Results 1 to 6 of 6

Thread: LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3 LDAP

Threaded View

  1. #1
    Join Date
    Jun 2013

    LOGIN.UNAUTHORIZED iFolder 3.9 (or 3.8) + OpenSuse 11.3 LDAP

    Only a couple of our users cannot log into the web interface or client when running either iFolder 3.8 of iFolder 3.9, I cannot find any rhyme or reason as to why. I noticed this error during the simias-server-setup that I can't seem to make sense of; http://i.imgur.com/3mzp7NX.png

    From what I can tell the users are properly being pulled via LDAP as they all show up in the /admin interface. All of them are enabled and provisioned to the one and only server available. Please see the search contexts listed in the provided (scrubbed) Simias.config below. The three contexts all point to security groups in their own organizational units, which may be a bit excessive but this was done based on documentation I read at Support | How to use LDAP Groups Plugin functionality in iFolder. All of the users were discovered at the same time (time of installation) no user modifications were performed since, so it doesn't seem to be a sync delay issue. To note, the following settings are configured for LDAP sync in the /admin interface.

    Identity Sync: 360 minutes
    Grace Interval: 720 minutes

    Public address: filerepo.domain.us (Configured in public domain DNS to point to public IP that is NATed to local IP on firewall)
    Local address: filerepo.domain.us (Configured in local domain DNS forward lookup zone, so internally resolves to local IP)
    +Resolves properly internally and externally.

    This is deployed on a VM in our ESXi environment with a snapshot to revert to a fresh/updated installation of OpenSuse 11.3 with the rpm files stored in /ifolder-temp/, so I can revert and try different things easily if deemed necessary.

    /var/simias/data/simias/Simias.config output (scrubbed for privacy);
    <section name="EnterpriseDomain">
    <setting name="SystemName" value="Company-Repository" />
    <setting name="Description" value="Company File Repository System" />
    <setting name="AdminName" value="cn=ifolderadmin,ou=filerepo,ou=location,dc= domain,dc=local" />
    <section name="Server">
    <setting name="Name" value="filerepo" />
    <setting name="MultiByteServer" value="yes" />
    <setting name="PublicAddress" value="https://filerepo.domain.us/simias10" />
    <setting name="PrivateAddress" value="https://filerepo.domain.us/simias10" />
    <setting name="RAPath" value="/var/simias/data" />
    <section name="Authentication">
    <setting name="SimiasAuthNotRequired" value="Registration.asmx, Login.ashx, Simias.asmx:PingSimias, DomainService.asmx:GetDomainID, pubrss$
    <setting name="SimiasRequireSSL" value="yes" />
    <section name="Identity">
    <setting name="Assembly" value="Simias.ADLdapProvider" />
    <setting name="ServiceAssembly" value="Simias.Identity.ADLdapProvider" />
    <setting name="Class" value="Simias.ADLdapProvider.User" />
    <setting name="LdapSyncOnRestart" value="No" />
    <setting name="Assembly" value="Simias.SimpleServer" />
    <setting name="Class" value="Simias.SimpleServer.User" />
    <setting name="Assembly" value="Simias.MdbSync" />
    <setting name="Class" value="Simias.MdbSync.User" />
    <section name="StoreProvider">
    <setting name="CommonProxyLogPath" value="/var/opt/novell/log/proxymgmt/pxymgmt.log" />
    <setting name="Assembly" value="SimiasLib.dll" />
    <setting name="Type" value="Simias.Storage.Provider.Flaim.FlaimProvider " />
    <setting name="Path" value="/var/simias/data/simias" />
    <section name="LdapAuthentication">
    <setting name="LdapUri" value="ldaps://" />
    <setting name="ProxyDN" value="cn=ifolderproxy,ou=filerepo,ou=location,dc= domain,dc=local" />
    <section name="LdapProvider">
    <setting name="NamingAttribute" value="sAMAccountName" />
    <setting name="Search">
    <Context dn="cn=filerepo site1,ou=ca site1,ou=filerepo,ou=location,dc=domain,dc=local" />
    <Context dn="cn=filerepo site2,ou=ca site2,ou=filerepo,ou=location,dc=domain,dc=local" />
    <Context dn="cn=filerepo site3,ou=ok site3,ou=filerepo,ou=location,dc=domain,dc=local" />

    1) ALL users that are members of the 'filerepo site1' security group show up as active users in the /admin interface, but some cannot log in.
    2) 'filerepo site2' only has one user, a user created that is only part of this security group (not even Domain Users) - this user does NOT show up in the /admin interface.
    3) 'filerepo site3' only has one user, a different user created that is only part of this security group (not even Domain Users) - this user does NOT show up in the /admin interface.
    Last edited by dsmiley; 20-Jun-2013 at 12:31 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts