Open topic with navigation

Configure the Content Component

Setting up security is only discussed briefly here. For more information, refer to the IDOL Server Administration Guide.

The document security types are listed under [Security] in the IDOL server configuration file. In most cases, you use an existing type, and you do not need to configure a new one.

The following examples use the NT security type, but for other security types the important points are the same.

Recognize the Security Type of a Document

For each document indexed, you must link the security type specified in the SECURITYTYPE field to one of the security types listed in the [Security] configuration section. You link the values by using field processing.

Under the [Field Processing] section, find the entry for your security type:

[FieldProcessing]
Number=18
...
9=DetectNT_V4Security

...

[DetectNT_V4Security]
Property=SecurityNT_V4
PropertyFieldCSVs=*/SECURITYTYPE
PropertyMatch=nt

This field process matches the string nt in the SECURITYTYPE field (which the Connector creates) to the propertySecurityNT_V4. You then configure the SecurityNT_V4 property:

[SecurityNT_V4]
SecurityType=NT_V4

This final setting links the contents of the SECURITYTYPE field to the security type specified in the [NT_V4] configuration section.

Set Up the Document Security Type

The following configuration shows a sample security section:

[Security]
SecurityInfoKeys=AESKeyFile.ky
0=NT_V4
1=Netware_V4
2=Notes_V4

The following configuration shows a sample document security type:

[NT_V4]
SecurityCode=1
Library=C:\IDOLServer/IDOL/modules/mapped_security
Type=AUTONOMY_SECURITY_V4_NT_MAPPED
ReferenceField=*/AUTONOMYMETADATA

This section defines how the IDOL Server Content component must handle security for documents of the type NT_V4, which is the security section that you have linked with the field and value SECURITYTYPE="nt".

When a user performs a query, the Content component collects a set of results. For each result, it checks to see if the user has permission to see the document, by using the specified Library to check the ACL from the document reference field and the SecurityInfo string (described in the following section) provided with the query. The library then determines whether to grant access to the user.

Query and Troubleshoot

To test that the correct documents return, use a query such as:

http://localhost:9000/?action=Query&DatabaseMatch=sharepoint2007&MaxResults=10&Text=*&SecurityInfo=MyString

Where MyString is the SecurityInfo string that describes the privileges for the user that sends the query. The IDOL Server Community component generates the SecurityInfo string for a particular user. The format of the security string depends upon the security type. It contains:

• the names of the IDOL databases to which the string applies

• the username, group membership and domain information associated with each document security type (for example NT_V4).

For a test query, choose your own query text and create the SecurityInfo string for a user. See Configure the Community Component

For troubleshooting purposes, it can be useful to add the following configuration parameters for each security type:

Logging=True
SecurityLogDirectory=C:\IDOLserver\IDOL\logs

This configuration creates a log file for the security type (such as Mapped_Security_NT_V4.log), which you can use to see why a user is denied or granted access. Entries for your documents in this log will show you that you have successfully linked the documents to a security type.

A common problem you might encounter occurs if the information in the security string is percent-encoded (for example, u=DOMAIN%5CJSMITH) but the information in the ACL is not. Set the EscapedEntries configuration parameter to True to specify that the security library must expect percent-encoded information in the security info string.