Setting up security is only discussed briefly here. For more information, refer to the IDOL Server Administration Guide.
The document security types are listed under [Security]
in the IDOL server configuration file. In most cases, you use an existing type, and you do not need to configure a new one.
The following examples use the NT security type, but for other security types the important points are the same.
Recognize the Security Type of a Document
For each document indexed, you must link the security type specified in the SECURITYTYPE
field to one of the security types listed in the [Security]
configuration section. You link the values by using field processing.
Under the [Field Processing]
section, find the entry for your security type:
[FieldProcessing] Number=18 ... 9=DetectNT_V4Security ... [DetectNT_V4Security] Property=SecurityNT_V4 PropertyFieldCSVs=*/SECURITYTYPE PropertyMatch=nt
This field process matches the string nt
in the SECURITYTYPE
field (which the Connector creates) to the propertySecurityNT_V4
. You then configure the SecurityNT_V4
property:
[SecurityNT_V4] SecurityType=NT_V4
This final setting links the contents of the SECURITYTYPE
field to the security type specified in the [NT_V4]
configuration section.
Set Up the Document Security Type
The following configuration shows a sample security section:
[Security] SecurityInfoKeys=AESKeyFile.ky 0=NT_V4 1=Netware_V4 2=Notes_V4
The following configuration shows a sample document security type:
[NT_V4] SecurityCode=1 Library=C:\IDOLServer/IDOL/modules/mapped_security Type=AUTONOMY_SECURITY_V4_NT_MAPPED ReferenceField=*/AUTONOMYMETADATA
This section defines how the IDOL Server Content component must handle security for documents of the type NT_V4
, which is the security section that you have linked with the field and value SECURITYTYPE="nt"
.
Parameter | Description |
---|---|
Type
|
The type of security. For a list of available types, refer to the IDOL Server Reference. |
ReferenceField
|
The name of the document field that contains the ACL, usually AUTONOMYMETADATA . |
Library
|
The file name and path of the security DLL to use with the security type. |
When a user performs a query, the Content component collects a set of results. For each result, it checks to see if the user has permission to see the document, by using the specified Library
to check the ACL from the document reference field and the SecurityInfo
string (described in the following section) provided with the query. The library then determines whether to grant access to the user.
Query and Troubleshoot
To test that the correct documents return, use a query such as:
http://localhost:9000/?action=Query&DatabaseMatch=sharepoint2007&MaxResults=10&Text=*&SecurityInfo=MyString
Where MyString
is the SecurityInfo
string that describes the privileges for the user that sends the query. The IDOL Server Community component generates the SecurityInfo string for a particular user. The format of the security string depends upon the security type. It contains:
the names of the IDOL databases to which the string applies
the username, group membership and domain information associated with each document security type (for example NT_V4
).
For a test query, choose your own query text and create the SecurityInfo string for a user. See Configure the Community Component
The encrypted form of the SecurityInfo
string must be percent-encoded.
For troubleshooting purposes, it can be useful to add the following configuration parameters for each security type:
Logging=True SecurityLogDirectory=C:\IDOLserver\IDOL\logs
This configuration creates a log file for the security type (such as Mapped_Security_NT_V4.log
), which you can use to see why a user is denied or granted access. Entries for your documents in this log will show you that you have successfully linked the documents to a security type.
A common problem you might encounter occurs if the information in the security string is percent-encoded (for example, u=DOMAIN%5CJSMITH
) but the information in the ACL is not. Set the EscapedEntries
configuration parameter to True
to specify that the security library must expect percent-encoded information in the security info string.
To troubleshoot issues with the security information, you can use the UserDecryptSecurityInfo
action to decrypt a security string, for example to check that it contains the right permissions and restrictions.
|