Configure User Security

IDOL user security provides user authentication, and checks which security privileges users have in third-party repositories. This includes the retrieval of group information from OmniGroupServer.

TIP: The IDOL Community component manages a database of users. You can populate this database manually, or configure Community to populate the database from a third-party directory. For more information about users in IDOL, refer to the IDOL Community component Help.

To configure user security

  1. Open the IDOL Community component configuration file.
  2. In the [Server] section, set the following parameter.

    DeferLogin

    To automatically add users to Community the first time they log on to a front end, set DeferLogin=True. Community is populated with user information from your configured security repositories, for example your LDAP directory.

    If you want to add users to Community manually, set DeferLogin=False and add users with the UserAdd action. For more information about adding users manually, refer to the IDOL Community component Help.

  3. In the [Security] section, list the security types that you want to configure. Start numbering from 0 (zero), for example:

    [Security]
    0=NT
    1=LDAP
    2=Notes
  4. In the [Security] section, set the following parameters.

    SecurityInfoKeys

    The path of your AES key file.

    This is used to encrypt and decrypt the security strings that IDOL generates for each user. For this reason, the value of SecurityInfoKeys must be the same for each component that requires it (for example, Content, Community, and DAH must all use the same key file).

    If you need to generate a new key file, use the autpassword utility. Generate a key file in the same way as for encrypting passwords. For more information about using the autpassword utility, see Encrypt Passwords.

    CheckEntitlement To authenticate users before returning a securityinfo string, set this parameter to true. Be aware that the default value of this parameter is false, which means that a securityinfo string can be obtained without authentication.
    DefaultSecurityType An integer that specifies the security repository to use to authenticate users when the Repository action parameter is not set in the Security or UserRead action. Using the values from the example above, you would set DefaultSecurityType=0 for NT authentication and DefaultSecurityType=2 for Notes authentication.
    SyncRolesFromGroups

    Set this parameter to true to synchronize roles from NT groups. This ensures that a user's permissions and NT groups are always in sync. The default value for this parameter is false.

    GroupServerParentRole

    If you set SyncRolesFromGroups to true, GroupServerParentRole allows you to specify the parent role to which Community adds new roles that it creates. If you don’t specify a parent role with GroupServerParentRole, Community adds the new roles that it creates to the top role in the hierarchy.

    For more information about the configuration parameters that you can use, refer to the IDOL Community component Help.

  5. Create a section for each of the security types that you listed. For example:

    [NT]
    CaseSensitiveUserNames=FALSE
    CaseSensitiveGroupNames=FALSE
    Library=./modules/user_ntsecurity
    DocumentSecurity=TRUE
    DocumentSecurityType=NT_V4
    v4=true
    SecurityFieldsCSVs=username,domain
    GroupServerHost=123.45.6.7
    GroupServerPort=3057
    Domain=Autonomy
    
    [LDAP]
    Library=./modules/user_ldapsecurity
    DocumentSecurity=FALSE
    LDAPServer=ldap
    LDAPPort=389
    RDNAttribute=uid
    Group=o=Company,ou=Users
    ...
    
    [Notes]
    ...

    The parameters in each section depend on the type of repository. You can set the following parameters:

    Parameter Description
    Domain (NT security only) If you are configuring NT security, specify the name of the NT domain to use.
    Library

    The path of the library to use to authenticate users. The authentication libraries that OpenText currently supplies are:

    • user_autnsecurity. Autonomy authentication.
    • user_ntsecurity. NT authentication.
    • user_notessecurity. Lotus Notes authentication.
    • user_ldapsecurity. LDAP authentication.

    Specify the library you want to use without the file extension.

    v4 Set this parameter to true if the security section defines security for NT or Exchange data and you are using a version 4 security type.
    GroupServerHost The IP address of the machine on which your group server is located.
    GroupServerPort The ACI port of the group server.
    GroupServerParameters One or more parameters to send to the group server in addition to username. Separate multiple parameters with a comma (there must be no space before or after a comma).
    GroupServerPrefixDomain Set this parameter to true to prefix domain information to the user name when contacting the group server, so that you can handle users in different domains who have the same user name.
    GroupServerUserField The field that Community must read the user name from. Use this parameter in cases where the group server contains multiple user name fields (for example, a field that contains the full name and another field that contains a shortened name).
    CaseSensitiveUsernames A Boolean value that specifies whether user names for this security type are case sensitive. If you set this parameter to false, Community returns upper case user names.
    CaseSensitiveGroupNames A Boolean value that specifies whether group names for this security type are case-sensitive. If you set this parameter to false, Community returns upper case group names.
    DocumentSecurity

    Set DocumentSecurity to True if this user security repository corresponds to a document security module that you configured in the [Security] section of your IDOL Content component configuration file. The IDOL Community component uses this information to generate an appropriate security string for the users in this repository.

    If you set this parameter to TRUE you must also specify the name of the security module with the DocumentSecurityType parameter.

    Otherwise, set this parameter to false (for example, to use LDAP or autonomy security).

    DocumentSecurityType (If you have set DocumentSecurity to true). The name of the corresponding security module, as listed in the [Security] section of the IDOL Content component configuration file.
    SecurityFieldCSVs

    Specify one or more security fields needed for the security type. All the fields you specify with SecurityFieldCSVs must be listed in the [SecurityFields] section. Separate multiple values with a comma (there must be no space before or after a comma).

    For more information on required fields for your security types, see SecurityInfo Parameters.

  6. Save and close the configuration file.