Configure IDOL Server

This section describes the configuration changes that are required in IDOL Server to enable mapped security for documents that originate from Microsoft Dynamics. For more information about configuring mapped security in IDOL Server, refer to the IDOL Document Security Administration Guide.

Content Component

The first requirement is to add a field processing rule so that the IDOL Content component can determine whether a document is protected by Dynamics security. Field processing rules are configured in the [FieldProcessing] section of the Content component configuration file.

The following example instructs the Content component to search for a field named SECURITYTYPE and check for the value DYNAMICS. You should have configured your Dynamics Connector to add this field to every document (see Retrieve and Index Access Control Lists).

[FieldProcessing]
...
29=DetectDynamicsSecurity

[DetectDynamicsSecurity]
Property=SecurityDynamics
PropertyFieldCSVs=*/SECURITYTYPE
PropertyMatch=DYNAMICS

[SecurityDynamics]
SecurityType=Dynamics_V4

The SecurityType configuration parameter provides a name for the Dynamics security type. This can be any string but you must use the same value in several other places, as described below.

After the Content component has determined that a document is protected by Dynamics security, it must process the ACL that the Dynamics Connector has added to the document in the AUTONOMYMETADATA field.

To process ACLs added to documents by the Dynamics Connector, configure custom mapped security (Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED). Document security is configured in the [Security] section of the Content component configuration file. Create a new section with the same name that you specified with the SecurityType configuration parameter, above.

[Security]
...
6=Dynamics_V4

[Dynamics_V4]
SecurityCode=6
Library=C:\HPE\IDOLServer/content/modules/mapped_security
Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED
ReferenceField=*/AUTONOMYMETADATA
SecurityACLFormat=U:<U=SLEC>:G:<G=SLEC>
SecurityACLCheck=U=[U]?P:-,G=[G]?P:F

IMPORTANT: Ensure that the SecurityACLFormat and SecurityACLCheck parameters are set exactly as shown in the example above.

Community Component

The final requirement is to configure user security so that when a user logs on to a front-end application, IDOL Server can return a security token that includes their group memberships. User security is configured in the [Security] section of the Community component configuration file.

Add a new section for Dynamics, similar to the following example:

[Security]
7=Dynamics

[Dynamics]
DocumentSecurity=TRUE
DocumentSecurityType=Dynamics_V4
GroupServerHost=localhost
GroupServerPort=3057
GroupServerRepository=Dynamics
SecurityFieldCSVs=username
CaseSensitiveUserNames=FALSE
CaseSensitiveGroupNames=FALSE

The value of the DocumentSecurityType parameter must match the value you set for the parameter SecurityType in the Content component configuration file.

The GroupServerHost and GroupServerPort parameters should specify the host name or IP address, and ACI port, of your OmniGroupServer. The GroupServerRepository parameter should specify the name of the repository that you created when you configured OmniGroupServer (see Retrieve User and Group Information).