IDOL user security provides user authentication, and checks which security privileges users have in third-party repositories. This includes the retrieval of group information from OmniGroupServer.
TIP: The IDOL Community component manages a database of users. You can populate this database manually, or configure IDOL to populate the database from a third-party directory. For more information about users in IDOL, refer to the IDOL Server Administration Guide.
To configure user security
In the [Server]
section, set the following parameter.
DeferLogin
|
To automatically add users to IDOL the first time they log on to a front end, set If you want to add users to IDOL manually, set |
In the [Security]
section, list the security types that you want to configure. Start numbering from 0 (zero), for example:
[Security] 0=NT 1=LDAP 2=Notes
In the [Security]
section, set the following parameters.
SecurityInfoKeys
|
The path of your AES key file. This is used to encrypt and decrypt the security strings that IDOL generates for each user. For this reason, the value of If you need to generate a new key file, use the |
CheckEntitlement
|
To authenticate users before returning a securityinfo string, set this parameter to true . Be aware that the default value of this parameter is false , which means that a securityinfo string can be obtained without authentication.
|
DefaultSecurityType
|
An integer that specifies the security repository to use to authenticate users when the Repository action parameter is not set in the Security or UserRead action. Using the values from the example above, you would set DefaultSecurityType=0 for NT authentication and DefaultSecurityType=2 for Notes authentication. |
SyncRolesFromGroups
|
Set this parameter to |
GroupServerParentRole
|
If you set |
For more information about the configuration parameters that you can use, refer to the IDOL Community Component Reference.
Create a section for each of the security types that you listed. For example:
[NT] CaseSensitiveUserNames=FALSE CaseSensitiveGroupNames=FALSE Library=./modules/user_ntsecurity DocumentSecurity=TRUE DocumentSecurityType=NT_V4 v4=true SecurityFieldsCSVs=username,domain GroupServerHost=123.45.6.7 GroupServerPort=3057 Domain=Autonomy [LDAP] Library=./modules/user_ldapsecurity DocumentSecurity=FALSE LDAPServer=ldap LDAPPort=389 RDNAttribute=uid Group=o=Company,ou=Users ... [Notes] ...
The parameters in each section depend on the type of repository. You can set the following parameters:
Parameter | Description |
---|---|
Domain
|
(NT security only) If you are configuring NT security, specify the name of the NT domain to use. |
Library
|
The path of the library to use to authenticate users. The authentication libraries that Micro Focus currently supplies are:
Specify the library you want to use without the file extension. |
v4
|
Set this parameter to true if the security section defines security for NT or Exchange data and you are using a version 4 security type. |
GroupServerHost
|
The IP address of the machine on which your group server is located. |
GroupServerPort
|
The ACI port of the group server. |
GroupServerParameters
|
One or more parameters to send to the group server in addition to username . Separate multiple parameters with a comma (there must be no space before or after a comma). |
GroupServerPrefixDomain
|
Set this parameter to true to prefix domain information to the user name when contacting the group server, so that you can handle users in different domains who have the same user name. |
GroupServerUserField
|
The field that IDOL Community must read the user name from. Use this parameter in cases where the group server contains multiple user name fields (for example, a field that contains the full name and another field that contains a shortened name). |
CaseSensitiveUsernames
|
A Boolean value that specifies whether user names for this security type are case sensitive. If you set this parameter to false , IDOL Server returns upper case user names. |
CaseSensitiveGroupNames
|
A Boolean value that specifies whether group names for this security type are case-sensitive. If you set this parameter to false , IDOL Server returns upper case group names. |
DocumentSecurity
|
Set If you set this parameter to Otherwise, set this parameter to |
DocumentSecurityType
|
(If you have set DocumentSecurity to true ). The name of the corresponding security module, as listed in the [Security] section of the IDOL Content component configuration file. |
SecurityFieldCSVs
|
Specify one or more security fields needed for the
security type. All the fields you specify with For more information on required fields for your security types, see SecurityInfo Parameters. |