LDAP ACLs V2Connector Configuration Reference
The Active Directory Connector for ACLs indexes Access Control List (ACL) information so that it can be used by other connectors.
|
Verify your connector version
This connector depends on specific Fusion versions. See the following table for the required versions:
Fusion version |
Connector version |
Fusion 5.6.1 and later |
v1.0.0 and later |
Fusion 5.9.0 and later |
v1.5.0 and later |
Fusion 5.9.1 and later |
v2.0.0 and later |
|
|
Pod limit
The LDAP ACLs V2 connector does not support running multiple instances. Don’t run the connector on more than one pod.
|
Starting in Fusion 5.7, subsequent crawls work differently with the LDAP ACLs V2 connector than other connectors. Crawls follow this process:
-
Every time the connector crawl runs, all documents are indexed.
-
Each document is assigned a new field, _lw_job_id_s
.
-
The connector job assigns the jobID
value to this field.
-
When the crawl finishes, the job deletes documents that do not have the latest jobID
value.
|
When entering configuration values in the UI, use unescaped characters, such as \t for the tab character. When entering configuration values in the API, use escaped characters, such as \\t for the tab character.
|
The LDAP acls connector can crawl Active Directory, Azure Active Directory and OpenLDAP.
description - string
Optional description
<= 125 characters
pipeline - stringrequired
Name of the IndexPipeline used for processing output.
>= 1 characters
Match pattern: ^[a-zA-Z0-9_-]+$
diagnosticLogging - boolean
Enable diagnostic logging; disabled by default
Default: false
parserId - string
The Parser to use in the associated IndexPipeline.
Match pattern: ^[a-zA-Z0-9_-]+$
coreProperties - Core Properties
Common behavior and performance settings.
fetchSettings - Fetch Settings
System level settings for controlling fetch behavior and performance.
numFetchThreads - number
Maximum number of fetch threads; defaults to 20.This setting controls the number of threads that call the Connectors fetch method.Higher values can, but not always, help with overall fetch performance.
>= 1
<= 500
exclusiveMinimum: false
exclusiveMaximum: false
Default: 20
Multiple of: 1
indexingThreads - number
Maximum number of indexing threads; defaults to 4.This setting controls the number of threads in the indexing service used for processing content documents emitted by this datasource.Higher values can sometimes help with overall fetch performance.
>= 1
<= 10
exclusiveMinimum: false
exclusiveMaximum: false
Default: 4
Multiple of: 1
pluginInstances - number
Maximum number of plugin instances for distributed fetching. Only specified number of plugin instanceswill do fetching. This is useful for distributing load between different instances.
<= 500
exclusiveMinimum: false
exclusiveMaximum: false
Default: 0
Multiple of: 1
fetchResponseScheduledTimeout - number
The maximum amount of time for a response to be scheduled. The task will be canceled if this setting is exceeded.
>= 1000
<= 500000
exclusiveMinimum: false
exclusiveMaximum: false
Default: 300000
Multiple of: 1
indexingInactivityTimeout - number
The maximum amount of time to wait for indexing results (in seconds). If exceeded, the job will fail with an indexing inactivity timeout.
>= 60
<= 691200
exclusiveMinimum: false
exclusiveMaximum: false
Default: 86400
Multiple of: 1
pluginInactivityTimeout - number
The maximum amount of time to wait for plugin activity (in seconds). If exceeded, the job will fail with a plugin inactivity timeout.
>= 60
<= 691200
exclusiveMinimum: false
exclusiveMaximum: false
Default: 600
Multiple of: 1
indexMetadata - boolean
When enabled the metadata of skipped items will be indexed to the content collection.
Default: false
indexContentFields - boolean
When enabled, content fields will be indexed to the crawl-db collection.
Default: false
asyncParsing - boolean
When enabled, content will be indexed asynchronously.
Default: false
id - stringrequired
A unique identifier for this Configuration.
>= 1 characters
Match pattern: ^[a-zA-Z0-9_-]+$
properties - Properties
Plugin specific properties.
ldapHost - string
LDAP host.
ldapPort - number
LDAP port.
>= -2147483648
<= 2147483647
exclusiveMinimum: false
exclusiveMaximum: false
Default: 389
Multiple of: 1
ldaps - boolean
Use LDAPS to secure communication to the LDAP server.
Default: false
loginUserPrincipal - string
The Crawl account user principal name of which to authenticate to LDAP.
loginPassword - string
The Crawl account user password of which to authenticate to LDAP.
userSearchBaseDn - string
User Search Base DN.
groupSearchBaseDn - string
Group Search Base DN.
userSearchFilter - string
User Search Filter.
Default: (&(objectclass=user)(sAMAccountName=*))
groupSearchFilter - string
Group Search Filter.
