Product Selector

Fusion 5.9
    Fusion 5.9

    LDAP ACLs V2Connector Configuration Reference

    The Active Directory Connector for ACLs indexes Access Control List (ACL) information so that it can be used by other connectors.

    Verify your connector version

    This connector depends on specific Fusion versions. See the following table for the required versions:

    Fusion version Connector version

    Fusion 5.6.1 and later

    v1.0.0 and later

    Fusion 5.9.0 and later

    v1.5.0 and later

    Fusion 5.9.1 and later

    v2.0.0 and later


    For connector downloads, see Download Connectors. For instructions on installing a connector, see Install a Connector.

    Pod limit

    The LDAP ACLs V2 connector does not support running multiple instances. Don’t run the connector on more than one pod.

    Full recrawls

    Starting in Fusion 5.7, subsequent crawls work differently with the LDAP ACLs V2 connector than other connectors. Crawls follow this process:

    1. Every time the connector crawl runs, all documents are indexed.

    2. Each document is assigned a new field, _lw_job_id_s.

    3. The connector job assigns the jobID value to this field.

    4. When the crawl finishes, the job deletes documents that do not have the latest jobID value.

    Remote connectors

    You can configure the LDAP ACLs V2 connector (v2.0.0 and later) to running remotely in Fusion versions 5.9.1 and later. Refer to Configure Remote V2 Connectors.

    Security trimming

    Starting in Fusion 5.9, you can configure the LDAP ACLs V2 connector with the SharePoint Optimized V2 connector to support security trimming. Refer to Configure Security Trimming for SharePoint Optimized V2.

    Configuration

    When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.

    The LDAP acls connector can crawl Active Directory, Azure Active Directory and OpenLDAP.

    description - string

    Optional description

    <= 125 characters

    pipeline - stringrequired

    Name of the IndexPipeline used for processing output.

    >= 1 characters

    Match pattern: ^[a-zA-Z0-9_-]+$

    diagnosticLogging - boolean

    Enable diagnostic logging; disabled by default

    Default: false

    parserId - string

    The Parser to use in the associated IndexPipeline.

    Match pattern: ^[a-zA-Z0-9_-]+$

    coreProperties - Core Properties

    Common behavior and performance settings.

    fetchSettings - Fetch Settings

    System level settings for controlling fetch behavior and performance.

    numFetchThreads - number

    Maximum number of fetch threads; defaults to 20.This setting controls the number of threads that call the Connectors fetch method.Higher values can, but not always, help with overall fetch performance.

    >= 1

    <= 500

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 20

    Multiple of: 1

    indexingThreads - number

    Maximum number of indexing threads; defaults to 4.This setting controls the number of threads in the indexing service used for processing content documents emitted by this datasource.Higher values can sometimes help with overall fetch performance.

    >= 1

    <= 10

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 4

    Multiple of: 1

    pluginInstances - number

    Maximum number of plugin instances for distributed fetching. Only specified number of plugin instanceswill do fetching. This is useful for distributing load between different instances.

    <= 500

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 0

    Multiple of: 1

    fetchResponseScheduledTimeout - number

    The maximum amount of time for a response to be scheduled. The task will be canceled if this setting is exceeded.

    >= 1000

    <= 500000

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 300000

    Multiple of: 1

    indexingInactivityTimeout - number

    The maximum amount of time to wait for indexing results (in seconds). If exceeded, the job will fail with an indexing inactivity timeout.

    >= 60

    <= 691200

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 86400

    Multiple of: 1

    pluginInactivityTimeout - number

    The maximum amount of time to wait for plugin activity (in seconds). If exceeded, the job will fail with a plugin inactivity timeout.

    >= 60

    <= 691200

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 600

    Multiple of: 1

    indexMetadata - boolean

    When enabled the metadata of skipped items will be indexed to the content collection.

    Default: false

    indexContentFields - boolean

    When enabled, content fields will be indexed to the crawl-db collection.

    Default: false

    asyncParsing - boolean

    When enabled, content will be indexed asynchronously.

    Default: false

    id - stringrequired

    A unique identifier for this Configuration.

    >= 1 characters

    Match pattern: ^[a-zA-Z0-9_-]+$

    properties - Properties

    Plugin specific properties.

    ldapHost - string

    LDAP host.

    ldapPort - number

    LDAP port.

    >= -2147483648

    <= 2147483647

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 389

    Multiple of: 1

    ldaps - boolean

    Use LDAPS to secure communication to the LDAP server.

    Default: false

    loginUserPrincipal - string

    The Crawl account user principal name of which to authenticate to LDAP.

    loginPassword - string

    The Crawl account user password of which to authenticate to LDAP.

    baseDn - string

    Base DN.

    userSearchBaseDn - string

    User Search Base DN.

    groupSearchBaseDn - string

    Group Search Base DN.

    userSearchFilter - string

    User Search Filter.

