Configure IDOL Server

This section describes the configuration changes that are required in IDOL Server to enable mapped security for documents that originate from OneDrive. For more information about configuring mapped security in IDOL Server, refer to the IDOL Document Security Administration Guide.

Content Component

The first requirement is to add a field processing rule so that the IDOL Content component can determine whether a document is protected by OneDrive security. Field processing rules are configured in the [FieldProcessing] section of the Content component configuration file.

The following example instructs the Content component to search for a field named SECURITYTYPE and check for the value ONEDRIVE. You should have configured your OneDrive Connector to add this field to every document (see Retrieve and Index Access Control Lists). If the IDOL Content component finds this field with the correct value, it applies the property named by the Property parameter, which specifies the security type.

[FieldProcessing]
...
29=DetectOneDriveSecurity

[DetectOneDriveSecurity]
Property=SecurityOneDrive
PropertyFieldCSVs=*/SECURITYTYPE
PropertyMatch=ONEDRIVE


[SecurityOneDrive]
SecurityType=OneDrive_V4

After the Content component has determined that a document is protected by OneDrive security, it must process the ACL that the OneDrive Connector has added to the document in the AUTONOMYMETADATA field.

To process ACLs added to documents by the OneDrive Connector, configure custom mapped security (Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED). Document security is configured in the [Security] section of the Content component configuration file.

[Security]
...
6=OneDrive_V4

[OneDrive_V4]
SecurityCode=6
Library=./modules/mapped_security
ReferenceField=*/AUTONOMYMETADATA
//Logging=TRUE
Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED
SecurityACLFormat=:U:<U=SLEC+>:G:<G=SLEC+>
SecurityACLCheck=U=[U]?P:-,G=[G]?P:F
EscapedEntries=TRUE

IMPORTANT: Ensure that the SecurityACLFormat and SecurityACLCheck parameters are set exactly as shown in the example above.

Community Component

The final requirement is to configure user security so that when a user logs on to a front-end application, IDOL Server can return a security token that includes their group memberships. User security is configured in the [Security] section of the Community component configuration file.

Add a new section for OneDrive, similar to the following example:

[Security]
0=OneDrive

[OneDrive]
DocumentSecurity=TRUE
GroupServerHost=localhost
GroupServerPort=3057
GroupServerRepository=OneDriveConnector
SecurityFieldCSVs=username
DocumentSecurityType=OneDrive_V4
CaseSensitiveUserNames=FALSE
CaseSensitiveGroupNames=FALSE

The GroupServerHost and GroupServerPort parameters should specify the host name or IP address, and ACI port, of your OmniGroupServer. The GroupServerRepository parameter should specify the name of the repository that you created when you configured OmniGroupServer (see Retrieve User and Group Information).