Default: (&(objectclass=group))
adNetbiosDomain - string
AD Netbios domain name.
security - Graph security filtering configuration
enabled - boolean
Enable query-time security-trimming
Default: true
additionalAttributes - array[string]
When fetching LDAP users, you can request additional attributes to be indexed as fields such as manager, mail, phonenumber, etc.
azureProperties - Azure AD Properties
Properties that should be set when want to crawl Azure AD instances for additional group definitions
tenantId - string
If crawling Azure AD instances, supply Azure Tenant ID. This is required when listing Azure Groups from Microsoft Graph API.
clientId - string
If crawling Azure AD instances, supply the Azure Application's Client ID. This is required when listing Azure Groups from Microsoft Graph API.
clientSecret - string
If crawling Azure AD instances, supply the Azure Application's Client secret. This is required when listing Azure Groups from Microsoft Graph API.
ignoreSSLValidation - boolean
When crawling the Azure AD groups and users, ignore SSL validation.
Default: true
proxyUrl - string
If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy url here. Format: host:port
proxyUsername - string
If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy username here
proxyPassword - string
If crawling Azure AD instances, if you need to communicate through a proxy, specify the proxy password here
onPremisesDomainMappings - array[object]
The onPremisesDomainName element used in the "id" of the azure-onprem-user by default will be a fqdn domain such as "engineering.lucidworks.com". Here you can specify a mapping to some other domain representation such as "eng". You should use this when the ACLs on your docs are in the form ShortDomain\Username
object attributes:{onPremisesDomainName
: {
display name: On premises domain name
type: string
}mapToDomainName
: {
display name: Map to domain name
type: string
}}
userBatchSize - number
This is the $top parameter sent ot the MS users endpoint, which is the number of users returned in each api call.
>= 1
<= 999
exclusiveMinimum: false
exclusiveMaximum: false
Default: 999
Multiple of: 1
groupBatchSize - number
This is the $top parameter sent ot the MS groups endpoint, which is the number of groups returned in each api call.
>= 1
<= 999
exclusiveMinimum: false
exclusiveMaximum: false
Default: 999
Multiple of: 1
bearerTokenExpiryMs - number
In milliseconds, how long to re-use an authentication bearer token before obtaining a new one.
>= 1
<= 2147483647
exclusiveMinimum: false
exclusiveMaximum: false
Default: 3600000
Multiple of: 1
httpConnectionRequestTimeout - number
In milliseconds, time to wait for getting a connection from the connection manager/pool. (HttpClient maintains a connection pool to manage the connections. Similar to database connection pool).
>= 1
<= 2147483647
exclusiveMinimum: false
exclusiveMaximum: false
Default: 60000
Multiple of: 1
httpSocketTimeout - number
In milliseconds, max time gap between two consecutive data packets while transferring data from server to client.
>= 1
<= 2147483647
exclusiveMinimum: false
exclusiveMaximum: false
Default: 60000
Multiple of: 1
httpConnectTimeout - number
In milliseconds, max time to establish a connection with remote host/server.
>= 1
<= 2147483647
exclusiveMinimum: false
exclusiveMaximum: false
Default: 30000
Multiple of: 1
aclZkHosts - string
ACL colleciton solr zk hosts string.
aclZkChroot - string
ACL colleciton solr zk hosts chroot string.
fetchRetryProperties - Retry Options
A set of options for configuring retry behavior.
maxRetries - number
The retryer will retry failed operations in the case that they might succeed if attempted again. This parameter states the number of attempts to retry until giving up. This parameter, if specified, will override the "Stop retrying after time (milliseconds)" parameter.
<= 100
exclusiveMinimum: false
exclusiveMaximum: false
Default: 3
Multiple of: 1
delayFactor - number
The retryer will retry failed operations in the case that they might succeed if attempted again. The retryer will sleep an exponential amount of time after the first failed attempt and retry in exponentially incrementing amounts after each failed attempt up to the maximumTime. nextWaitTime = exponentialIncrement * multiplier.
>= 1
<= 9999
exclusiveMinimum: false
exclusiveMaximum: false
Default: 2
Multiple of: 1
delayMs - number
Sets the delay between retries, exponentially backing off to the maxDelayTimeMs and multiplying successive delays by the delayFactor
>= 1
<= 9223372036854776000
exclusiveMinimum: false
exclusiveMaximum: false
Default: 1000
Multiple of: 1
maxDelayTimeMs - number
The maximum time wait time between successive retries.
>= 1
<= 600000
exclusiveMinimum: false
exclusiveMaximum: false
Default: 300000
Multiple of: 1
maxTimeLimitMs - number
This setting is used to limit the maximum amount of time spent on retries. Note: this will be ignored if "Maximum Retries" is specified.
>= 1
<= 28800000
exclusiveMinimum: false
exclusiveMaximum: false
Default: 600000
Multiple of: 1
errorExclusions - array[string]
Optional regex list that will be matched against failed attempts exception class and message. If any regex matches, do not retry this request. This is needed to prevent the retryer from retrying non-recoverable errors that were not already ignored by the connector implementation.