IDOL user security provides user authentication, and checks which security privileges users have in third-party repositories. This includes the retrieval of group information from OmniGroupServer.
IDOL stores a database of users. You can populate this database manually, or configure IDOL to populate the database from a third-party directory. For more information about users in IDOL, refer to the IDOL Server Administration Guide.
To configure user security
In the [Server]
section, set the following parameter.
DeferLogin
|
To automatically add users to IDOL the first time they log on to a front end, set If you want to add users to IDOL manually, set |
In the [UserSecurity]
section, list the security types that you want to configure. Start numbering from 0 (zero), for example:
[UserSecurity] 0=NT 1=LDAP 2=Notes
In the [UserSecurity]
section, set the following parameters.
CheckEntitlement
|
To authenticate users before returning a securityinfo string, set this parameter to true . Be aware that the default value of this parameter is false , which means that a securityinfo string can be obtained without authentication.
|
DefaultSecurityType
|
An integer that specifies the security repository to use to authenticate users when the Repository action parameter is not set in the Security or UserRead action. Using the values from the example above, you would set DefaultSecurityType=0 for NT authentication and DefaultSecurityType=1 for Notes authentication. |
SyncRolesFromGroups
|
Set this parameter to |
GroupServerParentRole
|
If you set |
For more information about the configuration parameters that you can use, refer to the IDOL Server Reference.
Create a section for each of the security types that you listed in the [UserSecurity]
section. For example:
[NT] CaseSensitiveUserNames=FALSE CaseSensitiveGroupNames=FALSE Library=./modules/user_ntsecurity DocumentSecurity=TRUE DocumentSecurityType=NT_V4 v4=true SecurityFieldsCSVs=username,domain GroupServerHost=123.45.6.7 GroupServerPort=3057 Domain=Autonomy [LDAP] Library=./modules/user_ldapsecurity DocumentSecurity=FALSE LDAPServer=ldap LDAPPort=389 RDNAttribute=uid Group=o=Company,ou=Users ... [Notes] ...
The parameters in each section depend on the type of repository. You can set the following parameters:
Parameter | Description |
---|---|
Domain
|
If you are configuring NT security, specify the name of the NT domain to use. |
Library
|
The path of the library to use to authenticate users. The authentication libraries that HPE currently supplies are:
Specify the library you want to use without the file extension. |
v4
|
Set this parameter to true if the security section defines security for NT or Exchange data and you are using a version 4 security type. |
GroupServerHost
|
The IP address of the machine on which your group server is located. |
GroupServerPort
|
The ACI port of the group server. |
GroupServerParameters
|
One or more parameters to send to the group server in addition to username . Separate multiple parameters with a comma (there must be no space before or after a comma). |
GroupServerPrefixDomain
|
Set this parameter to true if you want IDOL Server to prefix domain information to the user name when it contacts the group server, so that you can handle users in different domains who have the same user name. |
GroupServerUserField
|
If a group server stores multiple user name fields for a
user (for example, a field that stores the user’s full name
and another field that stores a short name for the user),
GroupServerUserField allows you to specify the
field from which IDOL Server reads the user name. |
CaseSensitiveUsernames
|
A Boolean value that specifies whether user names for this security type are case sensitive. If you set this parameter to false , IDOL Server returns upper case user names. |
CaseSensitiveGroupNames
|
A Boolean value that specifies whether group names for this security type are case-sensitive. If you set this parameter to false , IDOL Server returns upper case group names. |
DocumentSecurity
|
If the
Otherwise, set this parameter to |
DocumentSecurityType
|
(If you have set DocumentSecurity to true ). The
name of the security module, as listed in the [Security]
section, that applies to the repository against which the user is authenticated. |
SecurityFieldCSVs
|
Specify one or more security fields needed for the
security type. All the fields you specify with For more information on required fields for your security types, see SecurityInfo Parameters. |
|