    Default: (&(objectclass=user)(sAMAccountName=*))

    groupSearchFilter - string

    Group Search Filter.

    Default: (&(objectclass=group))

    adNetbiosDomain - string

    AD Netbios domain name.

    security - Graph security filtering configuration

    enabled - boolean

    Enable query-time security-trimming

    Default: true

    additionalAttributes - array[string]

    When fetching LDAP users, you can request additional attributes to be indexed as fields such as manager, mail, phonenumber, etc.

    azureProperties - Azure AD Properties

    Properties that should be set when want to crawl Azure AD instances for additional group definitions

    tenantId - string

    If crawling Azure AD instances, supply Azure Tenant ID. This is required when listing Azure Groups from Microsoft Graph API.

    clientId - string

    If crawling Azure AD instances, supply the Azure Application's Client ID. This is required when listing Azure Groups from Microsoft Graph API.

    clientSecret - string

    If crawling Azure AD instances, supply the Azure Application's Client secret. This is required when listing Azure Groups from Microsoft Graph API.

    ignoreSSLValidation - boolean

    When crawling the Azure AD groups and users, ignore SSL validation.

    Default: true

    proxyUrl - string

    If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy url here. Format: host:port

    proxyUsername - string

    If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy username here

    proxyPassword - string

    If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy password here

    onPremisesDomainMappings - array[object]

    The onPremisesDomainName element used in the "id" of the azure-onprem-user by default will be a fqdn domain such as "engineering.lucidworks.com". Here you can specify a mapping to some other domain representation such as "eng". You should use this when the ACLs on your docs are in the form ShortDomain\Username

    object attributes:{onPremisesDomainName : {
     display name: On premises domain name
     type: string
    }
    mapToDomainName : {
     display name: Map to domain name
     type: string
    }
    }

    userBatchSize - number

    This is the $top parameter sent ot the MS users endpoint, which is the number of users returned in each api call.

    >= 1

    <= 999

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 999

    Multiple of: 1

    groupBatchSize - number

    This is the $top parameter sent ot the MS groups endpoint, which is the number of groups returned in each api call.

    >= 1

    <= 999

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 999

    Multiple of: 1

    bearerTokenExpiryMs - number

    In milliseconds, how long to re-use an authentication bearer token before obtaining a new one.

    >= 1

    <= 2147483647

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 3600000

    Multiple of: 1

    httpConnectionRequestTimeout - number

    In milliseconds, time to wait for getting a connection from the connection manager/pool. (HttpClient maintains a connection pool to manage the connections. Similar to database connection pool).

    >= 1

    <= 2147483647

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 60000

    Multiple of: 1

    httpSocketTimeout - number

    In milliseconds, max time gap between two consecutive data packets while transferring data from server to client.

    >= 1

    <= 2147483647

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 60000

    Multiple of: 1

    httpConnectTimeout - number

    In milliseconds, max time to establish a connection with remote host/server.

    >= 1

    <= 2147483647

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 30000

    Multiple of: 1

    aclZkHosts - string

    ACL colleciton solr zk hosts string.

    aclZkChroot - string

    ACL colleciton solr zk hosts chroot string.

    fetchRetryProperties - Retry Options

    A set of options for configuring retry behavior.

    maxRetries - number

    The retryer will retry failed operations in the case that they might succeed if attempted again. This parameter states the number of attempts to retry until giving up. This parameter, if specified, will override the "Stop retrying after time (milliseconds)" parameter.

    <= 100

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 3

    Multiple of: 1

    delayFactor - number

    The retryer will retry failed operations in the case that they might succeed if attempted again. The retryer will sleep an exponential amount of time after the first failed attempt and retry in exponentially incrementing amounts after each failed attempt up to the maximumTime. nextWaitTime = exponentialIncrement * multiplier.

    >= 1

    <= 9999

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 2

    Multiple of: 1

    delayMs - number

    Sets the delay between retries, exponentially backing off to the maxDelayTimeMs and multiplying successive delays by the delayFactor

    >= 1

    <= 9223372036854776000

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 1000

    Multiple of: 1

    maxDelayTimeMs - number

    The maximum time wait time between successive retries.

    >= 1

    <= 600000

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 300000

    Multiple of: 1

    maxTimeLimitMs - number

    This setting is used to limit the maximum amount of time spent on retries. Note: this will be ignored if "Maximum Retries" is specified.

    >= 1

    <= 28800000

    exclusiveMinimum: false

    exclusiveMaximum: false

    Default: 600000

    Multiple of: 1

    errorExclusions - array[string]

    Optional regex list that will be matched against failed attempts exception class and message. If any regex matches, do not retry this request. This is needed to prevent the retryer from retrying non-recoverable errors that were not already ignored by the connector implementation.