Using Synchronize Now To Remove Users Effective Immediately; Controlling Access To The Ifolder Data Store; Controlling Access To The Ifolder Server Configuration Files; Controlling Access To And Backing Up The Ifolder Audit Logs - Novell IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006 Administrator's Manual

The password stored on the system for the iFolder Proxy user must match the password stored in the
iFolder Proxy user's eDirectory object. If you ever modify the iFolder Proxy user password in
TM
eDirectory, you must also change the password stored on the system. For example, if you change the
iFolder Proxy user assignment, or if you want to set a longer password for the iFolder Proxy user,
you must modify the values in iFolder's LDAP settings or iFolder cannot access the LDAP server to
update the user list. For information, see "Modifying the iFolder Proxy User Password" in the
Novell iFolder 3.x Administration Guide.
To prevent unauthorized access to the Simias.config file, administrators of the iFolder 3.x server
computer must use every precaution to not inadvertently assign file system rights to the /var/
lib/wwwrun/.local/share/simias directory or the /home/wwwrun/.local/
share/simias directory to unauthorized users.
To protect the password when authenticating to the LDAP server, make sure to configure the LDAP
Server Port and Port Is Secure options in the iFolder LDAP settings for secure (default)
communications between the servers and the LDAP server. For information, see "Modifying the
iFolder LDAP Settings" in the Novell iFolder 3.x Administration Guide.
2.13 Using Synchronize Now to Remove Users
Effective Immediately
The iFolder User list is periodically updated based on the LDAP synchronization interval. Whenever
you remove users from a LDAP Search DN, or remove contexts from the Search DN list, you should
synchronize the list immediately using Update and Synchronize now to enforce your changes. For
information, see "Synchronizing the iFolder User List with the LDAP Server" in the Novell iFolder
3.x Administration Guide.

2.14 Controlling Access to the iFolder Data Store

The iFolder server stores the database and user files under the /var/opt/novell/ifolder3/
simias directory. By default, the Apache Server user "wwwrun" owns those files. Administrators
of the iFolder 3.x server machine must use every precaution to not inadvertently assign rights to
unauthorized users.
2.15 Controlling Access to the iFolder Server
Configuration Files
The iFolder server stores the configuration files in the /var/lib/wwwrun/.local/share/
simias directory (or in the /home/wwwrun/.local/share/simias directory if NSS is
post-installed on the server). The Apache Server user "wwwrun" owns the configuration file.
Administrators of the iFolder 3.x server machine must use every precaution to not inadvertently
assign rights to unauthorized users.
2.16 Controlling Access to and Backing Up the
iFolder Audit Logs
By default, the iFolder server stores the audit logs in the /var/opt/novell/simias directory.
The iFolder server administrator should guarantee that rights are not inadvertently assigned to
unauthorized users. Administrators should also periodically back up the rolled-over logs in case they
are ever needed for forensic purposes. Audit logs should be monitored periodically.
Security Best Practices for Novell iFolder 3.x 15