| Decisions | Information |
|---|---|
Global LDAP Settings |
Global LDAP settings identify the LDAP host that will be used to manage the iFolder servers. For basic information on LDAP and how it works with the iFolder architecture, see LDAP and iFolder. IMPORTANT: If you are installing more than one iFolder server, use the same Global LDAP Settings for all iFolder servers. |
LDAP Ports |
Choose port 389 if you want to use LDAP without SSL encryption or if your LDAP server does not support SSL. Port 389 is also a good choice if iFolder and LDAP are running on the same server (no communication or data is being transferred across the wire, so no encryption is necessary). If you are using port 389, the LDAP Group object must be marked to Allow Clear Text Passwords. To verify this, launch ConsoleOne® and locate the context where your server resides, right-click the LDAP Group object, click Properties, and check Allow Clear Text Passwords. Choose port 636 if you want to use SSL, which provides your network with encryption and security when data is transferred across the wire. If you choose port 636, make sure you have copied the ROOTCERT.DER file from your LDAP server's SYS:PUBLIC directory to your iFolder server SYS:PUBLIC directory prior to the iFolder installation. If you have chose port 636, you must enter the path to the LDAP trusted root certificate. This will be the path to the SYS:PUBLIC directory where you copied ROOTCERT.DER prior to the installation. For more information, see General Server Requirements. |
LDAP Login DN Context |
This is the context of the container where your Admin objects are located. This is also where the iFolder server and LDAP objects will be created. For more information on these objects, see Logging In to the iFolder Management Console. iFolder allows you to enter multiple contexts. After each context, insert a semicolon (;). Do not put any spaces between the contexts. HINT: Configuring LDAP user contexts is now done when you modify your Global Settings after the iFolder installation is complete. For more information, see Defining Your User Context. |
Admin Names |
Enter the names of all administrators who need rights to modify iFolder user account information via the Server Management Console. Administrators must have user accounts in your LDAP directory as well as Admin rights to the LDAP directory. If you are entering more than one name, separate the usernames with a semicolon, not spaces. For example, if you wanted John Smith and user Admin to have rights to administer the Server Management Console, you would enter admin;jsmith. IMPORTANT: At least one of the Admin users that you list must exist in a container in the LDAP Login DN Context. Usernames whose objects are located outside this context will not be able to access and use the Global Setting section of the iFolder Management Console. Also, Admins will need rights to add attributes to eDirectory objects if they want to use the User Management section of the iFolder Management Console. |