Managing the iFolder System

Use this interface to manage Novell iFolder^® 3.7 or later services for the selected server.

This help discusses the following information:

System Settings
Reprovision Status
Administrators Tab
Policies

System Settings

The system settings section displays the following information:

Parameter	Description
Name	The name assigned to the iFolder domain. To edit the name of the iFolder domain, specify the new name and click Save. To cancel the changes made, click Cancel.
Description	A short description about the iFolder Domain. To edit the system description, specify the new description and click Save. To cancel the changes made, click Cancel.
SSL Option	Displays the mode of communication between the iFolder Servers, iFolder Client, iFolder Web Access Console, and iFolder Web Admin Console.
Total Users (view only)	Reports the total number of users in the iFolder domain.
Total iFolders (view only)	Reports total number of iFolders that belong to the iFolder domain.
Full Name Display Order	Enables you to set the order in which a user's full name is displayed. Select the (First Name, Last Name) option to display the first name followed by the last name. Or, to display the last name followed by the first name, select the (Last Name, First Name) option. For the changes to take effect, either a scheduled LDAP sync must take place or you must do a manual LDAP sync. To do a manual LDAP sync: In the Web admin console, click the Servers tab, select the server, then go to the Serverdetails page. In the LDAP Details section, click the Sync Now button.
Manage Group Quota Using	Enables you to define how the aggregate disk quota set for groups is managed. Select the Administrator Console option to enable administrators to explicitly manage the disk quota for groups and members of a group. When you select this option, the disk quota assigned to the users is restricted so that it does not exceed the aggregate disk usage of the group. By default, the Administrator Console option is selected. Select the Sync Engine option to enable the sync engine to manage the aggregate disk quota on groups in the back end. The sync engine ensures that the disk quota for all users in a group does not exceed the aggregate disk quota of the group.
Segregated Groups	Enables you to segregate groups into independent entities and ensure that members of one group are not accessible by members of another group for sharing iFolders. Select the Create Segregated Groups check box to enable sharing of iFolders only among the members of the same group. Note: An LDAPGroup cannot be a Secondary or Primary Administrator.

Reprovision Status

You can move users across different servers. With this interface, you can view the reprovisioning status. Click Reprovision Status to view the reprovision status for each user.

iFolder Administrators

The iFolder Admin user is the primary administrator of the iFolder enterprise server. Whenever iFolders are orphaned, ownership is transferred to the iFolder Admin user for reassignment to another user or for deletion. You initially specify the iFolder Admin user during the iFolder enterprise server configuration in YaST.

The iFolder Admin user must be provisioned in order to enable the iFolder Admin to perform management tasks. iFolder tracks this user by the LDAP object GUID, allowing it to belong to any LDAP container or group in the tree, even those that are not identified as Search DNs. The user’s movement can be tracked anywhere in the tree because it is known by the GUID, not by the user DN.

The iFolder Admin right can be assigned to other users so that they can also manage iFolder services for the selected server. Only users who are in one of the DNs specified in the LDAP Search DN are eligible to be equivalent to the iFolder Admin user.

If you assign the iFolder Admin right to other users, those users are governed by the roster and Search DN relationship. The user is removed from the roster and stripped of the iFolder Admin right if you delete the user, remove the user’s DN from the list of Search DNs, or move the user to a DN that is not in the Search DNs.

The iFolder Admin user or the primary administrator creates the secondary administrator and assigns groups to the secondary administrator.

IMPORTANT: You cannot assign the Admin user right to an LDAPGroup.

The System page displays the Primary and Secondary Administrator tabs. The following parameters are common to both these tabs:

Parameter	Description
Type	Displays the Admin user icon.
User Name	The username assigned to the Admin user account, such as jsmith or john.smith@example.com.
Full Name	The first and last name of the Admin user account.

Primary Administrator

To view or edit primary administrator details, click the Primary Administrator tab, then click the Admin user link to open the User Details page. The User Details page displays the iFolders owned or shared by the Admin user. Click the All tab to list all the iFolders, both owned and shared. To view the iFolder owned by the user, click the Owned tab. Shared tab lists all the shared iFolders for this particular user account. You can also use the User Details page to change the policy settings for the selected Admin user.

Adding and Deleting the iFolder Admin

1. Locate the Admin user you want to manage, then select the check box next to it.

• Click Delete to delete the selected Admin user.

  If you delete the iFolder Admin right from the username you used to log in to the server, you are immediately disconnected. You must log in to the iFolder server under a different username with the iFolder Admin right to continue managing the server.

