Configure User Security

IDOL user security provides user authentication, and checks which security privileges users have in third-party repositories. This includes the retrieval of group information from OmniGroupServer.

TIP:

IDOL stores a database of users. You can populate this database manually, or configure IDOL to populate the database from a third-party directory. For more information about users in IDOL, refer to the IDOL Server Administration Guide.

To configure user security

  1. Open the IDOL Server configuration file.
  2. In the [Server] section, set the following parameter.

    DeferLogin

    To automatically add users to IDOL the first time they log on to a front end, set DeferLogin=True. IDOL is populated with user information from your configured security repositories, for example your LDAP directory.

    If you want to add users to IDOL manually, set DeferLogin=False and add users with the UserAdd action. For more information about adding users manually, refer to the IDOL Server documentation.

  3. In the [UserSecurity] section, list the security types that you want to configure. Start numbering from 0 (zero), for example:

    [UserSecurity]
    0=NT
    1=LDAP
    2=Notes
  4. In the [UserSecurity] section, set the following parameters.

    CheckEntitlement To authenticate users before returning a securityinfo string, set this parameter to true. Be aware that the default value of this parameter is false, which means that a securityinfo string can be obtained without authentication.
    DefaultSecurityType An integer that specifies the security repository to use to authenticate users when the Repository action parameter is not set in the Security or UserRead action. Using the values from the example above, you would set DefaultSecurityType=0 for NT authentication and DefaultSecurityType=1 for Notes authentication.
    SyncRolesFromGroups

    Set this parameter to true to synchronize roles from NT groups. This ensures that a user's permissions and NT groups are always in sync. The default value for this parameter is false.

    GroupServerParentRole

    If you set SyncRolesFromGroups to true, GroupServerParentRole allows you to specify the parent role to which IDOL server adds new roles that it creates. If you don’t specify a parent role with GroupServerParentRole, IDOL Server adds the new roles that it creates to the top role in the hierarchy.

    For more information about the configuration parameters that you can use, refer to the IDOL Server Reference.

  5. Create a section for each of the security types that you listed in the [UserSecurity] section. For example:

    [NT]
    CaseSensitiveUserNames=FALSE
    CaseSensitiveGroupNames=FALSE
    Library=./modules/user_ntsecurity
    DocumentSecurity=TRUE
    DocumentSecurityType=NT_V4
    v4=true
    SecurityFieldsCSVs=username,domain
    GroupServerHost=123.45.6.7
    GroupServerPort=3057
    Domain=Autonomy
    
    [LDAP]
    Library=./modules/user_ldapsecurity
    DocumentSecurity=FALSE
    LDAPServer=ldap
    LDAPPort=389
    RDNAttribute=uid
    Group=o=Company,ou=Users
    ...
    
    [Notes]
    ...

    The parameters in each section depend on the type of repository. You can set the following parameters:

    Parameter Description
    Domain If you are configuring NT security, specify the name of the NT domain to use.
    Library

    The path of the library to use to authenticate users. The authentication libraries that HPE currently supplies are:

    • user_autnsecurity. Autonomy authentication.
    • user_ntsecurity. NT authentication.
    • user_notessecurity. Lotus Notes authentication.
    • user_ldapsecurity. LDAP authentication.

    Specify the library you want to use without the file extension.

    v4 Set this parameter to true if the security section defines security for NT or Exchange data and you are using a version 4 security type.
    GroupServerHost The IP address of the machine on which your group server is located.
    GroupServerPort The ACI port of the group server.
    GroupServerParameters One or more parameters to send to the group server in addition to username. Separate multiple parameters with a comma (there must be no space before or after a comma).
    GroupServerPrefixDomain Set this parameter to true if you want IDOL Server to prefix domain information to the user name when it contacts the group server, so that you can handle users in different domains who have the same user name.
    GroupServerUserField If a group server stores multiple user name fields for a user (for example, a field that stores the user’s full name and another field that stores a short name for the user), GroupServerUserField allows you to specify the field from which IDOL Server reads the user name.
    CaseSensitiveUsernames A Boolean value that specifies whether user names for this security type are case sensitive. If you set this parameter to false, IDOL Server returns upper case user names.
    CaseSensitiveGroupNames A Boolean value that specifies whether group names for this security type are case-sensitive. If you set this parameter to false, IDOL Server returns upper case group names.
    DocumentSecurity

    If the [Security] section of the configuration file lists a security module that applies to the repository against which the user is authenticated, set this parameter to true. You must specify the name of the security module with DocumentSecurityType parameter.

    Otherwise, set this parameter to false (for example, to use LDAP or autonomy security).

    DocumentSecurityType (If you have set DocumentSecurity to true). The name of the security module, as listed in the [Security] section, that applies to the repository against which the user is authenticated.
    SecurityFieldCSVs

    Specify one or more security fields needed for the security type. All the fields you specify with SecurityFieldCSVs must be listed in the [SecurityFields] section. Separate multiple values with a comma (there must be no space before or after a comma).

    For more information on required fields for your security types, see SecurityInfo Parameters.

  6. Save and close the configuration file.

_HP_HTML5_bannerTitle.htm