Configure OmniGroupServer

This section describes how to configure OmniGroupServer for the scenario described in Document Security Example.

TIP: For many security types, you might only need to create an empty repository to be populated with group information by the PutOGS processor that you configure in NiFi.

To configure OmniGroupServer

  1. Open the OmniGroupServer configuration file.
  2. In the [Repositories] section, create three repositories, one for the SharePoint groups, one for the Active Directory groups retrieved through LDAP, and another to combine the information. For example:

    [Repositories]
    GroupServerDefaultRepositories=Combine
    Number=3
    0=SharePointOnline
    1=LDAP
    2=Combine

    The SharePointOnline repository will be populated with group information by the PutOGS processor that you configure in NiFi.

  3. In the section that you created to retrieve the Active Directory groups, configure a task to extract the information from the directory using LDAP. You can use the following configuration parameters (for a complete list of configuration parameters, refer to the OmniGroupServer Reference).

    GroupServerLibrary The full path (including the file name) to the library that allows the group server to access the repository. Use the LDAP library.
    LDAPServer The host name or IP address of the machine that hosts the LDAP directory.
    LDAPPort The port to use to access the LDAP directory.
    LDAPBase The distinguished name of the search base.
    LDAPType The type of LDAP server (for example, Microsoft Active Directory).
    LDAPSecurityType The type of security to use when communicating with the LDAP server (for example, SSL or TLS).
    LDAPBindMethod The type of authentication to use to access the LDAP directory. To log on as the same user that is running OmniGroupServer, set this parameter to NEGOTIATE.
    KeyUserName (Optional) The name of the attribute from which to extract the user name. If you are retrieving documents from SharePoint Online and users from a local Active Directory, OpenText recommends that you set this parameter so that OmniGroupServer extracts an e-mail address rather than a user name.
    KeyGroupName (Optional) The name of the attribute from which to extract the group name. If you are retrieving documents from SharePoint Online and groups from a local Active Directory, OpenText recommends that you set this parameter so that OmniGroupServer extracts an e-mail address rather than a group name.

    For example:

    [LDAP]
    GroupServerLibrary=ogs_ldap.dll
    LDAPServer=myLDAPserver
    LDAPPort=636
    LDAPBase=DC=DOMAIN,DC=COM
    LDAPType=MAD
    LDAPSecurityType=SSL
    LDAPBindMethod=NEGOTIATE
    KeyUserName=mail
    KeyGroupName=mail
  4. In the section that you created for combining the security groups, configure a task to combine the group information. You can use the following configuration parameters (for a complete list of configuration parameters, refer to the OmniGroupServer Reference):

    GroupServerJobType The type of task that OmniGroupServer must run. Set this parameter to Combine.
    GroupServerSections The names of the repositories in the configuration file that you want to merge.
    GroupServerStartDelaySecs

    The number of seconds to wait before starting the task. Set a small delay so that the combine task begins after groups have been retrieved from Active Directory.

    For example:

    [Combine]
    GroupServerJobType=Combine
    GroupServerSections=SharepointOnline,LDAP
    GroupServerStartDelaySecs=10
  5. (Optional) You can set further parameters to define the schedule for the tasks. To run the tasks on the same schedule, set these parameters in the [Default] section. To run a task on a different schedule, set these parameters in the task section.

    GroupServerStartTime The time when a task starts.
    GroupServerRepeatSecs The number of seconds that should elapse before the Group Server repeats a task.

    For example:

    [Default]
    GroupServerStartTime=12:00
    GroupServerRepeatSecs=3600
  6. Save and close the OmniGroupServer configuration file.