Hi All,

I had initially setup a new iFolder 3.8 on OpenSuse 11.3 *without* LDAP, but immediately found that the users cannot changer their password from /Settings.aspx page, unless it runs on LDAP.

I have since then been trying to setup LDAP to play nicely, but to no avail.

1. First, my simias-server-setup was failing:

ifolder:/home/sidhant # simias-server-setup

SIMIAS SERVER SETUP

This script configures a server installation of Simias to setup a new Simias system.


----- SERVER'S DATA PATH -----
Path to the server's data files


Server's Data Path? [/var/simias/data]: /storage/ifolder/data
ldapSearch Name: o=novell

----- SERVER NAME -----
The name of this server

Server Name? [ifolder.mydomain.edu]:
----- SSL -----
Select SSL/NONSSL communication for this server. Options
are SSL, NONSSL or BOTH

SSL? [SSL]: BOTH

----- PUBLIC URL -----
Public URL of this Simias Server


Public URL? [https://ifolder.mydomain.edu/simias10]:
----- PRIVATE URL -----
Private URL of this Simias Server


Private URL? [https://ifolder.mydomain.edu/simias10]:
----- SLAVE SERVER -----
Install into existing Simias Domain


Slave Server? [N]:
----- SYSTEM NAME -----
A name used to identify the Simias system to users.


System Name? [UbiComp_iFolder]:
----- SYSTEM DESCRIPTION -----
A detailed description of the Simias system for users.


System Description? [UbiComp Lab iFolder Enterprise System]:
----- USE KEY RECOVERY AGENT -----
Use Key Recovery Agents to recovery the encryption
key if the user forgets the pass-phrase used for encryption?


Use Key Recovery Agent? [Y]:
----- RECOVERY AGENT CERTIFICATE PATH -----
Path to the Recovery agent certificate's.


Recovery Agent Certificate Path? [/var/simias/data]: /storage/ifolder/data

----- USE LDAP -----
Use LDAP to provision and authenticate users?


Use LDAP? [Y]:

----- LDAP SERVER -----
The host or ip address of an LDAP server. The server
will be searched for users to provision into Simias
and will be used by Simias for authentication.


LDAP Server? [ifolder.mydomain.edu]:

----- LDAP SECURE -----
Require a secure connection between the LDAP server
and the Simias server


LDAP Secure? [Y]: N

----- LDAP ADMIN DN -----
An existing LDAP user, used by this script only, to
connect to the LDAP server and create and/or check
required LDAP users for Simias.


LDAP Admin DN? [cn=admin,o=novell]:
LDAP Admin Password? [novell]: com1

----- SYSTEM ADMIN -----
The Simias default administrator. If the system is
configured to use an external identity source, the
distinguished name (dn) should be used.

System Admin? [cn=admin,o=novell]: admin
System Admin Password? [novell]: com1

----- LDAP PROXY DN -----
An LDAP user that will be used to provision the users
between Simias and the LDAP server. If this user
does not already exist in the LDAP tree it will be
created and granted read rights at the root of the
tree. The user's dn and password are stored by Simias.

LDAP Proxy DN? [cn=iFolderProxy,o=novell]:
LDAP Proxy Password? [novell]:

----- LDAP SEARCH CONTEXT -----
A list of LDAP tree contexts (delimited by '#') that
will be searched for users to provision into Simias.

LDAP Search Context? [o=novell]:

----- NAMING ATTRIBUTE -----
The LDAP attribute you want all users to login using.
I.E. 'cn' or 'email'.

Naming Attribute? [cn]:

----- CONFIGURE APACHE -----
Configure Simias to run behind Apache

Configure Apache? [N]:

----- LDAP GROUPS PLUGIN -----
Configure Ldap Groups Plugin

Ldap Groups Plugin? [N]:

Working...

Configuring /storage/ifolder/data/simias/Simias.config...
SetupSimias - Done
Configuring /etc/apache2/conf.d/simias.conf...
Skipped (Apache & Mono Only)
Installing certificate from ldap://ifolder.mydomain.edu/...

Skipped (Not Supported)
Connecting to ldap://ifolder.mydomain.edu/...
Done
Querying for directory type...
get directory type

objectClass: value :top
OpenLDAP
Creating admin...
Creating proxy adminSkipped (User Exists)
Creating cn=iFolderProxy,o=novell...
Checking cn=iFolderProxy,o=novell...
Failed to connect using the Proxy user cn=iFolderProxy,o=novell, creating a new proxy user...
Old Proxy user cn=iFolderProxy,o=novell...
New Proxy user cn=iFolderProxy1,o=novell...
Creating cn=iFolderProxy1,o=novell...
Creating proxy cn=iFolderProxy1,o=novellChecked cn=iFolderProxy1,o=novell...
Checking admin...
Failed

LdapException: (34) Invalid DN Syntax
LdapException: Server Message: invalid DN
LdapException: Matched DN:
at Novell.Directory.Ldap.LdapResponse.chkResultCode () [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.chkResultCode (Novell.Directory.Ldap.LdapMessageQueue queue, Novell.Directory.Ldap.LdapConstraints cons, Novell.Directory.Ldap.LdapResponse response) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.SByte[] passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (Int32 version, System.String dn, System.String passwd, Novell.Directory.Ldap.LdapConstraints cons) [0x00000] in <filename unknown>:0
at Novell.Directory.Ldap.LdapConnection.Bind (System.String dn, System.String passwd, AuthenticationTypes authenticationTypes) [0x00000] in <filename unknown>:0
.. Truncated..

