now there is no error-msg in the
Trace-list. It LDAP Search find the right context for the user and its
impossible to read out any errors from the trace.

Now im out of idees!

RS

I will pass the last LDAP Trace;
BEGIN TRACE
#####
Thursday, 26 Oct 2006
10:27:43 8EB29100 LDAP: New TLS connection 0xae628ee0 from
10.101.72.6:22191, monitor = 0x2bd, index = 28
10:27:43 96C471E0 LDAP: Monitor 0x2bd initiating TLS handshake on
connection 0xae628ee0
10:27:43 A4BD1040 LDAP: DoTLSHandshake on connection 0xae628ee0
10:27:43 A4BD1040 LDAP: BIO ctrl called with unknown cmd 7
10:27:43 A4BD1040 LDAP: Completed TLS handshake on connection 0xae628ee0
10:27:43 A4BD1040 LDAP: DoBind on connection 0xae628ee0
10:27:43 A4BD1040 LDAP: Bind name:cn=iFolder_ServerAgent,O=ovgs,
version:3, authentication:simple
10:27:43 A4BD1040 LDAP: Sending operation result 0:"":"" to connection
0xae628ee0
10:27:43 A4BD1040 LDAP: DoSearch on connection 0xae628ee0
10:27:43 A4BD1040 LDAP: Search request:
base: "O=ovgs"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=testm)"
attribute: "cn"
10:27:43 A4BD1040 LDAP: Sending search result entry
"cn=testm,ou=mekanisk,ou=Elever,o=ovgs" to connection 0xae628ee0
10:27:43 A4BD1040 LDAP: Sending operation result 0:"":"" to connection
0xae628ee0
10:27:43 A4BD1040 LDAP: DoSearch on connection 0xae628ee0
10:27:43 A4BD1040 LDAP: Search request:
base: "cn=testm,ou=mekanisk,ou=Elever,o=ovgs"
scope:0 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(objectClass=user)"
no attributes
10:27:43 A4BD1040 LDAP: Empty attribute list implies all user attributes
10:27:43 A4BD1040 LDAP: Sending operation result 0:"":"" to connection
0xae628ee0
10:27:43 A4BD1040 LDAP: DoUnbind on connection 0xae628ee0
10:27:43 AABC5240 LDAP: DoSearch on connection 0x94e81540
10:27:43 AABC5240 LDAP: Search request:
base: "o=ovgs"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=testm)"
attribute: "cn"
10:27:43 96C471E0 LDAP: Monitor 0x2bd found connection 0xae628ee0 ending
TLS session
10:27:43 A7ED1160 LDAP: Preempting operation 0x0:0x0 on connection
0xae628ee0 before processing because connection is closing
10:27:43 AABC5240 LDAP: Sending search result entry
"cn=testm,ou=mekanisk,ou=Elever,o=ovgs" to connection 0x94e81540
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0x94e81540
10:27:43 AABC5240 LDAP: DoBind on connection 0xae628700
10:27:43 AABC5240 LDAP: Bind name:cn=testm,ou=mekanisk,ou=Elever,o=ovgs,
version:3, authentication:simple
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0xae628700
10:27:43 AABC5240 LDAP: DoSearch on connection 0x94e81540
10:27:43 AABC5240 LDAP: Search request:
base: "cn=testm,ou=mekanisk,ou=Elever,o=ovgs"
scope:0 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(objectClass=iFolderUser)"
no attributes
10:27:43 A7ED1160 LDAP: Connection 0xae628ee0 closed
10:27:43 AABC5240 LDAP: Empty attribute list implies all user attributes
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0x94e81540
10:27:43 AABC5240 LDAP: DoSearch on connection 0xa567a000
10:27:43 AABC5240 LDAP: Search request:
base: "o=ovgs"
scope:2 dereference:0 sizelimit:0 timelimit:10 attrsonly:0
filter: "(cn=testm)"
attribute: "cn"
10:27:43 AABC5240 LDAP: Sending search result entry
"cn=testm,ou=mekanisk,ou=Elever,o=ovgs" to connection 0xa567a000
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0xa567a000
10:27:43 AABC5240 LDAP: DoBind on connection 0x42937ee0
10:27:43 AABC5240 LDAP: Bind name:cn=testm,ou=mekanisk,ou=Elever,o=ovgs,
version:3, authentication:simple
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0x42937ee0
10:27:43 AABC5240 LDAP: DoSearch on connection 0xa567a000
10:27:43 AABC5240 LDAP: Search request:
base: "cn=testm,ou=mekanisk,ou=Elever,o=ovgs"
scope:0 dereference:0 sizelimit:0 timelimit:20 attrsonly:0
filter: "(objectClass=iFolderUser)"
no attributes
10:27:43 AABC5240 LDAP: Empty attribute list implies all user attributes
10:27:43 AABC5240 LDAP: Sending operation result 0:"":"" to connection
0xa567a000
#####
END TRACE


På Wed, 25 Oct 2006 18:45:12 +0200, skrev Anders Gustafsson
<dalton@nomail.to.me>:

> Ronny Simonsen,
>> Yes of course!
>> I first enabled iFolder in iFolder Admin-page.
>> Then i try to login using latest iFolder Client and then i get this msg.
>>

> OK. Can we seen an LDAP trace?
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2195
>




--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

In article <op.th0s95i5azysw0@ronnys.oscarsborg.vgs.no>, Ronny Simonsen
wrote:
> I did now an LDAP Trace and i can see som -669 for context:
>

669 is an invalid password error.