  IMPORTANT: You cannot delete the Admin user configured during Simias server setup.

• Click Add to open a list of iFolder users.

  Locate the user you want to add as Admin, then select the check box next to it and click Add.

  You can assign the iFolder Admin right to multiple users.

Policies

The following table lists the system policies you can manage for any given iFolder System. Click Save to apply the modifications:

Parameter	Description
iFolder per users	Specifies the maximum number of iFolders allowed per user. After you apply this policy, each user is limited to owning a certain number of iFolders. The users who exceed the limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders. The policy setting does not affect the number of iFolders a user already owns. If the number of iFolders owned by a user already exceeds the limit that you set, he or she can still own those iFolders.
Disk Quota	Specifies the maximum space that a iFolder system is allowed to use. System-wide settings supersede user policies. Deselect the check box to disable a system-wide quota. Select the check box to enable a system-wide quota, then specify the total space quota (in MB) for a user's account. If you enable a system-wide quota that is less than a user's current total space for iFolder data, the users's quotas data stops synchronizing until the data is decreased below the limit or until the quota is increased to a value that is larger than the user's total space consumed. Enabling or modifying the system-wide quota does not affect existing individual user quotas. Any existing user quota always overrides a system-wide quota, whether the user quota is lower or higher than the system-wide quota. Default value: Disabled, No limit
File Size	Specifies the maximum file size that can be synchronized. If a quota is specified, the effective maximum file size limit is the same as the quota. Deselect the check box to disable the Maximum File Size Limit policy. If the policy is disabled, the value is reported as No Limit. Select the check box to enable the Maximum File Size Limit policy, then specify the maximum allowed file size in MB. If a quota is specified, the default maximum file size limit is the same as the quota. Consider the following demands on your system to determine an appropriate file size limit for iFolders in your environment: Intended use How often the largest files are modified How the applications that use the largest files actually save changes to the file (whole file or deltas) How frequently the files are synchronized by each member How many users share an iFolder Whether users access iFolder on the local network or across WAN or Internet connection The average and peak available bandwidth Even if you set a very large value as a file size limit and if there is no quota to limit file sizes, the practical limit is governed by the file system on the user's computer. For example, FAT32 volumes have a maximum file size of 4 GB minus 1 byte. Default value: Disabled, No limit
Excluded Files	Specify whether to restrict file types that are synchronized by exclusion filters. Type a file extension, then click Add to add it to the list. To exclude a file type from synchronization, select the check box adjacent to the file type in the restricted file type list, then click Deny. To allow a file type to be synchronized, select the check box adjacent to the file type in the restricted file type list, then click Allow. To delete a file type from the restricted file type list, select the check box adjacent to the file type, then click Delete.
Synchronization	Specifies the minimum synchronization interval in minutes. If this option is enabled, specifies the minimum interval for synchronizing iFolder data for each user account. Larger values are more restrictive. If the option is disabled, the default value is 5 minutes.
Encryption	Specifies the encryption policy for the iFolder system. System-wide settings supersede user policies. On Select On to enable the encryption feature for the iFolder system. This permits a user to set an encryption policy for his or her iFolders. On enabling the encryption feature it cannot be turned off. Enforced Select Enforced to enable the encryption feature for all the users. When the encryption policy is set to Enforced, a user cannot change the encryption settings for his or her iFolders.
Sharing	On By default, iFolder sharing is enabled. Deselect On to disable sharing for the iFolder system. After applying this policy, users of this iFolder system cannot share their iFolders with others. However, you can change the policy settings at the user level or at the LDAPGroup level. Enforce Select Enforce to enforce the sharing policy you have set for the entire system. You can enforce both Enable Sharing and Disable Sharing. When you enforce Disable Sharing, policy settings for sharing at iFolder and User level are automatically disabled and you are not allowed to change the settings. However, you are allowed to set the policy for the Revoke option. IMPORTANT: You cannot enable this option unless you set the Sharing option to On. Revoke Select Revoke to remove the shared members of all the iFolders under the iFolder system.

Secondary Administrator

The Secondary Administrator tab enables you to add, edit, or delete the secondary administrator details.

To add a secondary administrator:

1. Click the Secondary Administrator tab, then click Add to display the list of iFolder users.
2. Select the user that you want to designate as a secondary administrator and click Next.
3. To assign a group to the secondary administrator, select an option from the Select Group list. If the selected group has the aggregate disk quota limit set, then Set the Aggregate Disk Quota Limit For Entire Group field is populated with that value. Otherwise, the field will remain empty.
4. Set the policy rights for the secondary administrator.