FAILED
(2) I figured that when using LDAP, the "System Admin" also needs to be in DN form. So I did this, which made the script execute completely:

ifolder:/home/sidhant # simias-server-setup
... Truncated ...

----- SYSTEM ADMIN -----
The Simias default administrator. If the system is
configured to use an external identity source, the
distinguished name (dn) should be used.


System Admin? [admin]: cn=rootuser,o=novell
System Admin Password? [novell]: com1

..Truncated, same as before..

Configuring /storage/ifolder/data/simias/Simias.config...
SetupSimias - Done
Configuring /etc/apache2/conf.d/simias.conf...
Done
Installing certificate from ldap://ifolder.mydomain.edu/...

Skipped (Not Supported)
Connecting to ldap://ifolder.mydomain.edu/...
Done
Querying for directory type...
get directory type

objectClass: value :top
OpenLDAP
Creating cn=rootuser,o=novell...
Creating proxy cn=rootuser,o=novellDone
Creating cn=iFolderProxy,o=novell...
Creating proxy cn=iFolderProxy,o=novellChecked cn=iFolderProxy,o=novell...
Checking cn=rootuser,o=novell...
Done
Adding LDAP settings to /storage/ifolder/data/simias/Simias.config...
Checking cn=iFolderProxy,o=novell...
Done
Done
Configuring User Movement plugin..

Setting up Log4Net file...
Done
Setting up permissions...
Done.
SUCCESS

(3) After this I checked my LDAP Directory using phpldapadmin, and I see this (picture):
http://i54.tinypic.com/20h94jp.jpg

(4) No, when I try to login using "rootuser" and the password mentioned in script, I cannot. I even tried logging in with user admin and iFolderProxy. See log:


ifolder:/storage/ifolder/data/simias # tail -f log/Simias.log
2011-05-04 15:36:13,718 [User Move thread] DEBUG Simias.UserMovement.iFolderUserMove - UpdateUserMoveQueue: Updating user Reprovision queue, There are 0 users to be Reprovisioned
2011-05-04 15:36:37,974 [1795737360] DEBUG Simias.Security.Web.AuthenticationModule - In verify[rincipalfromrequest: soapmethod is GetAuthenticatedUser
2011-05-04 15:36:37,975 [1795737360] DEBUG Simias.DomainProvider - domainID f84d4c34-b480-40ea-b1db-20a4f21b6101
2011-05-04 15:36:37,975 [1795737360] DEBUG Simias.Server.Authentication - Authenticate called
2011-05-04 15:36:37,976 [1795737360] DEBUG Simias.Server.Authentication - rootuser is not member of simias
2011-05-04 15:36:43,719 [User Move thread] DEBUG Simias.UserMovement.iFolderUserMove - UpdateUserMoveQueue: Updating user Reprovision queue, There are 0 users to be Reprovisioned
2011-05-04 15:36:47,260 [1810642704] DEBUG Simias.Security.Web.AuthenticationModule - In verify[rincipalfromrequest: soapmethod is GetAuthenticatedUser
2011-05-04 15:36:47,261 [1810642704] DEBUG Simias.DomainProvider - domainID f84d4c34-b480-40ea-b1db-20a4f21b6101
2011-05-04 15:36:47,261 [1810642704] DEBUG Simias.Server.Authentication - Authenticate called
2011-05-04 15:36:47,264 [1810642704] DEBUG Simias.OpenLdapProvider.User - VerifyPassword for: admin
2011-05-04 15:36:47,265 [1810642704] DEBUG Simias.OpenLdapProvider.User - failed to get the user's distinguished name
2011-05-04 15:36:47,265 [1810642704] INFO Simias.Server.Authentication - UnknownUser : admin
2011-05-04 15:36:47,270 [1810642704] DEBUG Simias.Server.Authentication - id.Auth : localhost ip is :https://ifolder.mydomain.edu/simias10
2011-05-04 15:36:47,271 [1810642704] DEBUG Simias.Server.Authentication - id.Auth : this persons homeadd ip is :https://ifolder.mydomain.edu/simias10
2011-05-04 15:36:59,580 [1795737360] DEBUG Simias.Security.Web.AuthenticationModule - In verify[rincipalfromrequest: soapmethod is GetAuthenticatedUser
2011-05-04 15:36:59,581 [1795737360] DEBUG Simias.DomainProvider - domainID f84d4c34-b480-40ea-b1db-20a4f21b6101
2011-05-04 15:36:59,581 [1795737360] DEBUG Simias.Server.Authentication - Authenticate called
2011-05-04 15:36:59,582 [1795737360] DEBUG Simias.Server.Authentication - iFolderProxy is not member of simias
2011-05-04 15:37:13,720 [User Move thread] DEBUG Simias.UserMovement.iFolderUserMove - UpdateUserMoveQueue: Updating user Reprovision queue, There are 0 users to be Reprovisioned


Note: I replaced IP with ifolder.mydomain.edu before posting.

Any help is *greatly* appreciated.

Thank you!
Sidhant