Craig Johnson
Novell Support Connection SysOp

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Hi!
I know! Somehow iFolder and LDAP is also doing a search in OU=Tomcat-roles
Under Tomcat-roles there is a group called "admin" and this is probebly
why i get -669 for user "admin".
Then i tried with another user "testm" and did a new LDAP Trace and now i
dont get any -669
Im refering to my last message there i paste the tracelog for user "testm".

RS

På Thu, 26 Oct 2006 11:44:14 +0200, skrev Craig Johnson
<craigsj@ix.netcom.com>:

> In article <op.th0s95i5azysw0@ronnys.oscarsborg.vgs.no>, Ronny Simonsen
> wrote:
>> I did now an LDAP Trace and i can see som -669 for context:
>>

> 669 is an invalid password error.
>
>
> Craig Johnson
> Novell Support Connection SysOp
>




--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

In article <op.th2kqxluazysw0@ronnys.oscarsborg.vgs.no>, Ronny Simonsen
wrote:
> I know! Somehow iFolder and LDAP is also doing a search in OU=Tomcat-roles
>

You should be able to change the search context in iFolder. But perhaps it
would be easy to rename the tomcat admin user?

Craig Johnson
Novell Support Connection SysOp

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Well! As i can see, Tomcat are use the same eDir-admin as admin-user.
I guess Tomcat can have its own admin-user, but i dont know how to create
and configure it.

The real case is that a normal user can't get access to iFolder and this
is whats about now.
If i try to login to iFolder using a normal user, i dont get any error in
LDAP-trace, but i still get msg "You are nor authorized to use iFolder",
even if i Enable this user for iFolder.

RS

På Sat, 28 Oct 2006 06:21:24 +0200, skrev Craig Johnson
<craigsj@ix.netcom.com>:

> In article <op.th2kqxluazysw0@ronnys.oscarsborg.vgs.no>, Ronny Simonsen
> wrote:
>> I know! Somehow iFolder and LDAP is also doing a search in
>> OU=Tomcat-roles
>>

> You should be able to change the search context in iFolder. But perhaps
> it
> would be easy to rename the tomcat admin user?
>
> Craig Johnson
> Novell Support Connection SysOp
>




--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Ronny Simonsen,
> Well! As i can see, Tomcat are use the same eDir-admin as admin-user.
> I guess Tomcat can have its own admin-user, but i dont know how to create
> and configure it.


Well, strictly. Tomcat uses "roles" an in NW they map to groups under the OU
"Tomcat-roles", so any user you add to the admin grou there should be a
Tomcat Admin.

> The real case is that a normal user can't get access to iFolder and this
> is whats about now.
> If i try to login to iFolder using a normal user, i dont get any error in
> LDAP-trace, but i still get msg "You are nor authorized to use iFolder",
> even if i Enable this user for iFolder.


So, if we concentrate on that problem. If you enable iFolder logging, what do
you see? Ie do you see:

IS_USER [0]
LOCATE_SERVER homer unprovisioned user


- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Hi!
Ok! First how do a enable iFolder logging?

RS


På Wed, 01 Nov 2006 11:01:22 +0100, skrev Anders Gustafsson
<dalton@nomail.to.me>:


> So, if we concentrate on that problem. If you enable iFolder logging,
> what do
> you see? Ie do you see:
>
> IS_USER [0]
> LOCATE_SERVER homer unprovisioned user
>
>
> - Anders Gustafsson, Engineer, CNE6, ASE





--
Best regard,
Ronny Simonsen
Narvik - Norway

Using Opera M2, http://www.opera.com/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "You are not authorized to use iFolder"

Ronny Simonsen,
> Ok! First how do a enable iFolder logging?
>

IFolder simple troubleshooting steps:

1. iFolder 2.x needs eDirectory 8.6.2 or better for LDAP. It will not
work with NW 5.1 DS 8.82 for example.
2. Check that the admin name in the iFolder server config file is
correct
3. Use the clear-text LDAP (389) port for troubleshooting
(SSL/TLS tab, turn off "require TLS", see below)
4. Have iFolder log its screen to a file (below)
5. Turn on LDAP tracing on the LDAP Server Object
(Screen options tab, check at least "connection" and "response")
6. LOAD DSTRACE. Turn off everything and turn on LDAP, then try to log
in.
7. Does it work if you bypass the proxy in your browser?

Does the new iFolder help?
http://support.novell.com/servlet/filedownload/uns/pub/ifolder213.exe/
(This is for 6.0. For 6.5, use SP2)

Note on 4:
Change startifolder.ncf to read:
LOAD ADDRESS SPACE = IFOLDER APACHE -s -f
SYS:APACHE\IFOLDER\SERVER\HTTPD.CONF
(all on one line)

Note on 3:
1. LDAP Server Object, SSL/TLS Config Page
Untick "Require TLS for All Operations"
2. LDAP Group Object
Untick "Require TLS for simple binds with password"

Note on 6:
LOAD DSTRACE
DSTRACE -ALL
DSTRACE +LDAP
DSTRACE SCREEN ON
DSTRACE FILE On

The trace file is called DSTRACE.LOG and is in sys:system

For some helpful tips:
http://nscsysop.hypermart.net/ifolder.html
http://www.gordonross.org.uk/iFolder.html

- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

Using VA 5.51 build 315 on Windows 2000 build 2195

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.