   The following table lists the policy rights that you can set for the secondary administrator.

   Parameter	Description
   iFolder Per User Policy	Specifies the maximum number of iFolders allowed per user. After you apply this policy, each user is limited to owning a certain number of iFolders. The users who exceed the limit receive an error message about the policy violation. If the limit is zero, users cannot create any iFolders. This policy setting does not affect the number of iFolders a user already owns. If the number of iFolders owned by a user already exceeds the limit that you set, the user can still own those iFolders. By default, the Allow check box is selected for the iFolder Per User policy. This means that the secondary administrator has the right to set the iFolder per user policy for the users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
   Disk Quota Policy	Specifies the maximum space that a user is allowed to use. By default, the Allow check box is selected for the disk quota policy. This means that the secondary administrator has the right to set the disk quota policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
   File Size Policy	Specifies the maximum file size that can be synchronized. By default, the Allow check box is selected for the file size policy. This means that the secondary administrator has the right to set the file size policy for users of the designated group. To deny this right to the secondary administrator, you must clear the Allow check box.
   Sync Interval Policy	Specifies the minimum synchronization interval in minutes. By default, the Allow check box is selected for the sync interval policy. This means that the secondary administrator has the right to set the sync interval policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
   Excluded File List Policy	Specifies the file types that are restricted from synchronization. By default, the Allow check box is selected for the excluded file list policy. This means that the secondary administrator has the right to set the excluded file list policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
   Sharing	Specifies if iFolders can be shared among users. By default, Allow to modify sharing policy check box is selected for the sharing policy. This implies that the secondary administrator has the right to modify the sharing policy for users of the designated group. To deny this right to the secondary administrator, you must clear the Allow check box.
   Encryption Policy	Specifies the encryption policy for the iFolder system. By default, Allow to modify encryption policy check box is selected for the encryption policy. This means that the secondary administrator has the right to modify the encryption policy for users of the designated group. To deny this right to the secondary administrator, you must deselect the Allow check box.
   Provisioning Rights	Specifies the provisioning rights available to a secondary administrator. By default, the Allow user provisioning check box is selected. This means that a secondary administrator can provision the users of the designated group to any server present in the iFolder multi server setup. To deny this right to the secondary administrator, deselect the Allow user provisioning check box. By using the Allow enabling/disabling of users check box, you can assign the secondary administrator the right to enable or disable users of the designated group. By default, this check box is selected. To deny the secondary administrator this right, deselect the Allow enabling/disabling of users check box.
   Rights on iFolders	Specifies the secondary administrator’s rights on ifolders owned by users of the designated group. To allow the secondary administrator to own orphaned iFolders, ensure that the Allow ownership of orphaned iFolders check box is selected. By default this check box is selected. To deny this right to the secondary administrator, clear the check box. Using the Allow Enabling/Disabling of iFolders check box, you can assign the secondary administrator the right to enable or disable the iFolders owned by users of the designated group. By default, this check box is selected. To deny this right to the secondary administrator, clear the Allow Enabling/Disabling of iFolders check box. Using the Allow to modify rights of shared iFolder members check box, you can assign the secondary administrator the right to modify the rights of shared iFolder members. By default this check box is selected. To deny this right to the secondary administrator, clear the Allow to modify rights of shared iFolder members check box. Using the Allow permission to delete iFolders check box, you can assign the secondary administrator the permission to delete iFolders. By default this check box is selected. To deny this permission to the secondary administrator, clear the Allow permission to delete iFolders check box.

 

5. Click the Save button to save your settings.
6. After successfully assigning a group to the secondary administrator, click OK to return to the Systems page or click Repeat to assign more groups to the secondary administrator. 

To edit the secondary administrator details:

1. Click the Secondary tab to display the secondary administrator details.

2. Select a secondary administrator and click Edit to display the list of groups monitored by the secondary administrator.

3. Select a group and click Edit to display the list of secondary administrator's rights on the group. Edit the rights of the group and click Save to save your changes.
    

To delete a secondary administrator:

1. Click the Secondary tab to display the secondary administrator details.
2. Select a secondary administrator and click Delete to display the list of groups monitored by the secondary administrator.
3. Select all groups and click Delete. Deleting all groups owned by the secondary administrator also deletes the secondary administrator.
    

 

Related Topics

User Details
Managing iFolder Details
Managing iFolder Servers
Managing iFolders
Managing a User Account
Reports

 

A trademark symbol (^®, ^TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.